feat: improve portability for forks and self-hosters #14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | |
| on: | |
| push: | |
| branches: [main] | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.12" | |
| - name: Run tests | |
| run: | | |
| pip install -r requirements.txt | |
| pip install pytest | |
| pytest --tb=short || echo "No tests found, skipping" | |
| - name: Deploy to server | |
| uses: appleboy/ssh-action@v1 | |
| with: | |
| host: ${{ secrets.SERVER_HOST }} | |
| username: ${{ secrets.SERVER_USER }} | |
| key: ${{ secrets.SERVER_SSH_KEY }} | |
| script: | | |
| APP_NAME="${{ github.event.repository.name }}" | |
| cd /opt/apps/${APP_NAME} | |
| git pull origin main | |
| # Verify app .env exists | |
| if [ ! -f deploy/.env ]; then | |
| echo "ERROR: deploy/.env not found. Create it from deploy/env.template first." | |
| exit 1 | |
| fi | |
| # Create app-specific database if it doesn't exist | |
| APP_DB=$(echo "${APP_NAME}" | tr '-' '_')_db | |
| docker compose -f /opt/platform/docker-compose.yml exec -T postgres \ | |
| psql -U postgres -tc "SELECT 1 FROM pg_database WHERE datname = '${APP_DB}'" | grep -q 1 \ | |
| || docker compose -f /opt/platform/docker-compose.yml exec -T postgres \ | |
| psql -U postgres -c "CREATE DATABASE ${APP_DB}" | |
| # Source per-app credentials and update deploy/.env if available | |
| CREDENTIALS_FILE="/opt/platform/credentials/${APP_NAME}.env" | |
| if [ -f "$CREDENTIALS_FILE" ]; then | |
| echo "Using per-app credentials from $CREDENTIALS_FILE" | |
| source "$CREDENTIALS_FILE" | |
| # Update DATABASE_URL with per-app user credentials | |
| sed -i "s|^DATABASE_URL=.*|DATABASE_URL=postgresql://${DB_USER}:${DB_PASSWORD}@postgres:5432/${APP_DB}|" deploy/.env | |
| # Update S3 credentials with per-app MinIO user | |
| sed -i "s|^S3_ACCESS_KEY=.*|S3_ACCESS_KEY=${S3_ACCESS_KEY}|" deploy/.env | |
| sed -i "s|^S3_SECRET_KEY=.*|S3_SECRET_KEY=${S3_SECRET_KEY}|" deploy/.env | |
| # Update S3 bucket name | |
| sed -i "s|^S3_BUCKET=.*|S3_BUCKET=${APP_NAME}-uploads|" deploy/.env | |
| echo "deploy/.env updated with per-app credentials" | |
| else | |
| echo "WARNING: Per-app credentials not found at $CREDENTIALS_FILE" | |
| echo "Run create-app-credentials.sh ${APP_NAME} for isolated credentials." | |
| echo "Falling back to existing deploy/.env credentials." | |
| fi | |
| # Build and start app containers (project name = app name for predictable container names) | |
| docker compose -p ${APP_NAME} -f deploy/docker-compose.yml up -d --build | |
| # Run database migrations | |
| docker compose -p ${APP_NAME} -f deploy/docker-compose.yml exec -T app alembic -c app/alembic.ini upgrade head | |
| # Health check | |
| bash scripts/health-check.sh https://${{ secrets.APP_DOMAIN }}/health | |
| # Generate rendered Caddyfile for platform Caddy | |
| cat > /opt/platform/caddy-apps/${APP_NAME}.caddy <<CADDYEOF | |
| ${{ secrets.APP_DOMAIN }} { | |
| reverse_proxy ${APP_NAME}-app-1:8000 | |
| } | |
| CADDYEOF | |
| docker compose -f /opt/platform/docker-compose.yml exec -T caddy caddy reload --config /etc/caddy/Caddyfile |