ci - deploy server in stack #5
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Stack Deploy | |
| on: | |
| workflow_dispatch: | |
| push: # auto-deploy on change (simplify deploy development) | |
| #TMP branches: [ 'main' ] | |
| paths: | |
| - '.github/workflows/stack.yml' | |
| - '.github/composites/ssh-remote-host/**' | |
| - 'compose.yaml' | |
| - 'compose.release.yaml' | |
| - 'deploy/nginx/**' | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }}/server | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v2 #name: Checkout codebase | |
| - uses: docker/setup-buildx-action@v3 #https://github.com/marketplace/actions/docker-setup-buildx | |
| - uses: docker/login-action@v3 #https://github.com/marketplace/actions/docker-login | |
| if: github.event_name != 'pull_request' | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - uses: docker/metadata-action@v5 #https://github.com/marketplace/actions/docker-metadata-action | |
| id: meta | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| - uses: docker/build-push-action@v6 #https://github.com/marketplace/actions/build-and-push-docker-images | |
| with: | |
| context: . | |
| file: server/Dockerfile | |
| push: ${{ github.event_name != 'pull_request' }} | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| #TODO: sign the published docker image | |
| # custom docker stack deploy steps (much faster than docker-stack-deploy action) | |
| - uses: ./.github/composites/ssh-remote-host | |
| with: | |
| ssh_user: ${{ secrets.REMOTE_USER }} | |
| ssh_host: ${{ secrets.REMOTE_HOST }} | |
| ssh_private_key: ${{ secrets.REMOTE_PRIVATE_KEY }} | |
| step_name: Docker Stack Deploy | |
| step_run: | | |
| echo "==== prepare templates rending and initial deploy" | |
| export DATA_ROOT="/home/${{ secrets.REMOTE_USER }}" | |
| export SERVER_NAME=${{ secrets.REMOTE_HOST }} | |
| export DOMAIN_EMAIL=${{ secrets.DOMAIN_EMAIL }} | |
| export SERVER_IMAGE=${{ steps.meta.outputs.tags }} | |
| # initial tmp certbot setup #TODO: rm in favor of swarm secrets | |
| ssh -T $SSH_TARGET mkdir -p $DATA_ROOT/certbot/{www,conf} | |
| echo "==== deploy configs" #tmp until app image isn't built | |
| scp -r deploy/ $SSH_TARGET:. | |
| echo "==== docker stack deploy" | |
| export DOCKER_HOST="ssh://${SSH_TARGET}" | |
| #docker stack config -c compose.yaml -c compose.release.yaml #diagnose rendered stack | |
| docker stack deploy --with-registry-auth -c compose.yaml -c compose.release.yaml tt | |
| # force nginx render/reload template #TODO: /docker-entrypoint.d/20-envsubst-on-templates.sh && nginx -s reload | |
| echo "==== docker service update" | |
| docker service update --force tt_web |