-
Notifications
You must be signed in to change notification settings - Fork 0
43 lines (35 loc) · 1.03 KB
/
manual-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
# .github/workflows/manual-deploy.yml
# TODO_PRODUCTION
name: Manually Deploy
on:
push:
branches:
- main
jobs:
#bootstrap:
# run bootstrap.ssh?
# PUBLIC_KEY="your_ssh_public_key_here" DOMAIN="your_domain_here" bash bootstrap.sh
deploy:
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Re-deploy, update secrets
env:
# secure: only stored in memory during the remote-ssh session
API_KEY: ${{ secrets.API_KEY }}
DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
run: |
ssh user@your-vm-ip << 'EOF'
# Authenticate with GitHub CLI using the passed PAT
echo "$GITHUB_TOKEN" | gh auth login --with-token
# Create the .env file with secrets
{
echo "API_KEY=$API_KEY"
echo "DB_PASSWORD=$DB_PASSWORD"
} > .env
# Run docker-compose with the .env file
docker-compose --env-file .env up -d
# Remove the .env file immediately
rm .env
EOF