name: Deploy on: push: branches: [main] jobs: deploy: runs-on: ubuntu-latest steps: - name: Install SSH client run: | set -e if command -v apk >/dev/null 2>&1; then apk add --no-cache openssh-client git bash elif command -v apt-get >/dev/null 2>&1; then apt-get update apt-get install -y openssh-client git bash elif command -v dnf >/dev/null 2>&1; then dnf install -y openssh-clients git bash elif command -v yum >/dev/null 2>&1; then yum install -y openssh-clients git bash else echo "No supported package manager found" exit 1 fi - name: Run deploy env: SSH_KEY: ${{ secrets.SSH_KEY }} SSH_USER: ${{ vars.SSH_USER }} SSH_IP: ${{ vars.SSH_IP }} GIT_USER: ${{ vars.GIT_USER }} GIT_TOKEN: ${{ secrets.GIT_TOKEN }} APP_DIR: /home/deploy/my-app GIT_REPO: Jakach/my-app.git GIT_BRANCH: main run: | cat > deploy.sh <<'EOF' #!/usr/bin/env bash set -Eeuo pipefail : "${SSH_KEY:?SSH_KEY is required}" : "${SSH_USER:?SSH_USER is required}" : "${SSH_IP:?SSH_IP is required}" : "${GIT_USER:?GIT_USER is required}" : "${GIT_TOKEN:?GIT_TOKEN is required}" APP_DIR="/srv/systems/jakach-logging" GIT_HOST="${GIT_HOST:-git.jakach.ch}" GIT_REPO="jakach/jakach-logging.git" GIT_BRANCH="${GIT_BRANCH:-main}" mkdir -p ~/.ssh chmod 700 ~/.ssh printf '%s\n' "$SSH_KEY" | tr -d '\r' > ~/.ssh/deploy_key chmod 600 ~/.ssh/deploy_key ssh-keyscan -H "$SSH_IP" >> ~/.ssh/known_hosts 2>/dev/null || true ssh -i ~/.ssh/deploy_key \ -o StrictHostKeyChecking=yes \ -o IdentitiesOnly=yes \ "$SSH_USER@$SSH_IP" \ "export APP_DIR='$APP_DIR' GIT_HOST='$GIT_HOST' GIT_REPO='$GIT_REPO' GIT_BRANCH='$GIT_BRANCH' GIT_USER='$GIT_USER' GIT_TOKEN='$GIT_TOKEN'; bash -s" <<'REMOTE' set -Eeuo pipefail cd "$APP_DIR" git remote set-url origin "https://${GIT_USER}:${GIT_TOKEN}@${GIT_HOST}/${GIT_REPO}" git fetch origin "$GIT_BRANCH" git checkout "$GIT_BRANCH" git pull origin "$GIT_BRANCH" docker compose down docker compose up -d --build REMOTE EOF chmod +x deploy.sh ./deploy.sh