mahmoudashraf.dev/.github/workflows/deploy.yml at a6f0b9da12de395e14ad4c27ed4eddc4b254c6c8 · mashrafdev/mahmoudashraf.dev · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
name: Deploy

on:
  workflow_run:
    workflows:
      - Build
    types:
      - completed
    branches:
      - master

permissions:
  contents: read

jobs:
  deploy:
    if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'push'
    runs-on: ubuntu-latest
    concurrency:
      group: production-deploy
      cancel-in-progress: true

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          ref: ${{ github.event.workflow_run.head_sha }}

      - name: Upload compose.yaml to VPS
        uses: appleboy/scp-action@v0.1.7
        with:
          host: ${{ secrets.VPS_HOST }}
          username: ${{ secrets.VPS_USER }}
          key: ${{ secrets.VPS_SSH_KEY }}
          port: ${{ secrets.VPS_PORT }}
          source: compose.yaml
          target: ${{ secrets.VPS_APP_DIR }}/

      - name: Deploy to VPS
        uses: appleboy/ssh-action@v1.2.0
        with:
          host: ${{ secrets.VPS_HOST }}
          username: ${{ secrets.VPS_USER }}
          key: ${{ secrets.VPS_SSH_KEY }}
          port: ${{ secrets.VPS_PORT }}
          script_stop: true
          script: |
            set -euo pipefail

            if [ -n "${{ secrets.GHCR_USERNAME }}" ] && [ -n "${{ secrets.GHCR_TOKEN }}" ]; then
              echo "${{ secrets.GHCR_TOKEN }}" | docker login ghcr.io -u "${{ secrets.GHCR_USERNAME }}" --password-stdin
            fi

            cd "${{ secrets.VPS_APP_DIR }}"
            IMAGE_TAG="sha-${{ github.event.workflow_run.head_sha }}"
            printf 'IMAGE_TAG=%s\n' "$IMAGE_TAG" > .env.deploy
            export IMAGE_TAG

            docker compose pull
            docker compose up -d
            docker compose ps