badbl0cks
1fbcbf772a
All checks were successful
Build And Deploy / build-and-deploy (push) Successful in 1m22s
Add WireGuard-related env variables to .env.example (addresses, keys, endpoint, DNS) Resolve WIREGUARD_ENDPOINT_HOST to WIREGUARD_ENDPOINT_IP in cicd/scripts/deploy.sh and write it to .env, failing if unresolved Un-comment and enable the wireguard service in docker-compose.yml Remove an obsolete commented workflow snippet
72 lines
3 KiB
YAML
72 lines
3 KiB
YAML
name: Build And Deploy
|
|
on:
|
|
push:
|
|
branches:
|
|
- main
|
|
|
|
jobs:
|
|
build-and-deploy:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Install dependencies
|
|
run: |
|
|
apt-get update && apt-get install gettext dnsutils iputils-ping -y
|
|
- name: Check out repository
|
|
uses: actions/checkout@v4
|
|
- name: Substitute environment variables in .env.example and write to .env
|
|
env:
|
|
CERTBOT_EMAIL: ${{secrets.CERTBOT_EMAIL}}
|
|
CLOUDFLARE_API_TOKEN: ${{secrets.CLOUDFLARE_API_TOKEN}}
|
|
ANDROID_SMS_GATEWAY_LOGIN: ${{secrets.ANDROID_SMS_GATEWAY_LOGIN}}
|
|
ANDROID_SMS_GATEWAY_PASSWORD: ${{secrets.ANDROID_SMS_GATEWAY_PASSWORD}}
|
|
ANDROID_SMS_GATEWAY_RECIPIENT_PHONE: ${{secrets.ANDROID_SMS_GATEWAY_RECIPIENT_PHONE}}
|
|
OTP_SUPER_SECRET_SALT: ${{secrets.OTP_SUPER_SECRET_SALT}}
|
|
SSH_USER: ${{secrets.SSH_USER}}
|
|
SSH_KNOWN_HOST: ${{secrets.SSH_KNOWN_HOST}}
|
|
ASTRO_DB_REMOTE_URL: ${{secrets.ASTRO_DB_REMOTE_URL}}
|
|
SSH_KEY: ${{secrets.SSH_KEY}}
|
|
WIREGUARD_PRIVATE_KEY: ${{secrets.WIREGUARD_PRIVATE_KEY}}
|
|
WIREGUARD_PUBLIC_KEY: ${{secrets.WIREGUARD_PUBLIC_KEY}}
|
|
DNS_SERVER: ${{vars.DNS_SERVER}}
|
|
DNS_ADDRESS: ${{vars.DNS_ADDRESS}}
|
|
DOMAIN: ${{vars.DOMAIN}}
|
|
PUBLIC_IP: ${{vars.PUBLIC_IP}}
|
|
ANDROID_SMS_GATEWAY_IP: ${{vars.ANDROID_SMS_GATEWAY_IP}}
|
|
ANDROID_SMS_GATEWAY_URL: ${{vars.ANDROID_SMS_GATEWAY_URL}}
|
|
IMAGE_FILENAME: ${{vars.IMAGE_FILENAME}}
|
|
IMAGE_NAME: ${{vars.IMAGE_NAME}}
|
|
SSH_PORT: ${{vars.SSH_PORT}}
|
|
SSH_HOST: ${{vars.SSH_HOST}}
|
|
WIREGUARD_ALLOWED_IPS: ${{vars.WIREGUARD_ALLOWED_IPS}}
|
|
WIREGUARD_ADDRESSES: ${{vars.WIREGUARD_ADDRESSES}}
|
|
WIREGUARD_ENDPOINT_HOST: ${{vars.WIREGUARD_ENDPOINT_HOST}}
|
|
WIREGUARD_ENDPOINT_PORT: ${{vars.WIREGUARD_ENDPOINT_PORT}}
|
|
HEALTH_TARGET_ADDRESSES: ${{vars.HEALTH_TARGET_ADDRESSES}}
|
|
HEALTH_ICMP_TARGET_IPS: ${{vars.HEALTH_ICMP_TARGET_IPS}}
|
|
VERSION_INFORMATION: ${{vars.VERSION_INFORMATION}}
|
|
PUBLICIP_ENABLED: ${{vars.PUBLICIP_ENABLED}}
|
|
run: |
|
|
envsubst < .env.example > .env
|
|
# - name: Export secrets and variables to $GITHUB_ENV
|
|
# env:
|
|
# SECRETS_CONTEXT: ${{ toJSON(secrets) }}
|
|
# VARS_CONTEXT: ${{ toJSON(vars) }}
|
|
# run: |
|
|
# EOF=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
|
|
# to_envs() { jq -r "to_entries[] | \"\(.key)<<$EOF\n\(.value)\n$EOF\n\""; }
|
|
# echo "$VARS_CONTEXT" | to_envs >> $GITHUB_ENV
|
|
# echo "$SECRETS_CONTEXT" | to_envs >> $GITHUB_ENV
|
|
# - name: Update .env with secrets and variables
|
|
# run: |
|
|
# envsubst < .env.example > .env
|
|
# cat .env
|
|
- name: Run build script
|
|
run: |
|
|
cd cicd/scripts
|
|
chmod +x ./build.sh
|
|
./build.sh
|
|
- name: Run deploy script
|
|
run: |
|
|
cd cicd/scripts
|
|
chmod +x ./deploy.sh
|
|
./deploy.sh
|