103 lines
3.7 KiB
YAML
103 lines
3.7 KiB
YAML
name: Build and Deploy
|
|
|
|
on:
|
|
workflow_run:
|
|
workflows: [CI]
|
|
types: [completed]
|
|
branches: [main]
|
|
workflow_dispatch:
|
|
|
|
env:
|
|
REGISTRY: ${{ vars.REGISTRY || '10.100.0.2:3000' }}
|
|
IMAGE_NAME: ${{ github.repository }}
|
|
RESOLVED_SHA: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.head_sha || github.sha }}
|
|
RESOLVED_REF: ${{ github.event_name == 'workflow_run' && github.event.workflow_run.head_branch || github.ref_name }}
|
|
|
|
jobs:
|
|
build:
|
|
if: |
|
|
github.event_name == 'workflow_dispatch' ||
|
|
(github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success')
|
|
runs-on: [linux, docker]
|
|
container:
|
|
image: catthehacker/ubuntu:act-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ env.RESOLVED_SHA }}
|
|
- name: Login to Docker Hub
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: docker.io
|
|
username: ${{ vars.DOCKERHUB_USERNAME }}
|
|
password: ${{ secrets.DOCKERHUB_TOKEN }}
|
|
- name: Set up Docker Buildx
|
|
uses: docker/setup-buildx-action@v3
|
|
with:
|
|
driver: docker
|
|
- name: Login to Registry
|
|
uses: docker/login-action@v3
|
|
with:
|
|
registry: ${{ env.REGISTRY }}
|
|
username: ${{ github.actor }}
|
|
password: ${{ secrets.REGISTRY_PASSWORD || secrets.GITHUB_TOKEN }}
|
|
- name: Build and push
|
|
uses: docker/build-push-action@v5
|
|
with:
|
|
context: .
|
|
push: true
|
|
tags: |
|
|
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.RESOLVED_SHA }}
|
|
${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
|
|
provenance: false
|
|
|
|
deploy:
|
|
runs-on: [linux, docker]
|
|
needs: build
|
|
if: |
|
|
github.event_name == 'workflow_dispatch' ||
|
|
(github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_branch == 'main')
|
|
container:
|
|
image: catthehacker/ubuntu:act-latest
|
|
env:
|
|
DEPLOY_HOST: ${{ vars.DEPLOY_HOST }}
|
|
DEPLOY_USER: ${{ vars.DEPLOY_USER || 'deploy' }}
|
|
DEPLOY_PORT: ${{ vars.DEPLOY_PORT || '22' }}
|
|
DEPLOY_PATH: ${{ vars.DEPLOY_PATH || '/opt/vault-dash' }}
|
|
DEPLOY_SSH_PRIVATE_KEY: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY }}
|
|
APP_IMAGE: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.RESOLVED_SHA }}
|
|
APP_ENV: production
|
|
APP_NAME: Vault Dashboard
|
|
APP_PORT: "8000"
|
|
TURNSTILE_SITE_KEY: ${{ vars.TURNSTILE_SITE_KEY }}
|
|
TURNSTILE_SECRET_KEY: ${{ secrets.TURNSTILE_SECRET_KEY }}
|
|
DATABENTO_API_KEY: ${{ secrets.DATABENTO_API_KEY }}
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
ref: ${{ env.RESOLVED_SHA }}
|
|
|
|
- name: Install dependencies
|
|
run: |
|
|
apt-get update && apt-get install -y bash openssh-client curl
|
|
mkdir -p ~/.ssh
|
|
chmod 700 ~/.ssh
|
|
|
|
- name: Setup SSH key
|
|
run: |
|
|
# Handle base64-encoded key (recommended) or raw key
|
|
mkdir -p ~/.ssh && chmod 700 ~/.ssh
|
|
if echo "$DEPLOY_SSH_PRIVATE_KEY" | base64 -d > ~/.ssh/id_ed25519 2>/dev/null; then
|
|
echo "Decoded base64 key"
|
|
else
|
|
printf '%s\n' "$DEPLOY_SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
|
|
fi
|
|
chmod 600 ~/.ssh/id_ed25519
|
|
ssh-keyscan -p "${DEPLOY_PORT:-22}" "${DEPLOY_HOST}" >> ~/.ssh/known_hosts 2>/dev/null || true
|
|
|
|
- name: Deploy
|
|
run: |
|
|
test -n "$DEPLOY_HOST" || (echo "DEPLOY_HOST must be set" && exit 1)
|
|
test -n "$DEPLOY_SSH_PRIVATE_KEY" || (echo "DEPLOY_SSH_PRIVATE_KEY must be set" && exit 1)
|
|
bash scripts/deploy-actions.sh |