Deploy to remote server #5
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to remote server | |
| on: | |
| push: | |
| branches: | |
| - main | |
| paths: | |
| - 'compose.yml' | |
| - 'compose.yaml' | |
| workflow_dispatch: | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Setup | Checkout | |
| uses: actions/checkout@v4 | |
| - name: Setup | SSH config | |
| env: | |
| SSH_HOST: ${{ secrets.SSH_HOST }} | |
| SSH_PORT: ${{ secrets.SSH_PORT }} | |
| SSH_USER: ${{ secrets.SSH_USER }} | |
| SSH_KEY: ${{ secrets.SSH_KEY }} | |
| SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }} | |
| run: | | |
| umask 077 | |
| mkdir -p ~/.ssh | |
| echo "$SSH_KEY" > ~/.ssh/id_remote | |
| cat << EOF > ~/.ssh/config | |
| Host remote | |
| HostName $SSH_HOST | |
| User $SSH_USER | |
| Port $SSH_PORT | |
| IdentityFile ~/.ssh/id_remote | |
| EOF | |
| echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts | |
| - name: Setup | PGP private key | |
| env: | |
| PGP_PRIVATE_KEY: ${{ secrets.PGP_PRIVATE_KEY }} | |
| run: gpg --quiet --batch --yes --import <(echo "$PGP_PRIVATE_KEY") | |
| - name: Setup | Docker context | |
| run: docker context create remote --docker "host=ssh://remote" | |
| - name: Deploy | Docker compose | |
| run: | | |
| find . -name compose.yml -type f -maxdepth 2 -print0 | while IFS= read -r -d '' compose_file; do | |
| workdir=$(dirname "$compose_file") | |
| cd "$workdir" | |
| stack_name=$(basename "$workdir") | |
| echo "Deploying $stack_name" | |
| find . -name '*.secret' -type f -print0 | while IFS= read -r -d '' secret_file; do | |
| echo "Decrypting $secret_file" | |
| gpg --quiet --batch --yes --decrypt --output "${secret_file%.*}" "$secret_file" | |
| done | |
| docker --context remote stack deploy -c compose.yml "$stack_name" | |
| cd - | |
| done |