Removed auth and fixed git (#98) #34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Drift | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| deploy: | |
| name: Deploy | |
| runs-on: ubuntu-latest | |
| concurrency: | |
| group: deployment_lock | |
| cancel-in-progress: false | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Set up SSH key | |
| env: | |
| PROXY_HOST: ${{ vars.PROXY_HOST }} | |
| SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "$SSH_PRIVATE_KEY" > ~/.ssh/key | |
| chmod 600 ~/.ssh/key | |
| ssh-keyscan -H $PROXY_HOST >> ~/.ssh/known_hosts | |
| - name: Deploy to OpenStack server | |
| env: | |
| PROXY_HOST: ${{ vars.PROXY_HOST }} | |
| HOST: ${{ vars.HOST }} | |
| USER: ${{ vars.USER }} | |
| WORKING_DIRECTORY: ${{ vars.WORKING_DIRECTORY }} | |
| VAULTWARDEN_MASTER_PASSWORD: ${{ secrets.VAULTWARDEN_MASTER_PASSWORD }} | |
| VAULTWARDEN_ITEM_ID: ${{ secrets.VAULTWARDEN_ITEM_ID }} | |
| ENV_RELATIVE_PATH: ${{ vars.ENV_RELATIVE_PATH }} | |
| run: | | |
| # Start ssh-agent and add the SSH key | |
| eval $(ssh-agent -s) | |
| ssh-add ~/.ssh/key | |
| # SSH into the server via the proxy and run deployment commands | |
| ssh -o StrictHostKeyChecking=no -J $USER@$PROXY_HOST $USER@$HOST << ENDSSH | |
| # WE ARE NOW ON THE REMOTE SERVER | |
| # If any command fails, the script will exit immediately with a non-zero status | |
| set -euo pipefail | |
| # Run the deployment commands as root | |
| sudo bash -c ' | |
| # Exit immediately if a command exits with a non-zero status | |
| set -euo pipefail | |
| # Load environment variables from Vaultwarden | |
| cd | |
| ./get-env.sh "$VAULTWARDEN_MASTER_PASSWORD" "$VAULTWARDEN_ITEM_ID" "$WORKING_DIRECTORY/$ENV_RELATIVE_PATH" | |
| # Change permissions of .env to be readable only by the owner | |
| chmod 0600 "$WORKING_DIRECTORY/$ENV_RELATIVE_PATH" | |
| # Navigate to the working directory, pull the latest code, and run the deployment script | |
| cd "$WORKING_DIRECTORY" | |
| git fetch | |
| git reset --hard origin/main | |
| ./deploy.sh | |
| ' | |
| ENDSSH |