1.4.0 #16

Workflow file for this run

	name: deploy-master

	on:
	push:
	branches:
	- master

	jobs:
	preinstall-client:
	runs-on: ubuntu-20.04
	strategy:
	matrix:
	node-version: [16]
	steps:
	- uses: actions/checkout@v3
	- uses: pnpm/action-setup@v2
	with:
	version: 8
	- name: Use Node.js ${{ matrix.node-version }}
	uses: actions/setup-node@v3
	with:
	node-version: ${{ matrix.node-version }}
	cache: 'pnpm'
	cache-dependency-path: packages/client/pnpm-lock.yaml
	- name: Get pnpm store directory
	id: pnpm-cache
	shell: bash
	run: \|
	echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
	- uses: actions/cache@v3
	name: Setup pnpm cache
	with:
	path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}
	key: ${{ runner.os }}-pnpm-store-${{ hashFiles('packages/client/pnpm-lock.yaml') }}
	restore-keys: \|
	${{ runner.os }}-pnpm-store-
	- name: Install dependencies
	run: \|
	cd packages/client
	pnpm install --frozen-lockfile

	build-client-production:
	needs: [preinstall-client]
	runs-on: ubuntu-20.04
	strategy:
	matrix:
	node-version: [16]
	steps:
	- uses: actions/checkout@v3
	- uses: pnpm/action-setup@v2
	with:
	version: 8
	- name: Use Node.js ${{ matrix.node-version }}
	uses: actions/setup-node@v3
	with:
	node-version: ${{ matrix.node-version }}
	cache: 'pnpm'
	cache-dependency-path: packages/client/pnpm-lock.yaml
	- name: Get pnpm store directory
	id: pnpm-cache
	shell: bash
	run: \|
	echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT
	- uses: actions/cache@v3
	name: Setup pnpm cache
	with:
	path: ${{ steps.pnpm-cache.outputs.STORE_PATH }}
	key: ${{ runner.os }}-pnpm-store-${{ hashFiles('packages/client/pnpm-lock.yaml') }}
	restore-keys: \|
	${{ runner.os }}-pnpm-store-
	- name: Install dependencies
	run: \|
	cd packages/client
	pnpm install --frozen-lockfile
	- name: Create env file for client
	run: \|
	touch packages/client/env/.env.production
	echo "$CLIENT_ENV" >> packages/client/env/.env.production
	env:
	CLIENT_ENV: ${{secrets.CLIENT_ENV_PRODUCTION}}
	- name: Set current date as env variable
	run: echo "BUILD_TIMESTAMP=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_ENV
	- name: Build
	run: \|
	cd packages/client
	pnpm build:production
	- uses: actions/cache@v3
	with:
	path: packages/client/dist
	key: client-production-${{ github.sha }}

	build-production:
	needs: [build-client-production]
	name: Build the production docker image
	runs-on: ubuntu-latest
	timeout-minutes: 10
	steps:
	- uses: actions/checkout@v3

	- name: Set up Docker Buildx
	uses: docker/setup-buildx-action@v1

	- uses: actions/cache@v3
	with:
	path: packages/client/dist
	key: client-production-${{ github.sha }}

	- name: Generate certificates
	run: \|
	mkdir -p ./packages/server/secret
	openssl req -x509 -newkey rsa:2048 -nodes -out ./packages/server/secret/cert.pem -keyout ./packages/server/secret/key.pem -days 365 -subj "/C=FR/O=krkr/OU=Domain Control Validated/CN=*"

	- name: Run docker build task
	run: docker build -f Dockerfile.cached -t inkvisitor:production .

	- name: Save docker-compose stack
	run: docker save inkvisitor:production \| gzip > inkvisitor-production.tar.gz

	- name: Cache image.tar
	uses: actions/cache@v2
	with:
	path: inkvisitor-production.tar.gz
	key: inkvisitor-production-${{ github.sha }}.tar.gz

	deploy:
	needs: [build-production]
	name: Deploy
	runs-on: ubuntu-latest
	timeout-minutes: 10
	steps:
	- name: Checkout InkVisitor
	uses: actions/checkout@v2

	- name: Restore cached production
	uses: actions/cache@v2
	with:
	path: inkvisitor-production.tar.gz
	key: inkvisitor-production-${{ github.sha }}.tar.gz

	- name: Install SSH Key
	uses: shimataro/ssh-key-action@v2
	with:
	key: ${{ secrets.SSH_PRIVATE_KEY }}
	known_hosts: ${{ secrets.KNOWN_HOSTS }}

	- name: Update packages
	run: \|
	sudo apt-get update

	- name: Install OpenVPN
	run: \|
	sudo apt install -y openvpn openvpn-systemd-resolved

	- name: Prepare OpenVPN creds file
	run: \|
	touch pass.txt
	echo ${{ secrets.VPN_USER }} >> pass.txt
	echo ${{ secrets.VPN_PASS }} >> pass.txt

	- name: Pull OpenVPN Config
	run: curl https://it.muni.cz/media/3404274/muni-main-linux.ovpn -o muni-linux.ovpn

	- name: Connect to VPN and deploy
	run: sudo openvpn --config muni-linux.ovpn --auth-user-pass pass.txt --daemon

	- name: Wait for a VPN connection
	timeout-minutes: 2
	run: until ping -w 2 ${{ secrets.SSH_HOST }}; do sleep 2; done

	- name: Upload image production
	run: scp inkvisitor-production.tar.gz ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }}:/var/www/html/apps

	- name: Restart containers
	run: \|
	ssh -tt ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} -- "sh -c '
	podman container prune -f &&
	podman image prune -f &&
	rm -rf /var/tmp/docker-tar* &&
	podman rm inkvisitor-production --force \|\| true &&
	podman load -i /var/www/html/apps/inkvisitor-production.tar.gz &&
	podman-compose -f /var/www/html/apps/docker-compose.yml up -d inkvisitor-production
	'"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

1.4.0 #16

Workflow file

1.4.0 #16

Jobs

Run details

Workflow file for this run