Skip to content
This repository has been archived by the owner on Oct 5, 2022. It is now read-only.
Permalink
master
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

ackerson.de-go/.github/workflows/build.yml

View runs Go to file
 
 
Cannot retrieve contributors at this time
96 lines (81 sloc) 4.07 KB
Raw Blame
Open in GitHub Desktop
name: Deploy ackerson.de homepage
on:
push:
branches: [master, hetzner]
workflow_dispatch:
inputs:
ca_pub_fingerprint:
description: fingerprint of CA signed user cert
default: "No value supplied"
required: false
type: string
jobs:
build:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v2
- uses: actions/setup-go@v2
with:
go-version: "1.19"
- name: Test application
run: |
go mod tidy
go install github.com/jstemmer/go-junit-report@latest
mkdir -p /tmp/test-results
export `go env | grep GOPATH | tr -d \"`
go test -v ./... | go-junit-report > /tmp/test-results/unit-tests.xml
- name: Upload & archive test results
uses: actions/upload-artifact@v1
with:
name: code-coverage-report
path: /tmp/test-results/unit-tests.xml
- name: Build application and docker image
run: |
go mod tidy
export `go env | grep GOPATH | tr -d \"`
CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -o homepage
docker build --compress -t danackerson/ackerson.de:vg$GITHUB_RUN_ID .
export DUSER=$(echo ${{ secrets.ORG_DOCKER_USER }} | base64 -d)
export DPASS=$(echo ${{ secrets.ORG_DOCKER_PASS }} | base64 -d)
echo $DPASS | docker login -u $DUSER --password-stdin
docker tag danackerson/ackerson.de:vg$GITHUB_RUN_ID danackerson/ackerson.de:latest
docker push --all-tags danackerson/ackerson.de
- name: Deploy to Hetzner
run: |
# Needed for DNS update as long as it's on DO!
export CTX_DIGITALOCEAN_DROPLET_PROXY_TOKEN=$(echo ${{ secrets.ORG_DIGITALOCEAN_DROPLET_PROXY_TOKEN }} | base64 -d)
export CTX_DIGITALOCEAN_FIREWALL=$(echo ${{ secrets.ORG_DIGITALOCEAN_FIREWALL }} | base64 -d)
export HETZNER_API_TOKEN=$(echo ${{ secrets.ORG_HETZNER_CLOUD_API_TOKEN }} | base64 -d)
#export HETZNER_FIREWALL=$(echo ${{ secrets.ORG_HETZNER_HOME_FIREWALL }} | base64 -d)
#export HETZNER_VAULT_VOLUME_ID=$(echo ${{ secrets.ORG_HETZNER_VAULT_VOLUME_ID }} | base64 -d)
git clone https://github.com/ackersonde/hetzner_home.git
cd hetzner_home
go mod tidy
go build hetzner.go
cd ../
public_ip_address=$(curl -s https://checkip.amazonaws.com)
./hetzner_home/hetzner -fn=firewallSSH -tag=homepage -ip=$public_ip_address
mkdir ~/.ssh
cat <<EOF >~/.ssh/id_rsa
$(echo ${{ secrets.HETZNER_SSH_PRIVKEY }} | base64 -d)
EOF
chmod 400 ~/.ssh/id_rsa
export DARKSKY_API_KEY=$(echo ${{ secrets.ORG_DARKSKY_API_KEY }} | base64 -d)
ssh -o StrictHostKeyChecking=no root@ackerson.de "\
docker rm -f homepage || true && \
docker run -d --restart=always \
-e DARKSKY_API_KEY=$DARKSKY_API_KEY \
-e GITHUB_RUN_ID=$GITHUB_RUN_ID \
-e CA_FINGER=${{ inputs.ca_pub_fingerprint }} \
--label='traefik.enable=true' \
--label='traefik.http.routers.homepage.tls.domains[0].main=ackerson.de' \
--label='traefik.http.routers.homepage.tls.domains[0].sans=*.ackerson.de' \
--label='traefik.http.routers.homepage.rule=Host(\`ackerson.de\`, \`www.ackerson.de\`, \`ipv4.ackerson.de\`, \`ipv6.ackerson.de\`)' \
--label='traefik.http.routers.homepage.middlewares=http-ratelimit@file,secHeaders@file,home-redirectregex@file' \
--name homepage danackerson/ackerson.de:vg$GITHUB_RUN_ID"
rm -Rf ~/.ssh ~/.docker/config.json
./hetzner_home/hetzner -fn=cleanupDeploy -tag=homepage
export SLACK_NOTIFY_TOKEN=$(echo ${{ secrets.ORG_SLACK_NOTIFICATIONS_TOKEN }} | base64 -d)
curl -Ss -o /dev/null -X POST -d token=$SLACK_NOTIFY_TOKEN -d channel=C092UE0H4 \
-d text="<https://github.com/$GITHUB_REPOSITORY/actions/runs/$GITHUB_RUN_ID|$GITHUB_REPOSITORY @ $GITHUB_RUN_ID>" \
https://slack.com/api/chat.postMessage