mirror of
https://github.com/layer-systems/relay.git
synced 2026-06-04 09:31:15 +02:00
63 lines
1.6 KiB
YAML
63 lines
1.6 KiB
YAML
name: Deploy to Production Server
|
|
|
|
on:
|
|
push:
|
|
branches: [ "main" ]
|
|
workflow_dispatch:
|
|
|
|
concurrency:
|
|
group: deploy-production
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
deploy:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout (not strictly required for remote pull, but useful for metadata)
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Start SSH agent and add key
|
|
uses: webfactory/ssh-agent@v0.9.0
|
|
with:
|
|
ssh-private-key: ${{ secrets.VPS_SSH_KEY }}
|
|
|
|
# - name: Add known_hosts (recommended)
|
|
# if: ${{ secrets.VPS_KNOWN_HOSTS != '' }}
|
|
# run: |
|
|
# mkdir -p ~/.ssh
|
|
# chmod 700 ~/.ssh
|
|
# echo "${{ secrets.VPS_KNOWN_HOSTS }}" >> ~/.ssh/known_hosts
|
|
# chmod 644 ~/.ssh/known_hosts
|
|
|
|
- name: Deploy via SSH
|
|
env:
|
|
HOST: ${{ secrets.VPS_HOST }}
|
|
USER: ${{ secrets.VPS_USER }}
|
|
PORT: ${{ secrets.VPS_PORT }}
|
|
run: |
|
|
ssh -p "${PORT:-22}" -o StrictHostKeyChecking=accept-new "${USER}@${HOST}" << 'EOF'
|
|
set -euo pipefail
|
|
|
|
APP_DIR="/root/relay"
|
|
|
|
cd "$APP_DIR"
|
|
|
|
# ensure we're on the right branch, clean, and updated
|
|
git fetch --prune
|
|
git checkout main
|
|
git reset --hard origin/main
|
|
|
|
# pull images (if using remote images), then apply updates
|
|
docker compose pull
|
|
|
|
# stop existing services to release resources
|
|
# docker compose down
|
|
|
|
# bring up updated services
|
|
docker compose up -d --build --remove-orphans
|
|
|
|
# optional cleanup
|
|
docker image prune -f
|
|
EOF
|