fix: scale service to 0 before secret rotation to avoid AlreadyExists error
Some checks failed
NALU Deployment Pipeline / Run Tests (push) Successful in 1m7s
NALU Deployment Pipeline / PR Validation (push) Has been skipped
NALU Deployment Pipeline / Build and Push Image (push) Failing after 3m51s
NALU Deployment Pipeline / Deploy naluai.dev (push) Has been skipped
NALU Deployment Pipeline / Cleanup Old Resources (push) Has been skipped
Some checks failed
NALU Deployment Pipeline / Run Tests (push) Successful in 1m7s
NALU Deployment Pipeline / PR Validation (push) Has been skipped
NALU Deployment Pipeline / Build and Push Image (push) Failing after 3m51s
NALU Deployment Pipeline / Deploy naluai.dev (push) Has been skipped
NALU Deployment Pipeline / Cleanup Old Resources (push) Has been skipped
Docker Swarm refuses to delete secrets in use by running services. Scale nalu_app to 0 first, then rotate, then stack deploy re-creates. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
parent
c5cb9df468
commit
958e71d9bf
@ -91,12 +91,8 @@ jobs:
|
||||
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
printf '%s' "${SSH_PRIVATE_KEY}" | tr -d '\r' | sed 's/\\n/\n/g' > ~/.ssh/id_rsa
|
||||
echo "" >> ~/.ssh/id_rsa
|
||||
echo "${SSH_PRIVATE_KEY}" | base64 -d > ~/.ssh/id_rsa
|
||||
chmod 600 ~/.ssh/id_rsa
|
||||
# debug key format (no content exposed)
|
||||
head -1 ~/.ssh/id_rsa
|
||||
wc -l ~/.ssh/id_rsa
|
||||
ssh-keyscan -H ${{ env.SWARM_MANAGER }} >> ~/.ssh/known_hosts 2>/dev/null
|
||||
|
||||
- name: Build image on ARM server
|
||||
@ -205,8 +201,7 @@ jobs:
|
||||
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
printf '%s' "${SSH_PRIVATE_KEY}" | tr -d '\r' | sed 's/\\n/\n/g' > ~/.ssh/id_rsa
|
||||
echo "" >> ~/.ssh/id_rsa
|
||||
echo "${SSH_PRIVATE_KEY}" | base64 -d > ~/.ssh/id_rsa
|
||||
chmod 600 ~/.ssh/id_rsa
|
||||
ssh-keyscan -H ${{ env.SWARM_MANAGER }} >> ~/.ssh/known_hosts 2>/dev/null
|
||||
|
||||
@ -216,6 +211,10 @@ jobs:
|
||||
ssh -o StrictHostKeyChecking=no ubuntu@${{ env.SWARM_MANAGER }} << SSHEOF
|
||||
set -e
|
||||
|
||||
# ── Scale down so secrets can be rotated ─────────────────────────
|
||||
docker service scale nalu_app=0 2>/dev/null || true
|
||||
sleep 5
|
||||
|
||||
# ── Create/update Docker secrets ─────────────────────────────────
|
||||
update_secret() {
|
||||
local name=\$1
|
||||
@ -267,8 +266,7 @@ jobs:
|
||||
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
|
||||
run: |
|
||||
mkdir -p ~/.ssh
|
||||
printf '%s' "${SSH_PRIVATE_KEY}" | tr -d '\r' | sed 's/\\n/\n/g' > ~/.ssh/id_rsa
|
||||
echo "" >> ~/.ssh/id_rsa
|
||||
echo "${SSH_PRIVATE_KEY}" | base64 -d > ~/.ssh/id_rsa
|
||||
chmod 600 ~/.ssh/id_rsa
|
||||
ssh-keyscan -H ${{ env.SWARM_MANAGER }} >> ~/.ssh/known_hosts 2>/dev/null
|
||||
ssh-keyscan -H ${{ env.SWARM_WORKER }} >> ~/.ssh/known_hosts 2>/dev/null
|
||||
|
||||
Loading…
Reference in New Issue
Block a user