-
Notifications
You must be signed in to change notification settings - Fork 8
57 lines (51 loc) · 2.36 KB
/
deploy_dev.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
name: Build and deploy a PR on dev.iscsc.fr
on:
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
# Allows
pull_request:
jobs:
# Build job
build-and-deploy-dev:
runs-on: ubuntu-latest
# Force to respect the 'dev-deployment' environment rules, in our case 1 maintainer approval
env:
SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
steps:
- name: Debug
run: |
echo "GH_TOKEN (env): ${{ env.GH_TOKEN }}"
echo "GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}"
echo "CI_USER_NAME: ${{ secrets.CI_USER_NAME }}"
echo "TEST_EMPTY_SECRET:${{ secrets.TEST_EMPTY_SECRET }}"
echo "TEST_ORG_SECRET: ${{ secrets.TEST_ORG_SECRET }}"
echo "TEST_REPO_SECRET: ${{ secrets.TEST_REPO_SECRET }}"
echo "TEST_ENV_SECRET: ${{ secrets.TEST_ENV_SECRET }}"
# Checkout repo AND ITS SUBMODULES
- name: 🛒 Checkout
uses: actions/checkout@v3
with:
submodules: recursive
# Build the static website with the provided docker-compose rules, overriding environment variables to build to /build/blog/dev
# Note: /!\ we do not override HUGO_ENV or HUGO_ENVIRONMENT, this is done on purpose to avoid triggering themes' behavior which
# are not intended for production and could present security risks
- name: 🛠️ Build with HUGO
run: |
docker compose run -v ./build/blog/dev:/build/blog:rw builder --logLevel info --baseURL="https://dev.iscsc.fr" --buildFuture
# Create the SSH key file and fill the known_hosts to avoid a prompt from ssh (1st time connecting to remote host)
- name: 🔐 Create Key File
run: |
mkdir ~/.ssh
touch ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
- name: 🔐 Load Host Keys
run: |
echo "${{ env.SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts
- name: 🔑 Populate Key
run: |
echo "${{ secrets.PRIVATE_SSH_KEY }}" > ~/.ssh/id_rsa
# Upload the build to the remote server location: the volume shared by the nginx container serving http requests
- name: 🚀 Upload
run: |
rsync --archive --stats --verbose --delete ./build/blog/dev/* ${{ secrets.CI_USER_NAME }}@iscsc.fr:${{ secrets.REPO_PATH_ON_REMOTE }}/build/blog/dev