-
Notifications
You must be signed in to change notification settings - Fork 0
112 lines (103 loc) · 3.72 KB
/
deploy.yml
File metadata and controls
112 lines (103 loc) · 3.72 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
name: Deploy
on:
workflow_run:
workflows: ['CI']
types: [completed]
branches: ['main']
workflow_dispatch:
concurrency:
group: deploy-main
cancel-in-progress: true
jobs:
deploy:
if: |
github.event_name == 'workflow_dispatch' ||
(
github.event_name == 'workflow_run' &&
github.event.workflow_run.conclusion == 'success' &&
github.event.workflow_run.head_branch == 'main'
)
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
env:
REGISTRY: ghcr.io
steps:
- name: Checkout workflow run commit
if: github.event_name == 'workflow_run'
uses: actions/checkout@v4
with:
ref: ${{ github.event.workflow_run.head_sha }}
- name: Checkout manual dispatch ref
if: github.event_name == 'workflow_dispatch'
uses: actions/checkout@v4
- name: Set deployment metadata
run: |
if [ "${{ github.event_name }}" = "workflow_run" ]; then
DEPLOY_SHA="${{ github.event.workflow_run.head_sha }}"
else
DEPLOY_SHA="${GITHUB_SHA}"
fi
IMAGE_NAME=$(echo "${REGISTRY}/${GITHUB_REPOSITORY}" | tr '[:upper:]' '[:lower:]')
echo "DEPLOY_SHA=${DEPLOY_SHA}" >> $GITHUB_ENV
echo "IMAGE_NAME=${IMAGE_NAME}" >> $GITHUB_ENV
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GHCR
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push image
run: |
docker buildx build \
--platform linux/amd64 \
--tag ${IMAGE_NAME}:${DEPLOY_SHA} \
--tag ${IMAGE_NAME}:latest \
--push .
echo "IMAGE_REF=${IMAGE_NAME}:${DEPLOY_SHA}" >> $GITHUB_ENV
- name: Deploy on VPS
uses: appleboy/ssh-action@v1.2.0
env:
DEPLOY_SHA: ${{ env.DEPLOY_SHA }}
IMAGE_REF: ${{ env.IMAGE_REF }}
GHCR_USER: ${{ github.actor }}
GHCR_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# Expected deployment config:
# vars.VPS_HOST=43.163.91.9
# vars.VPS_USER=deploy
# vars.VPS_WORKDIR=/home/workspace/letletme_data
# secrets.VPS_SSH_KEY=<private key for deploy>
VPS_WORKDIR: ${{ vars.VPS_WORKDIR }}
with:
host: ${{ vars.VPS_HOST }}
username: ${{ vars.VPS_USER }}
key: ${{ secrets.VPS_SSH_KEY }}
script_stop: true
envs: DEPLOY_SHA,IMAGE_REF,GHCR_USER,GHCR_TOKEN,VPS_WORKDIR
script: |
set -euo pipefail
LOWER_USER=$(echo "$GHCR_USER" | tr '[:upper:]' '[:lower:]')
docker login ghcr.io -u "$LOWER_USER" -p "$GHCR_TOKEN"
cd "$VPS_WORKDIR"
git fetch --all
git checkout --force main
git reset --hard "$DEPLOY_SHA"
APP_IMAGE="$IMAGE_REF" docker compose pull api worker
APP_IMAGE="$IMAGE_REF" docker compose run --rm -T api bun run db:migrate
APP_IMAGE="$IMAGE_REF" docker compose up -d --remove-orphans --no-build
for attempt in $(seq 1 30); do
if curl --fail --silent http://127.0.0.1/health >/dev/null; then
break
fi
if [ "$attempt" -eq 30 ]; then
echo "Health check failed after waiting for startup"
APP_IMAGE="$IMAGE_REF" docker compose ps
docker logs --tail 100 letletme_data-api-1 || true
exit 1
fi
sleep 2
done
APP_IMAGE="$IMAGE_REF" docker compose ps