diff --git a/.gitea/workflows/cd.yaml b/.gitea/workflows/cd.yaml index edb88078..b667ea41 100644 --- a/.gitea/workflows/cd.yaml +++ b/.gitea/workflows/cd.yaml @@ -332,7 +332,7 @@ jobs: - name: Deploy to K8s (ArgoCD GitOps) env: SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_KEY }} - GITEA_TOKEN: ${{ secrets.GITEA_CD_TOKEN }} + GITEA_TOKEN: ${{ secrets.CD_PUSH_TOKEN }} run: | mkdir -p ~/.ssh echo "$SSH_PRIVATE_KEY" > ~/.ssh/deploy_key diff --git a/docs/adr/ADR-069-infra-gitops-sprint-b.md b/docs/adr/ADR-069-infra-gitops-sprint-b.md index 0057df3c..d269bb5c 100644 --- a/docs/adr/ADR-069-infra-gitops-sprint-b.md +++ b/docs/adr/ADR-069-infra-gitops-sprint-b.md @@ -47,7 +47,7 @@ Gitea Actions 原生支援此標記,不會觸發新的 CD run。 ### 新增 Secret -`GITEA_CD_TOKEN`: Gitea Personal Access Token,用於 CD pipeline push kustomization.yaml +`CD_PUSH_TOKEN`: Gitea Personal Access Token,用於 CD pipeline push kustomization.yaml - 建立:Gitea → Settings → Applications → Generate Token - 權限:`write:repository` - 加到 Gitea Repository Secrets: Settings → Secrets → Add Secret @@ -62,13 +62,13 @@ Gitea Actions 原生支援此標記,不會觸發新的 CD run。 ### 注意事項 -- `secrets.GITEA_CD_TOKEN` 需手動在 Gitea 建立並設定 +- `secrets.CD_PUSH_TOKEN` 需手動在 Gitea 建立並設定 - CD pipeline 現在有 `git push` 操作,需確保 runner 有網路存取 Gitea (192.168.0.110:3001) - ArgoCD `ignoreDifferences` 排除 Deployment image 欄位,否則 ArgoCD 會顯示 OutOfSync ## 設定清單 - [ ] 在 Gitea 建立 Personal Access Token(write:repository 權限) -- [ ] 加到 Gitea Repository Secrets: `GITEA_CD_TOKEN` +- [ ] 加到 Gitea Repository Secrets: `CD_PUSH_TOKEN` - [ ] 確認 ArgoCD Application 已建立:`kubectl get app awoooi-prod -n argocd` - [ ] 確認 ArgoCD 可存取 Gitea:檢查 ArgoCD Repo Server 網路策略 diff --git a/scripts/ops/backup-from-110.sh b/scripts/ops/backup-from-110.sh index baad500a..f0cda3ee 100644 --- a/scripts/ops/backup-from-110.sh +++ b/scripts/ops/backup-from-110.sh @@ -24,8 +24,9 @@ # ============================================================================= set -euo pipefail -LOG="/var/log/backup-from-110.log" -LAST_SUCCESS_FILE="/var/run/backup-110.last_success" +BACKUP_ROOT="${BACKUP_ROOT:-/home/ollama/backup/110}" +LOG="${BACKUP_ROOT}/backup.log" +LAST_SUCCESS_FILE="${BACKUP_ROOT}/last_success" DATE=$(date +%Y%m%d-%H%M%S) ERRORS=0 @@ -40,7 +41,7 @@ log "Backing up Harbor registry..." if rsync -avz --delete \ -e "ssh -o StrictHostKeyChecking=accept-new -o ConnectTimeout=10" \ wooo@192.168.0.110:/var/lib/docker/volumes/harbor_harbor-data/_data/ \ - /backup/110/harbor/ >> "$LOG" 2>&1; then + ${BACKUP_ROOT}/harbor/ >> "$LOG" 2>&1; then log "✅ Harbor backup OK" else log "❌ ERROR: Harbor backup failed" @@ -52,7 +53,7 @@ log "Backing up Gitea repos..." if rsync -avz --delete \ -e "ssh -o StrictHostKeyChecking=accept-new -o ConnectTimeout=10" \ wooo@192.168.0.110:/var/lib/docker/volumes/gitea_gitea-data/_data/ \ - /backup/110/gitea/ >> "$LOG" 2>&1; then + ${BACKUP_ROOT}/gitea/ >> "$LOG" 2>&1; then log "✅ Gitea backup OK" else log "❌ ERROR: Gitea backup failed" @@ -66,7 +67,7 @@ if ssh -o StrictHostKeyChecking=accept-new -o ConnectTimeout=5 \ if rsync -avz \ -e "ssh -o StrictHostKeyChecking=accept-new -o ConnectTimeout=10" \ wooo@192.168.0.110:/home/wooo/bitan-pharmacy.git/ \ - /backup/110/bitan-pharmacy.git/ >> "$LOG" 2>&1; then + ${BACKUP_ROOT}/bitan-pharmacy.git/ >> "$LOG" 2>&1; then log "✅ bitan-pharmacy.git backup OK" else log "⚠️ bitan-pharmacy.git backup failed (non-fatal)"