72 lines
2.4 KiB
YAML
72 lines
2.4 KiB
YAML
name: Deploy
|
|
run-name: Deploy
|
|
on:
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
deploy:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: 📂 Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: 🧼 Clean ref name
|
|
run: |
|
|
ORIGINAL_REF_NAME="${{ gitea.ref_name }}"
|
|
CLEAN_REF_NAME=${ORIGINAL_REF_NAME//\//-}
|
|
echo "Clean ref name: $CLEAN_REF_NAME"
|
|
echo "CLEAN_REF_NAME=$CLEAN_REF_NAME" >> $GITEA_ENV
|
|
|
|
- name: ⚙️ Configure SSH Client
|
|
run: |
|
|
sudo apt-get update && sudo apt-get install -y sshpass
|
|
mkdir -p ~/.ssh
|
|
ssh-keyscan -p 22 "${{ secrets.SSH_HOST }}" >> ~/.ssh/known_hosts
|
|
|
|
- name: 🏗️ Create docker-compose file
|
|
env:
|
|
SSHPASS: ${{ secrets.SSH_PASSWORD }}
|
|
SSH_USERNAME: ${{ secrets.SSH_USERNAME }}
|
|
SSH_HOST: ${{ secrets.SSH_HOST }}
|
|
DEPLOY_DIRECTORY: ${{ secrets.DEPLOY_DIRECTORY }}
|
|
REF_NAME: ${{ env.CLEAN_REF_NAME }}
|
|
run: |
|
|
sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" \
|
|
"mkdir -p \"$DEPLOY_DIRECTORY\" && \
|
|
cat > \"$DEPLOY_DIRECTORY/docker-compose-$REF_NAME.yml\"" \
|
|
< docker-compose.yml
|
|
|
|
- name: 🔐 Create secrets
|
|
env:
|
|
SSHPASS: ${{ secrets.SSH_PASSWORD }}
|
|
SSH_USERNAME: ${{ secrets.SSH_USERNAME }}
|
|
SSH_HOST: ${{ secrets.SSH_HOST }}
|
|
DEPLOY_DIRECTORY: ${{ secrets.DEPLOY_DIRECTORY }}
|
|
BESZEL_AGENT_KEY: ${{ secrets.BESZEL_AGENT_KEY }}
|
|
BESZEL_AGENT_TOKEN: ${{ secrets.BESZEL_AGENT_TOKEN }}
|
|
GITEA_RUNNER_REGISTRATION_TOKEN: ${{ secrets._GITEA_RUNNER_REGISTRATION_TOKEN }}
|
|
VAULTWARDEN_ADMIN_TOKEN: ${{ secrets.VAULTWARDEN_ADMIN_TOKEN }}
|
|
run: |
|
|
sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT
|
|
set -e
|
|
cd "$DEPLOY_DIRECTORY"
|
|
mkdir -p secrets
|
|
|
|
cat << 'EOF_SECRET' > secrets/beszel_agent_key.txt
|
|
$BESZEL_AGENT_KEY
|
|
EOF_SECRET
|
|
|
|
cat << 'EOF_SECRET' > secrets/beszel_agent_token.txt
|
|
$BESZEL_AGENT_TOKEN
|
|
EOF_SECRET
|
|
|
|
cat << 'EOF_SECRET' > secrets/gitea_runner_registration_token.txt
|
|
$GITEA_RUNNER_REGISTRATION_TOKEN
|
|
EOF_SECRET
|
|
|
|
cat << 'EOF_SECRET' > secrets/vaultwarden_admin_token.txt
|
|
$VAULTWARDEN_ADMIN_TOKEN
|
|
EOF_SECRET
|
|
EOT
|
|
|