Update resume #62
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # https://grrr.tech/posts/2021/github-actions-openvpn/ | |
| name: deploy | |
| on: | |
| push: | |
| tags: | |
| - "v[0-9]+.[0-9]+.[0-9]+" | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref || github.run_id }} | |
| cancel-in-progress: true | |
| jobs: | |
| build: | |
| name: Build image | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| # https://github.com/actions/checkout | |
| - uses: actions/checkout@v3 | |
| # Login against a Docker registry | |
| # https://github.com/docker/login-action | |
| - uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # Extract metadata (tags, labels) for Docker | |
| # https://github.com/docker/metadata-action | |
| - name: Extract Docker metadata | |
| id: meta | |
| uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934 | |
| with: | |
| images: ghcr.io/${{ github.repository }} | |
| - name: Prepare environment variables | |
| run: | | |
| echo "${{ secrets.ENV_VARIABLES }}" | base64 -d > .env | |
| # Build and push Docker image with Buildx | |
| # https://github.com/docker/build-push-action | |
| - name: Build and push | |
| uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| - name: Compute outputs | |
| id: compute-outputs | |
| run: | | |
| echo "tag=$(echo "${{ steps.meta.outputs.tags }}" | head -1 )" >> "$GITHUB_OUTPUT" | |
| echo "docker-compose=$(base64 docker-compose.yml | tr -d '\n')" >> "$GITHUB_OUTPUT" | |
| outputs: | |
| tag: ${{ steps.compute-outputs.outputs.tag }} | |
| docker-compose: ${{ steps.compute-outputs.outputs.docker-compose }} | |
| deploy: | |
| name: Deploy image | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Deploy using webhook through OpenVPN | |
| - name: Install OpenVPN | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get --assume-yes --no-install-recommends install openvpn | |
| - name: Setup VPN config | |
| run: | | |
| echo "${{ secrets.CONFIG_OVPN }}" | base64 --decode > config.ovpn | |
| echo "${{ secrets.OVPN_PASSWORD }}" | base64 --decode > password | |
| chmod 600 config.ovpn password | |
| - name: Connect VPN | |
| run: sudo openvpn --askpass password --config config.ovpn --log vpn.log --daemon | |
| - name: Wait for a VPN connection | |
| timeout-minutes: 1 | |
| run: until nc -vzw 2 ${{ secrets.SERVER_IP }}; do sleep 2; done | |
| # https://github.com/joelwmale/webhook-action | |
| - name: Deploy docker container webhook | |
| uses: joelwmale/webhook-action@448a17bf857ead98546cfbdbe3b9d4cf979dda95 | |
| with: | |
| url: ${{ secrets.WEBHOOK_URL }} | |
| headers: '{"X-Token": "${{ secrets.WEBHOOK_TOKEN }}"}' | |
| body: >- | |
| { "DOCKER_PASSWORD": "${{ secrets.GITHUB_TOKEN }}", | |
| "DOCKER_PROJECT": "${{ github.event.repository.name }}", | |
| "DOCKER_COMPOSE": "${{ needs.build.outputs.docker-compose }}", | |
| "DOCKER_TAG": "${{ needs.build.outputs.tag }}", | |
| "ENV_VARIABLES": "${{ secrets.ENV_VARIABLES }}" } | |
| - name: Kill VPN connection | |
| if: always() | |
| run: | | |
| sudo killall openvpn | |
| # Wait for the server to retrieve the image | |
| - name: Sleep for 180 seconds | |
| run: sleep 180 |