56 lines
1.9 KiB
YAML
56 lines
1.9 KiB
YAML
name: Deploy miriamgemeinde
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
|
|
jobs:
|
|
deploy:
|
|
runs-on: ubuntu-latest
|
|
|
|
env:
|
|
SSH_HOST: ${{ vars.PROD_HOST }}
|
|
SSH_PORT: ${{ vars.PROD_PORT }}
|
|
SSH_USER: ${{ vars.PROD_USER }}
|
|
|
|
steps:
|
|
- name: Show resolved non-secret config
|
|
run: |
|
|
echo "SSH_HOST=$SSH_HOST"
|
|
echo "SSH_PORT=$SSH_PORT"
|
|
echo "SSH_USER=$SSH_USER"
|
|
|
|
- name: Prepare SSH
|
|
run: |
|
|
set -e
|
|
mkdir -p ~/.ssh
|
|
printf '%s' "${{ secrets.PROD_SSH_KEY_B64 }}" | base64 -d > ~/.ssh/id_deploy
|
|
chmod 600 ~/.ssh/id_deploy
|
|
ssh-keygen -l -f ~/.ssh/id_deploy
|
|
ssh-keyscan -p "$SSH_PORT" "$SSH_HOST" >> ~/.ssh/known_hosts
|
|
|
|
- name: Test SSH connection
|
|
run: |
|
|
set -e
|
|
ssh -i ~/.ssh/id_deploy \
|
|
-o StrictHostKeyChecking=no \
|
|
-o BatchMode=yes \
|
|
-o ConnectTimeout=10 \
|
|
-p "$SSH_PORT" \
|
|
"$SSH_USER@$SSH_HOST" \
|
|
"echo SSH OK"
|
|
|
|
# If you need server-side preparation (e.g. ensure /var/... exists/permissions),
|
|
# add it in the remote command before running the update script.
|
|
- name: Run deployment script
|
|
run: |
|
|
set -e
|
|
ssh -i ~/.ssh/id_deploy \
|
|
-o StrictHostKeyChecking=no \
|
|
-o BatchMode=yes \
|
|
-o ConnectTimeout=10 \
|
|
-p "$SSH_PORT" \
|
|
"$SSH_USER@$SSH_HOST" \
|
|
"bash -lc 'set -euo pipefail; TS=\$(date +\"%Y-%m-%d_%H%M%S\"); SRC=\"/var/www/miriamgemeinde/public/images\"; DEST_BASE=\"/home/torsten/miriamgemeinde/backup/\$TS\"; mkdir -p \"\$DEST_BASE\"; if [ -d \"\$SRC\" ]; then cp -a \"\$SRC\" \"\$DEST_BASE/\"; echo \"Backed up \$SRC -> \$DEST_BASE/images\"; else echo \"WARN: \$SRC does not exist; skipping backup\"; fi; cd /home/torsten/miriamgemeinde && ./deploy.sh'"
|