name: 🚀 Deploy run-name: '🚀 Deploy: ${{ gitea.ref_name }} by @${{ gitea.actor }}' on: workflow_dispatch: jobs: deploy: runs-on: ubuntu-latest steps: - name: 📂 Checkout repository uses: actions/checkout@v4 - name: 🧼 Clean ref name run: | ORIGINAL_REF_NAME="${{ gitea.ref_name }}" CLEAN_REF_NAME=${ORIGINAL_REF_NAME//\//-} echo "Clean ref name: $CLEAN_REF_NAME" echo "CLEAN_REF_NAME=$CLEAN_REF_NAME" >> $GITEA_ENV - name: ⚙️ Configure ssh client uses: ./.gitea/actions/configure-ssh-client with: ssh_host: ${{ secrets.SSH_HOST }} - name: 🏗️ Create docker-compose file env: SSHPASS: ${{ secrets.SSH_PASSWORD }} SSH_USERNAME: ${{ secrets.SSH_USERNAME }} SSH_HOST: ${{ secrets.SSH_HOST }} DEPLOY_DIRECTORY: ${{ secrets.DEPLOY_DIRECTORY }} REF_NAME: ${{ env.CLEAN_REF_NAME }} run: | sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" \ "mkdir -p \"$DEPLOY_DIRECTORY\" && \ cd \"$DEPLOY_DIRECTORY\" && \ rm -f docker-compose-*.yml && \ cat > \"docker-compose-$REF_NAME.yml\"" \ < docker-compose.yml - name: 🔐 Create secrets env: SSHPASS: ${{ secrets.SSH_PASSWORD }} SSH_USERNAME: ${{ secrets.SSH_USERNAME }} SSH_HOST: ${{ secrets.SSH_HOST }} DEPLOY_DIRECTORY: ${{ secrets.DEPLOY_DIRECTORY }} BESZEL_AGENT_KEY: ${{ secrets.BESZEL_AGENT_KEY }} BESZEL_AGENT_TOKEN: ${{ secrets.BESZEL_AGENT_TOKEN }} GITEA_RUNNER_REGISTRATION_TOKEN: ${{ secrets.RUNNER_REGISTRATION_TOKEN }} VAULTWARDEN_ADMIN_TOKEN: ${{ secrets.VAULTWARDEN_ADMIN_TOKEN }} run: | sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT set -e cd "$DEPLOY_DIRECTORY" mkdir -p secrets cat << 'EOF_SECRET' > secrets/beszel_agent_key.txt $BESZEL_AGENT_KEY EOF_SECRET cat << 'EOF_SECRET' > secrets/beszel_agent_token.txt $BESZEL_AGENT_TOKEN EOF_SECRET cat << 'EOF_SECRET' > secrets/gitea_runner_registration_token.txt $GITEA_RUNNER_REGISTRATION_TOKEN EOF_SECRET cat << 'EOF_SECRET' > secrets/vaultwarden_admin_token.txt $VAULTWARDEN_ADMIN_TOKEN EOF_SECRET chmod 700 secrets chmod 600 secrets/*.txt EOT - name: 🚀 Run new containers env: SSHPASS: ${{ secrets.SSH_PASSWORD }} SSH_USERNAME: ${{ secrets.SSH_USERNAME }} SSH_HOST: ${{ secrets.SSH_HOST }} DEPLOY_DIRECTORY: ${{ secrets.DEPLOY_DIRECTORY }} REF_NAME: ${{ env.CLEAN_REF_NAME }} TELEGRAM_TOKEN: ${{ secrets.TELEGRAM_DEPLOY_BOT_TOKEN }} TELEGRAM_CHAT: ${{ secrets.TELEGRAM_DEPLOY_CHAT_ID }} PROXY_URL: ${{ secrets.PROXY_URL }} run: | sshpass -e ssh -p 22 "$SSH_USERNAME@$SSH_HOST" bash -s << EOT set -e cd "$DEPLOY_DIRECTORY" nohup bash -c ' sleep 10 if docker compose --dry-run -f "docker-compose-${REF_NAME}.yml" up -d --remove-orphans > /tmp/docker_deploy.log 2>&1; then curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_TOKEN}/sendMessage" \ --proxy "${PROXY_URL}" \ -d "chat_id=${TELEGRAM_CHAT}" \ -d "parse_mode=HTML" \ --data-urlencode "text=✅ Деплой успешен! Сервер применил релиз: ${REF_NAME}" > /dev/null else curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_TOKEN}/sendMessage" \ --proxy "${PROXY_URL}" \ -d "chat_id=${TELEGRAM_CHAT}" \ -d "parse_mode=HTML" \ --data-urlencode "text=❌ Ошибка деплоя! Сервер не применил релиз: ${REF_NAME}" > /dev/null curl -s -X POST "https://api.telegram.org/bot${TELEGRAM_TOKEN}/sendDocument" \ --proxy "${PROXY_URL}" \ -F "chat_id=${TELEGRAM_CHAT}" \ -F "document=@/tmp/docker_deploy.log" \ -F "caption=logs" > /dev/null fi rm -f /tmp/docker_deploy.log ' > /dev/null 2>&1 & EOT echo "New containers will be started after 10 seconds"