Seek to file start in photo upload #233
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: deploy | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths-ignore: | |
| - "*.md" | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: "Deployment tag" | |
| required: true | |
| type: choice | |
| default: "main" | |
| options: | |
| - main | |
| - dev | |
| jobs: | |
| deploy: | |
| name: Deploy | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: nixbuild/nix-quick-install-action@v32 | |
| with: | |
| nix_version: 2.28.4 | |
| - name: Generate cache key | |
| run: | | |
| nixpkgs_hash=$(grep -Eom1 'archive/[0-9a-f]{40}\.tar\.gz' shell.nix | cut -d'/' -f2 | cut -d'.' -f1) | |
| echo "NIXPKGS_HASH=$nixpkgs_hash" >> $GITHUB_ENV | |
| echo "CACHE_KEY=${{ runner.os }}-$nixpkgs_hash" >> $GITHUB_ENV | |
| - uses: nix-community/cache-nix-action@v6 | |
| with: | |
| primary-key: nix-${{ env.CACHE_KEY }} | |
| - name: Setup NIX_PATH | |
| run: | | |
| path=$(nix eval --impure --expr "(import (fetchTarball \"https://github.com/NixOS/nixpkgs/archive/${{ env.NIXPKGS_HASH }}.tar.gz\") {}).path") | |
| echo "NIX_PATH=nixpkgs=$path" >> $GITHUB_ENV | |
| - name: Get cache directories | |
| id: cache-dirs | |
| run: | | |
| nix-shell -p uv --run " | |
| echo \"UV_CACHE=\$(uv cache dir)\" | |
| " | tee -a $GITHUB_OUTPUT | |
| - name: Cache files and packages | |
| uses: actions/cache@v4 | |
| with: | |
| key: pkg-${{ env.CACHE_KEY }}-${{ hashFiles('uv.lock') }} | |
| path: | | |
| ${{ steps.cache-dirs.outputs.UV_CACHE }} | |
| .venv | |
| - name: Configure deployment tag | |
| id: tag | |
| run: | | |
| if [[ "${{ github.event_name }}" == "workflow_dispatch" ]]; then | |
| echo "out=${{ inputs.tag }}" >> "$GITHUB_OUTPUT" | |
| else | |
| echo "out=dev" >> "$GITHUB_OUTPUT" | |
| fi | |
| - name: Build container image | |
| id: image | |
| run: | | |
| nix-shell --pure --run true | |
| image_path=$(nix-build --no-out-link) | |
| echo "out=$image_path" >> "$GITHUB_OUTPUT" | |
| - name: Configure SSH | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id && chmod 600 ~/.ssh/id | |
| echo "${{ secrets.SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts | |
| echo "Host remote | |
| HostName ${{ secrets.SSH_HOST }} | |
| User ${{ secrets.SSH_USER }} | |
| Port ${{ secrets.SSH_PORT }} | |
| IdentityFile ~/.ssh/id | |
| " > ~/.ssh/config | |
| - name: Upload container image | |
| run: scp "${{ steps.image.outputs.out }}" remote:~ | |
| - name: Deploy on remote | |
| run: | | |
| ssh remote <<\EOF | |
| set -e | |
| tag="${{ steps.tag.outputs.out }}" | |
| image_filename="$(basename "${{ steps.image.outputs.out }}")" | |
| cleanup() { | |
| cd ~ | |
| echo "Cleaning up" | |
| rm -f "$image_filename" | |
| } | |
| trap cleanup EXIT | |
| echo "Loading Docker image" | |
| docker load < "$image_filename" | |
| echo "Fetching latest changes from the git repository" | |
| cd "$tag" | |
| git fetch origin main | |
| git reset --hard origin/main | |
| echo "Restarting containers" | |
| docker compose down --remove-orphans | |
| TAG="$tag" docker compose --env-file "envs/compose/$tag.env" up -d | |
| echo "Pruning dangling images" | |
| docker image prune -f | |
| EOF |