-
Notifications
You must be signed in to change notification settings - Fork 6
40 lines (37 loc) · 1.79 KB
/
deploy.yml
File metadata and controls
40 lines (37 loc) · 1.79 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
name: Deploy production
on:
push:
branches:
- main
jobs:
build:
name: Build image
runs-on: ubuntu-latest
permissions:
packages: write
contents: read
steps:
- uses: actions/checkout@main
- run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
- run: docker build -t ghcr.io/basepaint/basepaint-ponder:latest -t ghcr.io/basepaint/basepaint-ponder:$GITHUB_SHA .
- run: docker image push ghcr.io/basepaint/basepaint-ponder:$GITHUB_SHA
- run: docker image push ghcr.io/basepaint/basepaint-ponder:latest
deploy:
name: Deploy
runs-on: ubuntu-latest
needs: build
env:
SSH_KEY_PATH: /tmp/ssh_key
steps:
- name: Checkout
uses: actions/checkout@main
- name: Make envfile
run: export | grep "secret_" | sed "s/declare -x secret_//" > .env
env:
secret_PONDER_RPC_URLS_8453: ${{ secrets.PONDER_RPC_URLS_8453 }}
secret_POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
- run: echo "GITHUB_SHA=$GITHUB_SHA" >> .env
- run: echo "${{ secrets.PRODUCTION_SSH_KEY }}" > ${{ env.SSH_KEY_PATH }} && chmod 600 ${{ env.SSH_KEY_PATH }}
- run: scp -o StrictHostKeyChecking=no -i ${{ env.SSH_KEY_PATH }} .env ${{ secrets.PRODUCTION_SSH_USERNAME }}@${{ secrets.PRODUCTION_SSH_HOST }}:.env
- run: scp -o StrictHostKeyChecking=no -i ${{ env.SSH_KEY_PATH }} docker-compose.prod.yml ${{ secrets.PRODUCTION_SSH_USERNAME }}@${{ secrets.PRODUCTION_SSH_HOST }}:docker-compose.yml
- run: ssh -i ${{ env.SSH_KEY_PATH }} ${{ secrets.PRODUCTION_SSH_USERNAME }}@${{ secrets.PRODUCTION_SSH_HOST }} "docker login ghcr.io -u $GITHUB_ACTOR -p ${{ secrets.GITHUB_TOKEN }} && docker pull ghcr.io/basepaint/basepaint-ponder:$GITHUB_SHA && docker compose up -d"