From 0cceff876fd2f72171ab19c5a4cdc44471ec31e5 Mon Sep 17 00:00:00 2001 From: ctmbl Date: Sat, 27 Apr 2024 01:26:16 +0200 Subject: [PATCH 01/20] Add nginx config and docker updates for dev.iscsc.fr --- docker-compose.yml | 3 ++- nginx.conf | 30 +++++++++++++++++++++++++++--- 2 files changed, 29 insertions(+), 4 deletions(-) diff --git a/docker-compose.yml b/docker-compose.yml index 85235eb..461f4b7 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -25,7 +25,8 @@ services: - ./certbot/www:/var/www/certbot/:ro - ./certbot/conf/:/etc/nginx/ssl/:ro - ./nginx.conf:/etc/nginx/nginx.conf:ro - - ./build/blog:/blog:rw + - ./build/blog:/blog/prod:rw + - ./build/dev:/blog/dev:rw certbot: image: certbot/certbot:latest diff --git a/nginx.conf b/nginx.conf index d298048..1a90c3b 100644 --- a/nginx.conf +++ b/nginx.conf @@ -17,7 +17,7 @@ http { listen 80; listen [::]:80; - server_name www.iscsc.fr iscsc.fr; + server_name dev.iscsc.fr www.iscsc.fr iscsc.fr; location /.well-known/acme-challenge/ { root /var/www/certbot; @@ -28,17 +28,41 @@ http { } } + server { + listen 443 ssl; + listen [::]:443 ssl; + http2 on; + + server_name dev.iscsc.fr; + + ssl_certificate /etc/nginx/ssl/live/dev.iscsc.fr/fullchain.pem; + ssl_certificate_key /etc/nginx/ssl/live/dev.iscsc.fr/privkey.pem; + + root /blog/dev; #Absolute path to where your hugo site is + index index.html; # Hugo generates HTML + + location / { + try_files $uri $uri/ =404; + } + + # redirect server error pages to the static page /50x.html + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } + } + server { listen 443 default_server ssl http2; listen [::]:443 ssl http2; - server_name www.iscsc.fr iscsc.fr; + server_name iscsc.fr; ssl_certificate /etc/nginx/ssl/live/iscsc.fr/fullchain.pem; ssl_certificate_key /etc/nginx/ssl/live/iscsc.fr/privkey.pem; - root /blog; #Absolute path to where your hugo site is + root /blog/prod; #Absolute path to where your hugo site is index index.html; # Hugo generates HTML location / { From 6329850f8d5bcb1317e0bd7bb89261bb462132f7 Mon Sep 17 00:00:00 2001 From: ctmbl Date: Sat, 27 Apr 2024 02:00:12 +0200 Subject: [PATCH 02/20] Update build folder hierarchy: build/blog -> build/blog/prod --- .github/workflows/build_and_deploy.yml | 8 ++++---- README.md | 9 ++++----- docker-compose.yml | 6 ++++-- 3 files changed, 12 insertions(+), 11 deletions(-) diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml index a4f3aaf..2bd52d1 100644 --- a/.github/workflows/build_and_deploy.yml +++ b/.github/workflows/build_and_deploy.yml @@ -36,7 +36,7 @@ jobs: uses: actions/upload-artifact@v3 with: name: build - path: ./build/blog + path: ./build/blog/prod # Deployment job: heavily inspired from https://swharden.com/blog/2022-03-20-github-actions-hugo/ # /!\ only triggers on (push events AND non-fork repos) OR manually triggered @@ -60,12 +60,12 @@ jobs: steps: - name: 🛠️ Setup build directory run: | - mkdir -p build/blog + mkdir -p build/blog/prod - name: 📥 Download build Artifacts uses: actions/download-artifact@v3 with: name: build - path: build/blog + path: build/blog/prod # Create the SSH key file and fill the known_hosts to avoid a prompt from ssh (1st time connecting to remote host) - name: 🔐 Create Key File @@ -83,7 +83,7 @@ jobs: # Upload the build to the remote server location: the volume shared by the nginx container serving http requests - name: 🚀 Upload run: | - rsync --archive --stats --verbose --delete ./build/blog/* ${{ secrets.CI_USER_NAME }}@iscsc.fr:${{ secrets.REPO_PATH_ON_REMOTE }}/build/blog + rsync --archive --stats --verbose --delete ./build/blog/prod/* ${{ secrets.CI_USER_NAME }}@iscsc.fr:${{ secrets.REPO_PATH_ON_REMOTE }}/build/blog/prod - name: ⏬ Remote git pull run: | diff --git a/README.md b/README.md index 855004a..c6d6892 100644 --- a/README.md +++ b/README.md @@ -70,11 +70,11 @@ docker compose run --rm certbot renew #### Deploy the website itself -Create the blog directory, **it must be writable by users that will write to it: you, builder target, CI user...** +Create the blog/prod directory, **it must be writable by users that will write to it: you, builder target, CI user...** ```sh -mkdir build/blog +mkdir -p build/blog/prod chmod -chmown +chown ``` > you should check first the consistency of the server name (iscsc.fr/localhost) in those files: `nginx.conf`, ... @@ -87,8 +87,7 @@ docker compose up --detach blog > Note: before the next step make sure that when cloning the repository you also updated the git submodule! -Then builds the static website, `./build/blog` is a volume shared with both containers so -building the website will automatically "update" it for nginx. +Then builds the static website, `./build/blog/prod` is a volume shared with both containers so building the website will automatically "update" it for nginx. ```sh docker compose up builder ``` diff --git a/docker-compose.yml b/docker-compose.yml index 461f4b7..634c6dd 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -25,8 +25,10 @@ services: - ./certbot/www:/var/www/certbot/:ro - ./certbot/conf/:/etc/nginx/ssl/:ro - ./nginx.conf:/etc/nginx/nginx.conf:ro - - ./build/blog:/blog/prod:rw - - ./build/dev:/blog/dev:rw + # serves iscsc.fr ; + - ./build/blog/prod:/blog/prod:rw + # serves dev.iscsc.fr : + - ./build/blog/dev:/blog/dev:rw certbot: image: certbot/certbot:latest From a95b787c87bfb0a69f644c2871b698703ffd6c8e Mon Sep 17 00:00:00 2001 From: ctmbl Date: Fri, 3 May 2024 02:12:05 +0200 Subject: [PATCH 03/20] Add deploy dev wokflow: a github action to be manually deploy a PR to remote --- .github/workflows/deploy_dev.yml | 41 ++++++++++++++++++++++++++++++++ 1 file changed, 41 insertions(+) create mode 100644 .github/workflows/deploy_dev.yml diff --git a/.github/workflows/deploy_dev.yml b/.github/workflows/deploy_dev.yml new file mode 100644 index 0000000..0d65aa3 --- /dev/null +++ b/.github/workflows/deploy_dev.yml @@ -0,0 +1,41 @@ +name: Build and deploy a PR on dev.iscsc.fr + +on: + # Allows you to run this workflow manually from the Actions tab + workflow_dispatch: + +jobs: + # Build job + build-and-deploy-dev: + runs-on: ubuntu-latest + steps: + # Checkout repo AND ITS SUBMODULES + - name: 🛒 Checkout + uses: actions/checkout@v3 + with: + submodules: recursive + + # Build the static website with the provided docker-compose rules, overriding environment variables to build to /build/blog/dev + # Note: /!\ we do not override HUGO_ENV or HUGO_ENVIRONMENT, this is done on purpose to avoid triggering themes' behavior which + # are not intended for production and could present security risks + - name: 🛠️ Build with HUGO + run: | + docker compose -e HUGO_DESTINATION=/build/blog/dev up builder --exit-code-from builder + + # Create the SSH key file and fill the known_hosts to avoid a prompt from ssh (1st time connecting to remote host) + - name: 🔐 Create Key File + run: | + mkdir ~/.ssh + touch ~/.ssh/id_rsa + chmod 600 ~/.ssh/id_rsa + - name: 🔐 Load Host Keys + run: | + echo "${{ secrets.SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts + - name: 🔑 Populate Key + run: | + echo "${{ secrets.PRIVATE_SSH_KEY }}" > ~/.ssh/id_rsa + + # Upload the build to the remote server location: the volume shared by the nginx container serving http requests + - name: 🚀 Upload + run: | + rsync --archive --stats --verbose --delete ./build/blog/dev/* ${{ secrets.CI_USER_NAME }}@iscsc.fr:${{ secrets.REPO_PATH_ON_REMOTE }}/build/blog/dev From d0aca8c2957a0001fece84e50d231a713b2f920f Mon Sep 17 00:00:00 2001 From: ctmbl Date: Wed, 8 May 2024 13:10:10 +0200 Subject: [PATCH 04/20] Fix builder container volume on host: default to production --- docker-compose.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 634c6dd..1fa6df1 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -11,7 +11,9 @@ services: - HUGO_ENVIRONMENT=production volumes: - ./src:/src:rw - - ./build/blog:/build/blog:rw + # The container is mode-agnostique: it always builds in /build/blog + # the volume shared on the host side determines where it should go + - ./build/blog/prod:/build/blog:rw blog: build: From 62c4b80ca6d128a0f755deed09cab7ce1d7563de Mon Sep 17 00:00:00 2001 From: ctmbl Date: Wed, 8 May 2024 13:13:11 +0200 Subject: [PATCH 05/20] Name production build artifact --- .github/workflows/build_and_deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml index 2bd52d1..ce3a942 100644 --- a/.github/workflows/build_and_deploy.yml +++ b/.github/workflows/build_and_deploy.yml @@ -35,7 +35,7 @@ jobs: - name: 🚀 Upload Artifacts uses: actions/upload-artifact@v3 with: - name: build + name: prod-build path: ./build/blog/prod # Deployment job: heavily inspired from https://swharden.com/blog/2022-03-20-github-actions-hugo/ @@ -64,7 +64,7 @@ jobs: - name: 📥 Download build Artifacts uses: actions/download-artifact@v3 with: - name: build + name: prod-build path: build/blog/prod # Create the SSH key file and fill the known_hosts to avoid a prompt from ssh (1st time connecting to remote host) From f624bf619960248b4e3322666de5093d25659a7c Mon Sep 17 00:00:00 2001 From: ctmbl Date: Wed, 8 May 2024 14:53:30 +0200 Subject: [PATCH 06/20] Fix deploy_dev workflow URL and build location --- .github/workflows/deploy_dev.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy_dev.yml b/.github/workflows/deploy_dev.yml index 0d65aa3..9a14ad8 100644 --- a/.github/workflows/deploy_dev.yml +++ b/.github/workflows/deploy_dev.yml @@ -20,7 +20,7 @@ jobs: # are not intended for production and could present security risks - name: 🛠️ Build with HUGO run: | - docker compose -e HUGO_DESTINATION=/build/blog/dev up builder --exit-code-from builder + docker compose run -v ./build/blog/dev:/build/blog:rw builder --logLevel info --baseURL="https://dev.iscsc.fr" --buildFuture # Create the SSH key file and fill the known_hosts to avoid a prompt from ssh (1st time connecting to remote host) - name: 🔐 Create Key File From bc73f3d916af8335bf128d615423db1e766f4268 Mon Sep 17 00:00:00 2001 From: ctmbl Date: Fri, 17 May 2024 18:51:46 +0200 Subject: [PATCH 07/20] TO BE REVERTED: Add fake article to test the workflow --- src/content/posts/fake-new-article.md | 8 ++++++++ 1 file changed, 8 insertions(+) create mode 100644 src/content/posts/fake-new-article.md diff --git a/src/content/posts/fake-new-article.md b/src/content/posts/fake-new-article.md new file mode 100644 index 0000000..bb56985 --- /dev/null +++ b/src/content/posts/fake-new-article.md @@ -0,0 +1,8 @@ +--- +title: "Fake new article" +date: 2024-05-08T15:04:11+0200 +draft: false +tags: ["fake"] +--- + +Fake new article \ No newline at end of file From b45155a216baa86cb38f5bc1dcc620e946d9c043 Mon Sep 17 00:00:00 2001 From: ctmbl Date: Fri, 17 May 2024 18:55:00 +0200 Subject: [PATCH 08/20] Make deploy_dev workflow trigger on pull_request and need a maintainer approval --- .github/workflows/deploy_dev.yml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/.github/workflows/deploy_dev.yml b/.github/workflows/deploy_dev.yml index 9a14ad8..bd8cc45 100644 --- a/.github/workflows/deploy_dev.yml +++ b/.github/workflows/deploy_dev.yml @@ -4,10 +4,15 @@ on: # Allows you to run this workflow manually from the Actions tab workflow_dispatch: + # Allows + pull_request: + jobs: # Build job build-and-deploy-dev: runs-on: ubuntu-latest + # Force to respect the 'dev-deployment' environment rules, in our case 1 maintainer approval + environment: deployment-dev steps: # Checkout repo AND ITS SUBMODULES - name: 🛒 Checkout From ab53aefa566c66831703e095a580b47e4a2e97db Mon Sep 17 00:00:00 2001 From: ctmbl Date: Fri, 17 May 2024 20:01:14 +0200 Subject: [PATCH 09/20] Test passing secrets as environment variables --- .github/workflows/deploy_dev.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy_dev.yml b/.github/workflows/deploy_dev.yml index bd8cc45..3f4d10b 100644 --- a/.github/workflows/deploy_dev.yml +++ b/.github/workflows/deploy_dev.yml @@ -13,6 +13,8 @@ jobs: runs-on: ubuntu-latest # Force to respect the 'dev-deployment' environment rules, in our case 1 maintainer approval environment: deployment-dev + env: + SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }} steps: # Checkout repo AND ITS SUBMODULES - name: 🛒 Checkout @@ -35,7 +37,7 @@ jobs: chmod 600 ~/.ssh/id_rsa - name: 🔐 Load Host Keys run: | - echo "${{ secrets.SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts + echo "${{ env.SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts - name: 🔑 Populate Key run: | echo "${{ secrets.PRIVATE_SSH_KEY }}" > ~/.ssh/id_rsa From 776a3761e623d6d64d24bcaa7800c087cc1bdf4b Mon Sep 17 00:00:00 2001 From: ctmbl Date: Fri, 17 May 2024 20:57:19 +0200 Subject: [PATCH 10/20] TO BE REVERTED: Test without environment --- .github/workflows/deploy_dev.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/deploy_dev.yml b/.github/workflows/deploy_dev.yml index 3f4d10b..083db8d 100644 --- a/.github/workflows/deploy_dev.yml +++ b/.github/workflows/deploy_dev.yml @@ -12,7 +12,6 @@ jobs: build-and-deploy-dev: runs-on: ubuntu-latest # Force to respect the 'dev-deployment' environment rules, in our case 1 maintainer approval - environment: deployment-dev env: SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }} steps: From f5943ddb11957e1cde86279640c6df11c2818060 Mon Sep 17 00:00:00 2001 From: ctmbl Date: Fri, 17 May 2024 21:10:40 +0200 Subject: [PATCH 11/20] TO REVERT: Add Debug secrets step --- .github/workflows/deploy_dev.yml | 10 ++++++++++ 1 file changed, 10 insertions(+) diff --git a/.github/workflows/deploy_dev.yml b/.github/workflows/deploy_dev.yml index 083db8d..5aa7779 100644 --- a/.github/workflows/deploy_dev.yml +++ b/.github/workflows/deploy_dev.yml @@ -14,7 +14,17 @@ jobs: # Force to respect the 'dev-deployment' environment rules, in our case 1 maintainer approval env: SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: + - name: Debug + run: | + echo "GH_TOKEN (env): ${{ env.GH_TOKEN }}" + echo "GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}" + echo "CI_USER_NAME: ${{ secrets.CI_USER_NAME }}" + echo "TEST_EMPTY_SECRET:${{ secrets.TEST_EMPTY_SECRET }}" + echo "TEST_ORG_SECRET: ${{ secrets.TEST_ORG_SECRET }}" + echo "TEST_REPO_SECRET: ${{ secrets.TEST_REPO_SECRET }}" + echo "TEST_ENV_SECRET: ${{ secrets.TEST_ENV_SECRET }}" # Checkout repo AND ITS SUBMODULES - name: 🛒 Checkout uses: actions/checkout@v3 From 230656644c306b930211f608ef716d077080dc9f Mon Sep 17 00:00:00 2001 From: ctmbl Date: Fri, 17 May 2024 21:11:54 +0200 Subject: [PATCH 12/20] TO REVERT: Add Debug secrets step to existing workflows --- .github/workflows/build_and_deploy.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml index ce3a942..c87e5bc 100644 --- a/.github/workflows/build_and_deploy.yml +++ b/.github/workflows/build_and_deploy.yml @@ -20,6 +20,15 @@ jobs: build: runs-on: ubuntu-latest steps: + - name: Debug + run: | + echo "GH_TOKEN (env): ${{ env.GH_TOKEN }}" + echo "GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}" + echo "CI_USER_NAME: ${{ secrets.CI_USER_NAME }}" + echo "TEST_EMPTY_SECRET:${{ secrets.TEST_EMPTY_SECRET }}" + echo "TEST_ORG_SECRET: ${{ secrets.TEST_ORG_SECRET }}" + echo "TEST_REPO_SECRET: ${{ secrets.TEST_REPO_SECRET }}" + echo "TEST_ENV_SECRET: ${{ secrets.TEST_ENV_SECRET }}" # Checkout repo AND ITS SUBMODULES - name: 🛒 Checkout uses: actions/checkout@v3 From 1ec4ab1f595a91666905d957a8c44038e30b17d3 Mon Sep 17 00:00:00 2001 From: ctmbl Date: Fri, 17 May 2024 21:40:01 +0200 Subject: [PATCH 13/20] Revert "TO REVERT: Add Debug secrets step to existing workflows" This reverts commit 230656644c306b930211f608ef716d077080dc9f. --- .github/workflows/build_and_deploy.yml | 7 ------- 1 file changed, 7 deletions(-) diff --git a/.github/workflows/build_and_deploy.yml b/.github/workflows/build_and_deploy.yml index 0f9a88a..e0a6f06 100644 --- a/.github/workflows/build_and_deploy.yml +++ b/.github/workflows/build_and_deploy.yml @@ -22,13 +22,6 @@ jobs: steps: - name: Debug run: | - echo "GH_TOKEN (env): ${{ env.GH_TOKEN }}" - echo "GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}" - echo "CI_USER_NAME: ${{ secrets.CI_USER_NAME }}" - echo "TEST_EMPTY_SECRET:${{ secrets.TEST_EMPTY_SECRET }}" - echo "TEST_ORG_SECRET: ${{ secrets.TEST_ORG_SECRET }}" - echo "TEST_REPO_SECRET: ${{ secrets.TEST_REPO_SECRET }}" - echo "TEST_ENV_SECRET: ${{ secrets.TEST_ENV_SECRET }}" echo "github.event.repository.fork = ${{ github.event.repository.fork }}" echo "github.event_name = ${{ github.event_name }}" From a5c0b0653e1f61bd0f47923986a0cba2e9143ec2 Mon Sep 17 00:00:00 2001 From: ctmbl Date: Fri, 17 May 2024 21:40:03 +0200 Subject: [PATCH 14/20] Revert "TO REVERT: Add Debug secrets step" This reverts commit f5943ddb11957e1cde86279640c6df11c2818060. --- .github/workflows/deploy_dev.yml | 10 ---------- 1 file changed, 10 deletions(-) diff --git a/.github/workflows/deploy_dev.yml b/.github/workflows/deploy_dev.yml index 5aa7779..083db8d 100644 --- a/.github/workflows/deploy_dev.yml +++ b/.github/workflows/deploy_dev.yml @@ -14,17 +14,7 @@ jobs: # Force to respect the 'dev-deployment' environment rules, in our case 1 maintainer approval env: SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }} - GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} steps: - - name: Debug - run: | - echo "GH_TOKEN (env): ${{ env.GH_TOKEN }}" - echo "GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}" - echo "CI_USER_NAME: ${{ secrets.CI_USER_NAME }}" - echo "TEST_EMPTY_SECRET:${{ secrets.TEST_EMPTY_SECRET }}" - echo "TEST_ORG_SECRET: ${{ secrets.TEST_ORG_SECRET }}" - echo "TEST_REPO_SECRET: ${{ secrets.TEST_REPO_SECRET }}" - echo "TEST_ENV_SECRET: ${{ secrets.TEST_ENV_SECRET }}" # Checkout repo AND ITS SUBMODULES - name: 🛒 Checkout uses: actions/checkout@v3 From 2cfb34a0a4b8c89ca1ebdee6df945861103526d9 Mon Sep 17 00:00:00 2001 From: ctmbl Date: Fri, 17 May 2024 21:40:04 +0200 Subject: [PATCH 15/20] Revert "TO BE REVERTED: Test without environment" This reverts commit 776a3761e623d6d64d24bcaa7800c087cc1bdf4b. --- .github/workflows/deploy_dev.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/deploy_dev.yml b/.github/workflows/deploy_dev.yml index 083db8d..3f4d10b 100644 --- a/.github/workflows/deploy_dev.yml +++ b/.github/workflows/deploy_dev.yml @@ -12,6 +12,7 @@ jobs: build-and-deploy-dev: runs-on: ubuntu-latest # Force to respect the 'dev-deployment' environment rules, in our case 1 maintainer approval + environment: deployment-dev env: SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }} steps: From 30904a8af62097ef07b1cb2f2097c6473662474d Mon Sep 17 00:00:00 2001 From: ctmbl Date: Fri, 17 May 2024 21:40:05 +0200 Subject: [PATCH 16/20] Revert "Test passing secrets as environment variables" This reverts commit ab53aefa566c66831703e095a580b47e4a2e97db. --- .github/workflows/deploy_dev.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/deploy_dev.yml b/.github/workflows/deploy_dev.yml index 3f4d10b..bd8cc45 100644 --- a/.github/workflows/deploy_dev.yml +++ b/.github/workflows/deploy_dev.yml @@ -13,8 +13,6 @@ jobs: runs-on: ubuntu-latest # Force to respect the 'dev-deployment' environment rules, in our case 1 maintainer approval environment: deployment-dev - env: - SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }} steps: # Checkout repo AND ITS SUBMODULES - name: 🛒 Checkout @@ -37,7 +35,7 @@ jobs: chmod 600 ~/.ssh/id_rsa - name: 🔐 Load Host Keys run: | - echo "${{ env.SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts + echo "${{ secrets.SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts - name: 🔑 Populate Key run: | echo "${{ secrets.PRIVATE_SSH_KEY }}" > ~/.ssh/id_rsa From a2467a3317d4c5de97b2831c5bd0084084bc32d5 Mon Sep 17 00:00:00 2001 From: ctmbl Date: Fri, 17 May 2024 22:04:07 +0200 Subject: [PATCH 17/20] Revert "Make deploy_dev workflow trigger on pull_request and need a maintainer approval" This reverts commit b45155a216baa86cb38f5bc1dcc620e946d9c043. --- .github/workflows/deploy_dev.yml | 5 ----- 1 file changed, 5 deletions(-) diff --git a/.github/workflows/deploy_dev.yml b/.github/workflows/deploy_dev.yml index bd8cc45..9a14ad8 100644 --- a/.github/workflows/deploy_dev.yml +++ b/.github/workflows/deploy_dev.yml @@ -4,15 +4,10 @@ on: # Allows you to run this workflow manually from the Actions tab workflow_dispatch: - # Allows - pull_request: - jobs: # Build job build-and-deploy-dev: runs-on: ubuntu-latest - # Force to respect the 'dev-deployment' environment rules, in our case 1 maintainer approval - environment: deployment-dev steps: # Checkout repo AND ITS SUBMODULES - name: 🛒 Checkout From 28292d1d5ef7f711e9fecc6ed36f5e1d0c40640b Mon Sep 17 00:00:00 2001 From: ctmbl Date: Fri, 17 May 2024 22:04:32 +0200 Subject: [PATCH 18/20] Revert "TO BE REVERTED: Add fake article to test the workflow" This reverts commit bc73f3d916af8335bf128d615423db1e766f4268. --- src/content/posts/fake-new-article.md | 8 -------- 1 file changed, 8 deletions(-) delete mode 100644 src/content/posts/fake-new-article.md diff --git a/src/content/posts/fake-new-article.md b/src/content/posts/fake-new-article.md deleted file mode 100644 index bb56985..0000000 --- a/src/content/posts/fake-new-article.md +++ /dev/null @@ -1,8 +0,0 @@ ---- -title: "Fake new article" -date: 2024-05-08T15:04:11+0200 -draft: false -tags: ["fake"] ---- - -Fake new article \ No newline at end of file From caa1d5deb4e179c56498068bb713ed32786103ab Mon Sep 17 00:00:00 2001 From: ctmbl Date: Fri, 17 May 2024 22:05:02 +0200 Subject: [PATCH 19/20] Revert "Fix deploy_dev workflow URL and build location" This reverts commit f624bf619960248b4e3322666de5093d25659a7c. --- .github/workflows/deploy_dev.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy_dev.yml b/.github/workflows/deploy_dev.yml index 9a14ad8..0d65aa3 100644 --- a/.github/workflows/deploy_dev.yml +++ b/.github/workflows/deploy_dev.yml @@ -20,7 +20,7 @@ jobs: # are not intended for production and could present security risks - name: 🛠️ Build with HUGO run: | - docker compose run -v ./build/blog/dev:/build/blog:rw builder --logLevel info --baseURL="https://dev.iscsc.fr" --buildFuture + docker compose -e HUGO_DESTINATION=/build/blog/dev up builder --exit-code-from builder # Create the SSH key file and fill the known_hosts to avoid a prompt from ssh (1st time connecting to remote host) - name: 🔐 Create Key File From 9770cfd2d583948f738e349c92bab68faf41dd19 Mon Sep 17 00:00:00 2001 From: ctmbl Date: Fri, 17 May 2024 22:06:01 +0200 Subject: [PATCH 20/20] Revert "Add deploy dev wokflow: a github action to be manually deploy a PR to remote" This reverts commit a95b787c87bfb0a69f644c2871b698703ffd6c8e. --- .github/workflows/deploy_dev.yml | 41 -------------------------------- 1 file changed, 41 deletions(-) delete mode 100644 .github/workflows/deploy_dev.yml diff --git a/.github/workflows/deploy_dev.yml b/.github/workflows/deploy_dev.yml deleted file mode 100644 index 0d65aa3..0000000 --- a/.github/workflows/deploy_dev.yml +++ /dev/null @@ -1,41 +0,0 @@ -name: Build and deploy a PR on dev.iscsc.fr - -on: - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: - -jobs: - # Build job - build-and-deploy-dev: - runs-on: ubuntu-latest - steps: - # Checkout repo AND ITS SUBMODULES - - name: 🛒 Checkout - uses: actions/checkout@v3 - with: - submodules: recursive - - # Build the static website with the provided docker-compose rules, overriding environment variables to build to /build/blog/dev - # Note: /!\ we do not override HUGO_ENV or HUGO_ENVIRONMENT, this is done on purpose to avoid triggering themes' behavior which - # are not intended for production and could present security risks - - name: 🛠️ Build with HUGO - run: | - docker compose -e HUGO_DESTINATION=/build/blog/dev up builder --exit-code-from builder - - # Create the SSH key file and fill the known_hosts to avoid a prompt from ssh (1st time connecting to remote host) - - name: 🔐 Create Key File - run: | - mkdir ~/.ssh - touch ~/.ssh/id_rsa - chmod 600 ~/.ssh/id_rsa - - name: 🔐 Load Host Keys - run: | - echo "${{ secrets.SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts - - name: 🔑 Populate Key - run: | - echo "${{ secrets.PRIVATE_SSH_KEY }}" > ~/.ssh/id_rsa - - # Upload the build to the remote server location: the volume shared by the nginx container serving http requests - - name: 🚀 Upload - run: | - rsync --archive --stats --verbose --delete ./build/blog/dev/* ${{ secrets.CI_USER_NAME }}@iscsc.fr:${{ secrets.REPO_PATH_ON_REMOTE }}/build/blog/dev