Skip to content

Deploy from ci #16

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
externl merged 2 commits into from
Dec 19, 2025
Merged

Deploy from ci #16

Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
8b21dda
Deploy from ci
externl Dec 19, 2025
8c45e72
Conditional deploy
externl Dec 19, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
61 changes: 58 additions & 3 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -5,12 +5,67 @@ on:
branches: ["main"]
pull_request:
branches: ["main"]
schedule:
- cron: "0 0 * * 0"
Copy link
Member

@pepone pepone Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Why do we run this with cron?

Copy link
Member Author

@externl externl Dec 19, 2025
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

To update the underlying base container. It's good to keep the base image updated.


jobs:
build-container:
build-push-deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Build container
run: docker build -t hello-icerpc .

- name: Login to Docker Hub
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}

- name: Login to GHCR
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.GITHUB_TOKEN }}

- name: Set up QEMU
uses: docker/setup-qemu-action@v3

- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

- name: Build and push
uses: docker/build-push-action@v6
with:
push: ${{ github.event_name != 'pull_request' }}
platforms: linux/amd64,linux/arm64
tags: |
icerpc/hello:latest
ghcr.io/icerpc/hello:latest
cache-from: type=gha
cache-to: type=gha,mode=max

- name: Deploy
uses: appleboy/ssh-action@v1.0.3
if: github.event_name != 'pull_request'
with:
host: ${{ secrets.HELLO_HOST }}
username: ${{ secrets.HELLO_USERNAME }}
key: ${{ secrets.SSH_DEPLOY_KEY }}
script_stop: true
script: |
cd /opt/hello
docker login ghcr.io -u ${{ github.actor }} -p ${{ secrets.GITHUB_TOKEN }}
Copy link

Copilot AI Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The GitHub token used in the remote deployment script may not work. The ${{ secrets.GITHUB_TOKEN }} is a workflow-scoped token that typically expires after the workflow completes, and it may not be accessible from within the SSH session. Consider using a Personal Access Token (PAT) or GitHub App token stored as a secret instead.

Copilot uses AI. Check for mistakes.
docker compose pull hello-icerpc
docker compose up -d hello-icerpc
docker system prune -f

- name: Delete old container images
uses: actions/delete-package-versions@v5
with:
package-name: hello
package-type: container
min-versions-to-keep: 10
delete-only-untagged-versions: true
Comment on lines +65 to +71
Copy link

Copilot AI Dec 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The "Delete old container images" step is missing the if: github.event_name != 'pull_request' condition. Like the Deploy step, this cleanup action should only run for push and schedule events, not for pull requests where no images are pushed.

Copilot uses AI. Check for mistakes.