-
-
Notifications
You must be signed in to change notification settings - Fork 0
64 lines (55 loc) · 1.87 KB
/
deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
name: Deploy to remote server
on:
push:
branches:
- main
paths:
- '**/compose.yml'
- '**/compose.yaml'
- '**/.env.secret'
workflow_dispatch:
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Setup | Checkout
uses: actions/checkout@v4
- name: Setup | SSH config
env:
SSH_HOST: ${{ secrets.SSH_HOST }}
SSH_PORT: ${{ secrets.SSH_PORT }}
SSH_USER: ${{ secrets.SSH_USER }}
SSH_KEY: ${{ secrets.SSH_KEY }}
SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
run: |
umask 077
mkdir -p ~/.ssh
echo "$SSH_KEY" > ~/.ssh/id_remote
cat << EOF > ~/.ssh/config
Host remote
HostName $SSH_HOST
User $SSH_USER
Port $SSH_PORT
IdentityFile ~/.ssh/id_remote
EOF
echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
- name: Setup | PGP private key
env:
PGP_PRIVATE_KEY: ${{ secrets.PGP_PRIVATE_KEY }}
run: gpg --quiet --batch --yes --import <(echo "$PGP_PRIVATE_KEY")
- name: Setup | Docker context
run: docker context create remote --docker "host=ssh://remote"
- name: Deploy | Docker compose
run: |
find . -name compose.yml -type f -maxdepth 2 -print0 | while IFS= read -r -d '' compose_file; do
workdir=$(dirname "$compose_file")
cd "$workdir"
stack_name=$(basename "$workdir")
echo "Deploying $stack_name"
find . -name '*.secret' -type f -print0 | while IFS= read -r -d '' secret_file; do
echo "Decrypting $secret_file"
gpg --quiet --batch --yes --decrypt --output "${secret_file%.*}" "$secret_file"
done
docker --context remote stack deploy -c compose.yml "$stack_name"
cd -
done