-
Notifications
You must be signed in to change notification settings - Fork 11
106 lines (82 loc) · 3.17 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
name: Deploy to Production
on:
workflow_dispatch:
push:
branches:
- staging_sec_data
env:
PHP_VERSION: '8.2'
SERVER_HOSTNAME: 'staging.scify.org'
REMOTE_USER: 'project_crowdsourcing_sec_data'
PROJECT_URL: 'crowcrowdsourcing-ecas.staging.scify.org'
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout repo
uses: actions/[email protected]
- name: Install wireguard
run: sudo apt install wireguard
- name: Create wg0 file
uses: cuchi/[email protected]
with:
template: .github/templates/wg0.j2
output_file: wg0.conf
variables: |
WIREGUARD_PRIVATE_KEY=${{ secrets.WIREGUARD_PRIVATE_KEY }}
VPN_SERVER_PUBLIC_KEY=${{ secrets.VPN_SERVER_PUBLIC_KEY }}
- name: Move wg0.conf to /etc/wireguard
run: sudo mv wg0.conf /etc/wireguard/wg0.conf
- name: Start wireguard
run: sudo wg-quick up wg0
- name: Checkout repo
uses: actions/[email protected]
- name: Add frodo to etc hosts
run: echo "10.10.0.100 frodo.scify.org" | sudo tee -a /etc/hosts
- name: read password from vault
uses: hashicorp/vault-action@v2
with:
url: https://frodo.scify.org:8200
caCertificate: ${{ secrets.VAULT_CA_CERT }}
method: userpass
username: ${{ secrets.VAULT_USER }}
password: ${{ secrets.VAULT_PASSWORD }}
secrets: |
Projects/crowdsourcing/scify-installation-together/staging_sec_data/database db_name | DB_NAME ;
Projects/crowdsourcing/scify-installation-together/staging_sec_data/database db_user | DB_USER ;
Projects/crowdsourcing/scify-installation-together/staging_sec_data/database password | DB_PASSWORD ;
- name: Create .env file
uses: cuchi/[email protected]
with:
template: .github/templates/.env.j2
output_file: .env
variables: |
DB_NAME=${{ secrets.DB_NAME }}
DB_USER=${{ secrets.DB_USER }}
DB_PASSWORD=${{ secrets.DB_PASSWORD }}
- name: Setup node
uses: actions/setup-node@v4
with:
node-version-file: '.nvmrc'
- name: Install node dependencies
run: npm install
- name: Build assets
run: npm run build
- name: SCP files to staging server
uses: easingthemes/[email protected]
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_KEY_STAGING_SERVER }}
REMOTE_PORT: 222
SOURCE: "./"
REMOTE_HOST: ${{ env.SERVER_HOSTNAME }}
REMOTE_USER: ${{ env.REMOTE_USER }}
TARGET: "/home/${{ env.REMOTE_USER }}/www/${{ env.PROJECT_URL }}"
- name: Run composer install on remote server
uses: appleboy/[email protected]
with:
host: ${{ env.PRODUCTION_SERVER_HOSTNAME }}
username: ${{ env.REMOTE_USER }}
key: ${{ secrets.SSH_KEY_STAGING_SERVER }}
script: |
cd /home/${{ env.REMOTE_USER }}/www/${{ env.PROJECT_URL }}
composer install --no-dev --no-interaction --no-progress --optimize-autoloader