feat(ci): homelab deploy

[duyet]

Summary by Sourcery

This pull request introduces a new GitHub Actions workflow for deploying to a homelab environment. The workflow includes steps for setting up Tailscale, adding an SSH key, and executing remote commands to build the project and restart a service.

• CI:
  • Added a new GitHub Actions workflow for deploying to a homelab environment. The workflow triggers on pushes to the main branch, releases, pull requests, and manual dispatches. It includes steps for setting up Tailscale, adding an SSH key, and executing remote commands to build the project and restart a service.

[vercel]

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name	Status	Preview	Comments	Updated (UTC)
clickhouse-monitoring	✅ Ready (Inspect)	Visit Preview	💬 Add feedback	Jul 29, 2024 7:28am

[sourcery-ai]

Reviewer's Guide by Sourcery

This pull request introduces a new GitHub Actions workflow for deploying to a homelab environment. The workflow is triggered on various events including pushes to the main branch, releases, pull requests, and manual dispatches. It uses Tailscale for secure network access and SSH for executing build and service restart commands on the remote machine.

File-Level Changes

Files	Changes
.github/workflows/homelab.yml	Introduced a new CI workflow for deploying to a homelab environment using GitHub Actions, Tailscale for secure access, and SSH for remote command execution.

---

Tips

• Trigger a new Sourcery review by commenting @sourcery-ai review on the pull request.
• Continue your discussion with Sourcery by replying directly to review comments.
• You can change your review settings at any time by accessing your dashboard:
  • Enable or disable the Sourcery-generated pull request summary or reviewer's guide;
  • Change the review language;
• You can always contact us if you have any questions or feedback.

[sourcery-ai]

Hey @duyet - I've reviewed your changes and they look great!

Here's what I looked at during the review

• 🟡 General issues: 1 issue found
• 🟡 Security: 2 issues found
• 🟢 Testing: all looks good
• 🟢 Complexity: all looks good
• 🟢 Documentation: all looks good

---

Sourcery is free for open source - if you like our reviews please consider sharing them ✨

• X
• Mastodon
• LinkedIn
• Facebook

_{Help me be more useful! Please click 👍 or 👎 on each comment to tell me if it was helpful.}

[sourcery-ai]

🚨 suggestion (security): Consider limiting the scope of the id-token permission.

The 'id-token: write' permission is quite powerful and should be used with caution. If possible, consider limiting its scope to only the necessary actions to minimize security risks.

Suggested change

	id-token: write
	permissions:
	contents: read
	id-token: write:actions

[sourcery-ai]

issue: Check for potential issues with IPv6-only addresses.

The use of 'tailscale ip -6' assumes that the machine has an IPv6 address. If the machine does not have an IPv6 address, this could cause issues. Consider adding a fallback to IPv4 or handling the case where an IPv6 address is not available.

[sourcery-ai]

🚨 suggestion (security): Consider using a more secure method for SSH key management.

Storing the SSH key in a file and using it directly can be risky. Consider using an SSH agent or another secure method to manage the SSH key.

Suggested change

	ssh -i ~/.ssh/key "github@$MACHINE_IP" "NODE_VERSION=v22.5.1 /home/duyet/.nvm/nvm-exec yarn build"
	eval "$(ssh-agent -s)"
	ssh-add ~/.ssh/key
	ssh "github@$MACHINE_IP" "NODE_VERSION=v22.5.1 /home/duyet/.nvm/nvm-exec yarn build"