Hartmut/CapaKraken
1
0
Fork 0
Code Issues 10 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
22cff9648efc5e0b6d1d481833e79aeb5bc6d2b4
CapaKraken/.github/workflows/deploy-prod.yml
T

87 lines
3.1 KiB
YAML
Raw Blame History

name: Deploy Production
on:
workflow_dispatch:
inputs:
image_tag:
description: Image tag to promote to production, for example sha-<commit>
required: true
type: string
permissions:
contents: read
jobs:
deploy:
name: Deploy To Production
runs-on: ubuntu-latest
environment: production
timeout-minutes: 30
concurrency:
group: deploy-production
cancel-in-progress: false
steps:
- uses: actions/checkout@v4
- id: vars
name: Resolve image refs
run: |
owner="$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]')"
repo="$(basename '${{ github.repository }}' | tr '[:upper:]' '[:lower:]')"
image_tag="${{ inputs.image_tag }}"
echo "app_image=ghcr.io/${owner}/${repo}-app:${image_tag}" >> "$GITHUB_OUTPUT"
echo "migrator_image=ghcr.io/${owner}/${repo}-migrator:${image_tag}" >> "$GITHUB_OUTPUT"
- name: Prepare SSH
env:
SSH_PRIVATE_KEY: ${{ secrets.PROD_SSH_KEY }}
SSH_HOST: ${{ secrets.PROD_SSH_HOST }}
SSH_PORT: ${{ secrets.PROD_SSH_PORT }}
run: |
install -m 700 -d ~/.ssh
printf '%s\n' "${SSH_PRIVATE_KEY}" > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
ssh-keyscan -p "${SSH_PORT:-22}" -H "${SSH_HOST}" >> ~/.ssh/known_hosts
- name: Bundle deploy assets
run: tar czf deploy-bundle.tgz docker-compose.cicd.yml tooling/deploy
- name: Copy deploy assets to production
env:
SSH_PORT: ${{ secrets.PROD_SSH_PORT }}
run: |
ssh -p "${SSH_PORT:-22}" "${{ secrets.PROD_SSH_USER }}@${{ secrets.PROD_SSH_HOST }}" \
"mkdir -p '${{ secrets.PROD_DEPLOY_PATH }}'"
scp -P "${SSH_PORT:-22}" deploy-bundle.tgz \
"${{ secrets.PROD_SSH_USER }}@${{ secrets.PROD_SSH_HOST }}:${{ secrets.PROD_DEPLOY_PATH }}/deploy-bundle.tgz"
- name: Run production deployment
env:
APP_IMAGE: ${{ steps.vars.outputs.app_image }}
MIGRATOR_IMAGE: ${{ steps.vars.outputs.migrator_image }}
APP_HOST_PORT: ${{ secrets.PROD_APP_HOST_PORT }}
GHCR_USERNAME: ${{ secrets.PROD_GHCR_USERNAME }}
GHCR_TOKEN: ${{ secrets.PROD_GHCR_TOKEN }}
SSH_PORT: ${{ secrets.PROD_SSH_PORT }}
run: |
cat > deploy.env <<EOF
APP_IMAGE=${APP_IMAGE}
MIGRATOR_IMAGE=${MIGRATOR_IMAGE}
APP_HOST_PORT=${APP_HOST_PORT}
GHCR_USERNAME=${GHCR_USERNAME}
GHCR_TOKEN=${GHCR_TOKEN}
EOF
scp -P "${SSH_PORT:-22}" deploy.env \
"${{ secrets.PROD_SSH_USER }}@${{ secrets.PROD_SSH_HOST }}:${{ secrets.PROD_DEPLOY_PATH }}/deploy.env"
ssh -p "${SSH_PORT:-22}" "${{ secrets.PROD_SSH_USER }}@${{ secrets.PROD_SSH_HOST }}" 'bash -se' <<'EOF'
set -euo pipefail
cd "${{ secrets.PROD_DEPLOY_PATH }}"
tar xzf deploy-bundle.tgz
rm -f deploy-bundle.tgz
set -a
. ./deploy.env
set +a
bash tooling/deploy/deploy-compose.sh production
rm -f deploy.env
EOF
Reference in New Issue View Git Blame Copy Permalink