Skip to content

Resolve dotenv security advisory #77

Resolve dotenv security advisory

Resolve dotenv security advisory #77

Workflow file for this run

name: Rust
on:
push:
branches: [master]
pull_request:
branches: [master]
env:
CARGO_TERM_COLOR: always
jobs:
build:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 100
- name: rust-toolchain
uses: actions-rs/[email protected]
with:
toolchain: nightly
override: true
- uses: actions/cache@v2
with:
path: |
~/.cargo/registry
~/.cargo/git
target
key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }}
- name: Build release binary
run: cargo build --release --verbose
- name: Save build artifacts
uses: actions/upload-artifact@v2
with:
name: neomason-bin
path: target/release/neomason-discord-bot
deploy:
runs-on: ubuntu-latest
needs: build
environment: production
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 100
- name: Announce deploy
env:
DISCORD_TOKEN: ${{ secrets.BOT_DISCORD_TOKEN }}
CHANNEL_ID: ${{ secrets.ANNOUNCEMENT_CHANNEL_ID }}
OLD_COMMIT_SHA: ${{ github.event.before }}
run: |
msg=$(git log --no-decorate ${OLD_COMMIT_SHA}.. | sed -z 's/\n/\\n/g')
curl https://discord.com/api/channels/${CHANNEL_ID}/messages -H "Authorization: Bot ${DISCORD_TOKEN}" -X POST -H "Content-Type: application/json" -d '{"content": "Deploying new version of the bot...\nNew changes:\n\n'"$msg"'"}'
- name: Fetch the binary
uses: actions/download-artifact@v2
with:
name: neomason-bin
- name: Deploy the binary
env:
SSH_KEY: ${{ secrets.SSH_KEY }}
run: |
eval $(ssh-agent -s)
ssh-agent bash
ssh-add <(echo "$SSH_KEY")
mkdir ~/.ssh && echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
ssh-add -l
rsync neomason-discord-bot [email protected]:neomason-current
ssh [email protected] "sudo /bin/systemctl restart neomason-discord-bot"