Create deploy_to_private.yaml

Sllambias · web-flow · commit 51756bff5505 · 2026-01-26T13:22:36.000+01:00
diff --git a/.github/workflows/deploy_to_private.yaml b/.github/workflows/deploy_to_private.yaml
@@ -0,0 +1,68 @@
+name: Deploy to Open Repo
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+
+permissions:
+  contents: write
+
+jobs:
+  deploy:
+    if: |
+      github.event.repository.name == 'staging_open' &&
+      github.event.pusher.name != 'github-actions[bot]'
+    name: Push built output to target repo via SSH
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout repository (no persisted credentials)
+        uses: actions/checkout@v4
+        with:
+          ref: deploy
+          fetch-depth: 0
+          persist-credentials: false
+
+      - name: Configure git
+        run: |
+          git config --global user.name "github-actions[bot]"
+          git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com"
+          git remote add ssh-origin https://x-access-token:${{ secrets.GITHUB_TOKEN }}@github.com:Sllambias/staging_private
+
+      - name: Start ssh-agent and add deploy key
+        uses: webfactory/ssh-agent@v0.9.1
+        with:
+          ssh-private-key: ${{ secrets.DEPLOY }}
+          
+      - name: Ensure github.com is in known_hosts
+        run: |
+          mkdir -p ~/.ssh
+          ssh-keyscan github.com >> ~/.ssh/known_hosts
+          chmod 644 ~/.ssh/known_hosts     
+
+      - name: Update deployment with secondary main
+        run: |
+          git fetch ssh-origin main
+          git rebase -X ours ssh-origin/main
+          git merge --squash -X theirs origin/main --allow-unrelated-histories
+          
+      - name: Update deployment branch with local main
+        run: |
+          git restore --staged README.md
+          
+
+      - name: commit
+        run: | 
+          git commit -m "deploy changes"
+          
+      - name: Sync repositories
+        run: |
+          echo "Pushing to SSH remote: git@github.com:Sllambias/staging_private.git -> branch main"
+
+          git remote -v
+          echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK"
+          ssh -T -o StrictHostKeyChecking=no git@github.com || true
+          
+          git push
+          git push -f -u ssh-origin HEAD:main
