Deploy production #284

Workflow file for this run

.github/workflows/production-deploy.yaml at 6ca00fb

	name: Deploy production

	on:
	push:
	tags:
	- stable

	workflow_dispatch:

	repository_dispatch:
	types:
	- environments-updated

	#
	# workflow_call:
	# secrets:
	# OVPN_CLIENT_KEY:
	# required: true
	# SSH_KEY:
	# required: true
	# INFISICAL_TOKEN_PRODUCTION:
	# required: true
	# CONTAINER_REGISTRY_READ_TOKEN:
	# required: true

	concurrency:
	group: remote-server-with-openvpn-connection
	cancel-in-progress: false

	jobs:
	deploy:
	name: Deploy production
	runs-on: ubuntu-latest
	env:
	COMPOSE_URL: https://${{ github.token }}@raw.githubusercontent.com/${{ github.repository }}/${{ github.ref_name }}/docker-compose.prod.yml
	SCRIPT_URL: https://${{ github.token }}@raw.githubusercontent.com/${{ github.repository }}/${{ github.ref_name }}/bin/run-production.sh
	steps:
	- uses: frenck/action-setup-yq@v1
	- uses: awalsh128/cache-apt-pkgs-action@latest
	with:
	packages: openvpn openvpn-systemd-resolved
	version: 1.0
	- name: Write OVPN config
	run: printf "${{ vars.OVPN_CONFIG }}" > .openvpn-client.ovpn
	- name: Connect to VPN
	uses: kota65535/github-openvpn-connect-action@v3
	with:
	config_file: .openvpn-client.ovpn
	client_key: ${{ secrets.OVPN_CLIENT_KEY }}
	- name: Execute deploy on production server
	uses: appleboy/[email protected]
	env:
	INFISICAL_TOKEN: ${{ secrets.INFISICAL_TOKEN_PRODUCTION }}
	WORKDIR: ${{ vars.REMOTE_PROD_DIR }}
	DOCKER_USER: ${{ github.repository_owner }}
	DOCKER_PASSWORD: ${{ secrets.CONTAINER_REGISTRY_READ_TOKEN }}
	with:
	host: ${{ vars.SSH_HOST }}
	username: ${{ vars.SSH_USER }}
	key: ${{ secrets.SSH_KEY }}
	envs: COMPOSE_URL,SCRIPT_URL,INFISICAL_TOKEN,WORKDIR,DOCKER_USER,DOCKER_PASSWORD
	script_stop: true
	script: \|
	which docker
	which infisical
	export INFISICAL_DISABLE_UPDATE_CHECK=true

	grep '"ghcr.io"' ~/.docker/config.json > /dev/null \|\| echo $DOCKER_PASSWORD \| docker login ghcr.io -u "$DOCKER_USER" --password-stdin
	mkdir -p "$WORKDIR" && cd "$WORKDIR"

	echo "Downloading docker-compose.yml from $COMPOSE_URL"
	curl --fail -s "$COMPOSE_URL" > docker-compose.yml

	echo "Downloading run-production.sh from $SCRIPT_URL"
	curl --fail -s "$SCRIPT_URL" > run-production.sh
	chmod +x run-production.sh

	ls -la .
	infisical run --env=prod -- ./run-production.sh

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Deploy production #284

Workflow file

Deploy production #284

Jobs

Run details

Workflow file for this run