name: Deploy run-name: Deploy on: workflow_dispatch: jobs: deploy: runs-on: ubuntu-latest steps: - name: 📂 Checkout repository uses: actions/checkout@v4 - name: 🧼 Clean ref name run: | ORIGINAL_REF_NAME="${{ gitea.ref_name }}" CLEAN_REF_NAME=${ORIGINAL_REF_NAME//\//-} echo "Clean ref name: $CLEAN_REF_NAME" echo "CLEAN_REF_NAME=$CLEAN_REF_NAME" >> $GITEA_ENV - name: ⚙️ Configure SSH Client run: | sudo apt-get update && sudo apt-get install -y sshpass mkdir -p ~/.ssh ssh-keyscan -p 22 "${{ secrets.SSH_HOST }}" >> ~/.ssh/known_hosts - name: 🏗️ Create docker-compose file env: SSHPASS: ${{ secrets.SSH_PASSWORD }} SSH_USERNAME: ${{ secrets.SSH_USERNAME }} SSH_HOST: ${{ secrets.SSH_HOST }} DEPLOY_DIRECTORY: ${{ secrets.DEPLOY_DIRECTORY }} REF_NAME: ${{ env.CLEAN_REF_NAME }} run: | sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" \ "mkdir -p \"$DEPLOY_DIRECTORY\" && \ cd \"$DEPLOY_DIRECTORY\" && \ rm -f docker-compose-*.yml && \ cat > \"docker-compose-$REF_NAME.yml\"" \ < docker-compose.yml - name: 🔐 Create secrets env: SSHPASS: ${{ secrets.SSH_PASSWORD }} SSH_USERNAME: ${{ secrets.SSH_USERNAME }} SSH_HOST: ${{ secrets.SSH_HOST }} DEPLOY_DIRECTORY: ${{ secrets.DEPLOY_DIRECTORY }} BESZEL_AGENT_KEY: ${{ secrets.BESZEL_AGENT_KEY }} BESZEL_AGENT_TOKEN: ${{ secrets.BESZEL_AGENT_TOKEN }} GITEA_RUNNER_REGISTRATION_TOKEN: ${{ secrets._GITEA_RUNNER_REGISTRATION_TOKEN }} VAULTWARDEN_ADMIN_TOKEN: ${{ secrets.VAULTWARDEN_ADMIN_TOKEN }} run: | sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT set -e cd "$DEPLOY_DIRECTORY" mkdir -p secrets cat << 'EOF_SECRET' > secrets/beszel_agent_key.txt $BESZEL_AGENT_KEY EOF_SECRET cat << 'EOF_SECRET' > secrets/beszel_agent_token.txt $BESZEL_AGENT_TOKEN EOF_SECRET cat << 'EOF_SECRET' > secrets/gitea_runner_registration_token.txt $GITEA_RUNNER_REGISTRATION_TOKEN EOF_SECRET cat << 'EOF_SECRET' > secrets/vaultwarden_admin_token.txt $VAULTWARDEN_ADMIN_TOKEN EOF_SECRET chmod 700 secrets chmod 600 secrets/*.txt EOT - name: 🚀 Run new containers env: SSHPASS: ${{ secrets.SSH_PASSWORD }} SSH_USERNAME: ${{ secrets.SSH_USERNAME }} SSH_HOST: ${{ secrets.SSH_HOST }} DEPLOY_DIRECTORY: ${{ secrets.DEPLOY_DIRECTORY }} REF_NAME: ${{ env.CLEAN_REF_NAME }} TELEGRAM_TOKEN: ${{ secrets.DEPLOY_TELEGRAM_BOT_TOKEN }} TELEGRAM_CHAT: ${{ secrets.DEPLOY_TELEGRAM_CHAT_ID }} PROXY_HOST: ${{ secrets.PROXY_HOST }} PROXY_PORT: ${{ secrets.PROXY_PORT }} PROXY_USER: ${{ secrets.PROXY_USER }} PROXY_PASSWORD: ${{ secrets.PROXY_PASSWORD }} run: | sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT set -e cd "$DEPLOY_DIRECTORY" nohup bash -c ' sleep 5 if docker compose -f "docker-compose-${REF_NAME}.yml" up -d --remove-orphans > /tmp/docker_deploy.log 2>&1; then ESCAPED_REF=\$(echo "${REF_NAME}" | sed "s/-/\\\\-/g" | sed "s/\./\\\\./g") TEXT="🚀 *Деплой успешен\!* %0AСервер применил релиз: \`\$ESCAPED_REF\`" # ИСПРАВЛЕНО: Восстановлен верный URL api.telegram.org/bot\$TELEGRAM_TOKEN/ curl -s -X POST "https://telegram.org\${TELEGRAM_TOKEN}/sendMessage" \ --proxy "http://${PROXY_USER}:${PROXY_PASSWORD}@${PROXY_HOST}:${PROXY_PORT}" \ -d "chat_id=${TELEGRAM_CHAT}" \ -d "parse_mode=MarkdownV2" \ -d "text=\$TEXT" > /dev/null else ERROR_LOG=\$(tail -n 10 /tmp/docker_deploy.log) ESCAPED_LOG=\$(echo "\$ERROR_LOG" | sed "s/-/\\\\-/g" | sed "s/\./\\\\./g" | sed "s/!/\\\\!/g") TEXT="❌ *Ошибка деплоя релиза ${REF_NAME}\!* %0A%0A\`\`\`%0A\$ESCAPED_LOG%0A\`\`\`" # ИСПРАВЛЕНО: Здесь URL тоже приведен к стандарту Telegram API curl -s -X POST "https://telegram.org\${TELEGRAM_TOKEN}/sendMessage" \ --proxy "http://${PROXY_USER}:${PROXY_PASSWORD}@${PROXY_HOST}:${PROXY_PORT}" \ -d "chat_id=${TELEGRAM_CHAT}" \ -d "parse_mode=MarkdownV2" \ -d "text=\$TEXT" > /dev/null fi rm -f /tmp/docker_deploy.log ' > /dev/null 2>&1 & EOT echo "New containers will be started after 5 seconds"