expand env vars in script rather than "pipeline templating" #27
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Docker to VM | |
| on: | |
| push: | |
| branches: | |
| - feat/build-on-push | |
| env: | |
| IMAGE_TAG: latest | |
| jobs: | |
| deploy: | |
| runs-on: self-hosted | |
| environment: | |
| name: production | |
| url: 'https://${{ vars.SERVER_HOST }}' | |
| steps: | |
| - name: Check image tag exists | |
| run: | | |
| set -e # Ensure the script stops on the first error | |
| # set default tag to latest if not provided | |
| if [ -z "$IMAGE_TAG" ]; then | |
| IMAGE_TAG="latest" | |
| fi | |
| STATUS=$(curl -s -o /dev/null -w "%{http_code}" -H "Authorization: Bearer ${{ secrets.GITHUB_TOKEN }}" \ | |
| https://ghcr.io/v2/${{ github.repository }}/manifests/$IMAGE_TAG) | |
| if [ "$STATUS" -ne 200 ]; then | |
| echo "Image with TAG $IMAGE_TAG not found in GitHub Container Registry. Aborting..." | |
| exit 1 | |
| fi | |
| - name: SSH to VM and Execute Docker-Compose Down | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ vars.VM_HOST }} | |
| username: ${{ vars.VM_USERNAME }} | |
| key: ${{ secrets.VM_SSH_PRIVATE_KEY }} | |
| proxy_host: ${{ vars.DEPLOYMENT_GATEWAY_HOST }} | |
| proxy_username: ${{ vars.DEPLOYMENT_GATEWAY_USER }} | |
| proxy_key: ${{ secrets.DEPLOYMENT_GATEWAY_SSH_KEY }} | |
| proxy_port: ${{ vars.DEPLOYMENT_GATEWAY_PORT }} | |
| script: | | |
| docker compose -f docker-compose.prod.yml --env-file=.env.prod down --remove-orphans --rmi all | |
| - name: checkout | |
| uses: actions/checkout@v4 | |
| - name: Set image tag in DOcker Compose File | |
| run: | | |
| sed -i "s/\$IMAGE_TAG/$IMAGE_TAG/g" docker-compose.prod.yml | |
| - name: Copy Docker Compose File From Repo to VM Host | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ vars.VM_HOST }} | |
| username: ${{ vars.VM_USERNAME }} | |
| key: ${{ secrets.VM_SSH_PRIVATE_KEY }} | |
| proxy_host: ${{ vars.DEPLOYMENT_GATEWAY_HOST }} | |
| proxy_username: ${{ vars.DEPLOYMENT_GATEWAY_USER }} | |
| proxy_key: ${{ secrets.DEPLOYMENT_GATEWAY_SSH_KEY }} | |
| proxy_port: ${{ vars.DEPLOYMENT_GATEWAY_PORT }} | |
| source: "./docker-compose.prod.yml" | |
| target: /home/${{ vars.VM_USERNAME }} | |
| - name: SSH to VM and create .env.prod file | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ vars.VM_HOST }} | |
| username: ${{ vars.VM_USERNAME }} | |
| key: ${{ secrets.VM_SSH_PRIVATE_KEY }} | |
| proxy_host: ${{ vars.DEPLOYMENT_GATEWAY_HOST }} | |
| proxy_username: ${{ vars.DEPLOYMENT_GATEWAY_USER }} | |
| proxy_key: ${{ secrets.DEPLOYMENT_GATEWAY_SSH_KEY }} | |
| proxy_port: ${{ vars.DEPLOYMENT_GATEWAY_PORT }} | |
| script: | | |
| rm -f .env.prod # Delete if exists | |
| touch .env.prod | |
| echo "INFLUXDB_TOKEN=\"${{ secrets.INFLUXDB_TOKEN }}\"" >> .env.prod | |
| echo "INFLUXDB_ORG=${{ vars.INFLUXDB_ORG }}" >> .env.prod | |
| echo "INFLUXDB_BUCKET=${{ vars.INFLUXDB_BUCKET }}" >> .env.prod | |
| echo "DOCKER_INFLUXDB_INIT_USERNAME=${{ vars.DOCKER_INFLUXDB_INIT_USERNAME }}" >> .env.prod | |
| echo "DOCKER_INFLUXDB_INIT_PASSWORD=\"${{ secrets.DOCKER_INFLUXDB_INIT_PASSWORD }}\"" >> .env.prod | |
| echo "REPOSITORY_OWNER=${{ vars.REPOSITORY_OWNER }}" >> .env.prod | |
| echo "REPOSITORY_NAME=${{ vars.REPOSITORY_NAME }}" >> .env.prod | |
| echo "GITHUB_TOKEN=${{ secrets.GH_PULL_TOKEN }}" >> .env.prod | |
| - name: Copy Caddyfile | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ vars.VM_HOST }} | |
| username: ${{ vars.VM_USERNAME }} | |
| key: ${{ secrets.VM_SSH_PRIVATE_KEY }} | |
| proxy_host: ${{ vars.DEPLOYMENT_GATEWAY_HOST }} | |
| proxy_username: ${{ vars.DEPLOYMENT_GATEWAY_USER }} | |
| proxy_key: ${{ secrets.DEPLOYMENT_GATEWAY_SSH_KEY }} | |
| proxy_port: ${{ vars.DEPLOYMENT_GATEWAY_PORT }} | |
| source: "./Caddyfile" | |
| target: /home/${{ vars.VM_USERNAME }} | |
| - name: SSH to VM and Execute Docker-Compose Up | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ vars.VM_HOST }} | |
| username: ${{ vars.VM_USERNAME }} | |
| key: ${{ secrets.VM_SSH_PRIVATE_KEY }} | |
| proxy_host: ${{ vars.DEPLOYMENT_GATEWAY_HOST }} | |
| proxy_username: ${{ vars.DEPLOYMENT_GATEWAY_USER }} | |
| proxy_key: ${{ secrets.DEPLOYMENT_GATEWAY_SSH_KEY }} | |
| proxy_port: ${{ vars.DEPLOYMENT_GATEWAY_PORT }} | |
| script: | | |
| docker compose -f docker-compose.prod.yml --env-file=.env.prod up --pull=always -d |