Add RLS policies for anonymous payments/subscriptions and use service… #17
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Production | |
| on: | |
| push: | |
| branches: | |
| - master | |
| - main | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Set up SSH | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} | |
| - name: Add server to known hosts | |
| run: | | |
| mkdir -p ~/.ssh | |
| # Create SSH config file with custom port and user | |
| echo "Creating SSH config file..." | |
| cat > ~/.ssh/config << EOF | |
| Host profullstack.com 104.36.23.197 | |
| HostName 104.36.23.197 | |
| User ubuntu | |
| Port 2048 | |
| EOF | |
| chmod 600 ~/.ssh/config | |
| # Run ssh-keyscan with the correct port | |
| echo "Running ssh-keyscan with custom port..." | |
| # The -p flag is for the port, -T disables pseudo-terminal allocation | |
| ssh-keyscan -p 2048 -T 60 104.36.23.197 > /tmp/known_hosts_entry | |
| # Check if ssh-keyscan succeeded | |
| if [ -s /tmp/known_hosts_entry ]; then | |
| echo "Successfully retrieved host key:" | |
| cat /tmp/known_hosts_entry | |
| # Add the host key to known_hosts | |
| cat /tmp/known_hosts_entry >> ~/.ssh/known_hosts | |
| chmod 644 ~/.ssh/known_hosts | |
| else | |
| echo "Failed to retrieve host key via ssh-keyscan, using provided key..." | |
| echo "${{ secrets.SERVER_KNOWN_HOSTS }}" > ~/.ssh/known_hosts | |
| chmod 644 ~/.ssh/known_hosts | |
| fi | |
| # Verify the files exist and have content | |
| ls -la ~/.ssh/ | |
| echo "Content of SSH config:" | |
| cat ~/.ssh/config | |
| echo "Lines in known_hosts:" | |
| wc -l ~/.ssh/known_hosts | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y rsync zsh curl file golang postgresql-client gnome-keyring dbus-x11 | |
| # Set up dbus for gnome-keyring | |
| echo "Setting up dbus and gnome-keyring..." | |
| mkdir -p ~/.cache | |
| dbus-launch --sh-syntax > ~/.cache/dbus-env | |
| source ~/.cache/dbus-env | |
| # Initialize the keyring | |
| echo "Initializing gnome-keyring..." | |
| echo -n "password" | gnome-keyring-daemon --unlock | |
| # Export environment variables for subsequent steps | |
| echo "DBUS_SESSION_BUS_ADDRESS=${DBUS_SESSION_BUS_ADDRESS}" >> $GITHUB_ENV | |
| - name: Create .env file from secret | |
| run: | | |
| # Create .env file from GitHub secret | |
| echo "${{ secrets.ENV_FILE_CONTENT }}" > .env | |
| # Print confirmation (without showing the content for security) | |
| echo "Created .env file with $(grep -c '' .env) lines" | |
| - name: Install Supabase CLI and setup project | |
| run: | | |
| # Make scripts executable | |
| chmod +x ./bin/supabase-db.sh | |
| # Debug: Check .env file existence | |
| echo "Checking .env file..." | |
| if [ -f .env ]; then | |
| echo ".env file exists with $(grep -c '' .env) lines" | |
| # Check if required variables are in .env (without showing values) | |
| grep -q "SUPABASE_URL" .env && echo "SUPABASE_URL is set" || echo "SUPABASE_URL is missing" | |
| grep -q "SUPABASE_KEY" .env && echo "SUPABASE_KEY is set" || echo "SUPABASE_KEY is missing" | |
| grep -q "SUPABASE_DB_PASSWORD" .env && echo "SUPABASE_DB_PASSWORD is set" || echo "SUPABASE_DB_PASSWORD is missing" | |
| grep -q "SUPABASE_ACCESS_TOKEN" .env && echo "SUPABASE_ACCESS_TOKEN is set" || echo "SUPABASE_ACCESS_TOKEN is missing" | |
| else | |
| echo ".env file does not exist" | |
| fi | |
| # Setup Supabase project | |
| ./bin/supabase-db.sh setup | |
| # Add to PATH | |
| export PATH="$HOME/.local/bin:$PATH" | |
| # Verify installation | |
| supabase --version | |
| env: | |
| SUPABASE_URL: ${{ secrets.SUPABASE_URL }} | |
| SUPABASE_KEY: ${{ secrets.SUPABASE_KEY }} | |
| SUPABASE_SERVICE_ROLE_KEY: ${{ secrets.SUPABASE_SERVICE_ROLE_KEY }} | |
| SUPABASE_DB_PASSWORD: ${{ secrets.SUPABASE_DB_PASSWORD }} | |
| SUPABASE_ACCESS_TOKEN: ${{ secrets.SUPABASE_ACCESS_TOKEN }} | |
| - name: Deploy to server with migrations | |
| run: | | |
| # Make deploy scripts executable | |
| chmod +x ./bin/deploy.sh | |
| chmod +x ./bin/deploy-with-migrations.sh | |
| # Print debug info | |
| echo "Current directory: $(pwd)" | |
| echo "Files in bin directory:" | |
| ls -la ./bin | |
| # Run deploy script with migrations | |
| DEPLOY_REMOTE_HOST=104.36.23.197 DEPLOY_REMOTE_PORT=2048 DEPLOY_REMOTE_USER=ubuntu ./bin/deploy-with-migrations.sh | |
| # Run test script to verify deployment | |
| echo "Running test script on remote server..." | |
| ssh -p 2048 [email protected] "cd $DEPLOY_REMOTE_DIR && chmod +x bin/test-github-actions.sh && ./bin/test-github-actions.sh" | |
| env: | |
| DEPLOY_REMOTE_HOST: 104.36.23.197 | |
| DEPLOY_REMOTE_PORT: 2048 | |
| DEPLOY_REMOTE_USER: ubuntu | |
| DEPLOY_REMOTE_DIR: www/profullstack.com/pdf | |
| INSTALL_SERVICE: true | |
| SUPABASE_URL: ${{ secrets.SUPABASE_URL }} | |
| SUPABASE_KEY: ${{ secrets.SUPABASE_KEY }} | |
| SUPABASE_DB_PASSWORD: ${{ secrets.SUPABASE_DB_PASSWORD }} | |
| SUPABASE_ACCESS_TOKEN: ${{ secrets.SUPABASE_ACCESS_TOKEN }} |