Skip to content

ci: update SSH action version and enhance deployment script #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
Adjanour merged 1 commit into from
Feb 25, 2026
Merged

ci: update SSH action version and enhance deployment script #5

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 11 additions & 2 deletions .github/workflows/deploy.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -59,13 +59,22 @@ jobs:
- uses: actions/checkout@v4

- name: Deploy via SSH
uses: appleboy/ssh-action@v1
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.VPS_HOST }}
username: ${{ secrets.VPS_USER }}
key: ${{ secrets.VPS_SSH_KEY }}
script: |
cd /opt/orcta-stack
set -e

# Configuration
REPO_NAME="orcta-stack"
APP_DIR="/srv/apps/$REPO_NAME"
BRANCH="${{ github.ref_name }}"
Copy link

Copilot AI Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

BRANCH is defined from github.ref_name but never used in the script. This adds confusion about what is actually being deployed; either use it (e.g., to check out/pull the correct branch on the server) or remove it.

Suggested change
BRANCH="${{ github.ref_name }}"

Copilot uses AI. Check for mistakes.

# Create app directory if it doesn't exist
mkdir -p "$APP_DIR"
cd "$APP_DIR"
Comment on lines +72 to +77
Copy link

Copilot AI Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Switching the deploy path to /srv/apps/... assumes the SSH user has permission to create/write there. If ${{ secrets.VPS_USER }} is not root (or doesn’t have the right ACLs), mkdir -p "$APP_DIR" will fail; consider using a path that matches the user's permissions, or explicitly using sudo after confirming the runner user can elevate.

Copilot uses AI. Check for mistakes.

Copy link

Copilot AI Feb 25, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The script now creates and cds into $APP_DIR, but it doesn't ensure that required deployment files (e.g. docker-compose.prod.yml referenced later) exist in that directory. On a fresh host (or if the directory is empty), the subsequent docker compose -f docker-compose.prod.yml ... commands will fail; consider adding a guard with a clear error (or cloning/pulling the repo into $APP_DIR as part of the script).

Suggested change
# Ensure required deployment file exists
if [ ! -f docker-compose.prod.yml ]; then
echo "Error: docker-compose.prod.yml not found in $APP_DIR. Ensure the deployment repository is cloned and files are present before running this workflow."
exit 1
fi

Copilot uses AI. Check for mistakes.
# Pull the new image
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
Expand Down