Add configuration json to deploy job #10
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # vim: set colorcolumn=: | |
| name: deployment | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| env: | |
| PHP_VERSION: '8.1' | |
| permissions: | |
| contents: read | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Update apt cache | |
| run: sudo apt-get update | |
| - name: Install PHP ${{ env.PHP_VERSION }} | |
| run: sudo apt-get install php${{ env.PHP_VERSION }}-cli | |
| - name: Validate composer.json and composer.lock | |
| run: composer validate --strict | |
| - name: Cache Composer packages | |
| id: composer-cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: lib | |
| key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }} | |
| restore-keys: | | |
| ${{ runner.os }}-php- | |
| - name: Install composer/vendor dependencies | |
| run: composer install --prefer-dist --no-progress --ignore-platform-reqs | |
| - name: Validate PHP syntax | |
| run: bash -c 'set -e;for file in $(find ./src -type f -regex ".*\.\(php\|phtml\)" -print); do php -e -l -f "$file"; done' | |
| - name: Sanitize Branch Name | |
| run: | | |
| CLEAN_BRANCH_NAME="${GITHUB_REF_NAME//\//_}" | |
| echo "CLEAN_BRANCH_NAME=${CLEAN_BRANCH_NAME}" >> $GITHUB_ENV | |
| - name: Create Config | |
| env: | |
| WEB_CONFIG_JSON: ${{ secrets.WEB_CONFIG_JSON }} | |
| run: | | |
| echo "${WEB_CONFIG_JSON}" > ./etc/config.phoenix.json | |
| - name: Compress Artifacts | |
| run: zip -r ${{ env.CLEAN_BRANCH_NAME }}.zip . | |
| - name: Deploy to Remote | |
| env: | |
| SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }} | |
| SSH_HOST: ${{ secrets.SSH_HOST }} | |
| SSH_PORT: ${{ secrets.SSH_PORT }} | |
| SSH_USER: ${{ secrets.SSH_USER }} | |
| SSH_KEY: ${{ secrets.SSH_KEY }} # SSH private key stored as a GitHub secret | |
| SSH_WEB_PATH: ${{ secrets.SSH_WEB_PATH }} | |
| run: | | |
| #!/usr/bin/env bash | |
| set -ex -o pipefail | |
| # Setup SSH directory, known hosts, and private key | |
| mkdir -pv "${HOME}/.ssh" | |
| echo "${SSH_KNOWN_HOSTS}" > "${HOME}/.ssh/known_hosts" | |
| chmod -v 644 "${HOME}/.ssh/known_hosts" | |
| echo "${SSH_KEY}" > "${HOME}/.ssh/id_${SSH_USER}" | |
| chmod -v 400 "${HOME}/.ssh/id_${SSH_USER}" | |
| # Deploy artifact to the remote | |
| scp -i "${HOME}/.ssh/id_${SSH_USER}" -P "${SSH_PORT}" "${CLEAN_BRANCH_NAME}.zip" "${SSH_USER}@${SSH_HOST}:${SSH_WEB_PATH}/" | |
| # SSH to remote and process artifact | |
| ssh -i "${HOME}/.ssh/id_${SSH_USER}" -p "${SSH_PORT}" "${SSH_USER}@${SSH_HOST}" << EOF | |
| set -ex -o pipefail | |
| cd ${SSH_WEB_PATH}/ | |
| rm -rfv ./${CLEAN_BRANCH_NAME}/ | |
| mkdir -pv ./${CLEAN_BRANCH_NAME}/ | |
| mv -v ./${CLEAN_BRANCH_NAME}.zip ./${CLEAN_BRANCH_NAME}/ | |
| cd ./${CLEAN_BRANCH_NAME}/ | |
| unzip -o ./${CLEAN_BRANCH_NAME}.zip | |
| rm ./${CLEAN_BRANCH_NAME}.zip | |
| EOF | |
| # Cleanup the secret | |
| rm -fv "${HOME}/.ssh/id_${SSH_USER}" "${HOME}/.ssh/id_${SSH_USER}.pub" | |
| - name: Cleanup Config | |
| run: | | |
| rm -fv ./etc/config.phoenix.json |