38b486ab2c
Some checks failed
Build and Deploy Container / build_and_deploy (push) Failing after 19s
115 lines
4.3 KiB
YAML
115 lines
4.3 KiB
YAML
name: Build and Deploy Container
|
|
|
|
env:
|
|
TARGET_HOST: www.valtrix.systems
|
|
TARGET_USER: traefik
|
|
APP_DIR: /home/traefik/valtrix-website
|
|
CONTAINER_NAME: valtrix-website
|
|
QUADLET_FILE: valtrix-website.container
|
|
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
|
|
SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
- develop
|
|
|
|
jobs:
|
|
build_and_deploy:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Pre-clean Git global config (avoid https→ssh rewrite)
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
git --version || true
|
|
echo "Global git config before:" || true
|
|
git config --global --list || true
|
|
# Remove any url.*.insteadof rules that force SSH for gitea.smb-corp.de
|
|
for key in $(git config --global --get-regexp '^url\\..*\\.insteadof$' 2>/dev/null | awk '{print $1}'); do
|
|
if echo "$key" | grep -qi 'gitea\\.smb-corp\\.de'; then
|
|
echo "Removing global mapping: $key"
|
|
git config --global --unset-all "$key" || true
|
|
fi
|
|
done
|
|
# Ensure no global sshCommand forces SSH
|
|
git config --global --unset-all core.sshCommand || true
|
|
echo "Global git config after:" || true
|
|
git config --global --list || true
|
|
- name: Setup SSH for git/scp/rsync
|
|
shell: bash
|
|
run: |
|
|
install -m 700 -d ~/.ssh
|
|
printf "%s\n" "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
|
|
chmod 600 ~/.ssh/id_ed25519
|
|
printf "%s\n" "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts || true
|
|
chmod 644 ~/.ssh/known_hosts
|
|
# Ensure host keys are present to avoid interactive prompts
|
|
(ssh-keygen -F "$TARGET_HOST" >/dev/null || ssh-keyscan -H "$TARGET_HOST" >> ~/.ssh/known_hosts) || true
|
|
(ssh-keygen -F gitea.smb-corp.de >/dev/null || ssh-keyscan -H gitea.smb-corp.de >> ~/.ssh/known_hosts) || true
|
|
|
|
- name: Checkout Repository
|
|
uses: actions/checkout@v4
|
|
- name: Deploy via SSH (only required files)
|
|
shell: bash
|
|
run: |
|
|
# Ensure target dir exists
|
|
ssh $TARGET_USER@$TARGET_HOST "mkdir -p $APP_DIR"
|
|
|
|
# If rsync available both locally and remotely, use it with include/exclude for minimal sync
|
|
if command -v rsync >/dev/null 2>&1 && ssh $TARGET_USER@$TARGET_HOST 'command -v rsync >/dev/null 2>&1'; then
|
|
rsync -az --delete \
|
|
--prune-empty-dirs \
|
|
--include '/astro.config.mjs' \
|
|
--include '/package.json' \
|
|
--include '/package-lock.json' \
|
|
--include '/postcss.config.js' \
|
|
--include '/tailwind.config.js' \
|
|
--include '/server.mjs' \
|
|
--include '/Containerfile' \
|
|
--include '/public/***' \
|
|
--include '/src/***' \
|
|
--exclude '/.git/***' \
|
|
--exclude '/.gitea/***' \
|
|
--exclude '/deploy/***' \
|
|
--exclude '/node_modules/***' \
|
|
--exclude '/dist/***' \
|
|
--exclude '*' \
|
|
./ $TARGET_USER@$TARGET_HOST:$APP_DIR/
|
|
else
|
|
echo "rsync not available, using tar-over-ssh fallback with minimal set"
|
|
tar -czf - \
|
|
astro.config.mjs \
|
|
package.json \
|
|
package-lock.json \
|
|
postcss.config.js \
|
|
tailwind.config.js \
|
|
server.mjs \
|
|
Containerfile \
|
|
public \
|
|
src \
|
|
| ssh $TARGET_USER@$TARGET_HOST "tar -xzf - -C $APP_DIR"
|
|
fi
|
|
|
|
- name: Build container on target host
|
|
run: |
|
|
ssh $TARGET_USER@$TARGET_HOST '
|
|
cd $APP_DIR
|
|
podman build -t $CONTAINER_NAME:latest .
|
|
'
|
|
|
|
- name: Backup Quadlet file
|
|
run: |
|
|
ssh $TARGET_USER@$TARGET_HOST '
|
|
test -f ~/.config/containers/systemd/$CONTAINER_NAME.container && \
|
|
cp ~/.config/containers/systemd/$CONTAINER_NAME.container ~/.config/containers/systemd/$CONTAINER_NAME.container.bak || true
|
|
'
|
|
|
|
- name: Replace Quadlet file
|
|
run: |
|
|
scp ./$QUADLET_FILE $TARGET_USER@$TARGET_HOST:~/.config/containers/systemd/
|
|
ssh $TARGET_USER@$TARGET_HOST '
|
|
systemctl --user daemon-reload
|
|
systemctl --user restart $CONTAINER_NAME.service
|
|
' |