Ensure authorizations are deleted after being used. #58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test, build and deploy | |
on: | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
env: | |
IMAGE: ghcr.io/${{ github.repository }} | |
#PLATFORMS: linux/amd64,linux/arm64 | |
jobs: | |
test: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3.5.3 | |
- name: Start containerized environment | |
run: make | |
- name: Set up dependencies | |
run: make deps | |
- name: Run linter | |
run: make lint | |
- name: Run tests | |
run: make test | |
- name: Stop containerized environment | |
continue-on-error: true | |
run: make down | |
build: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
outputs: | |
TAG: ${{ steps.metadata.outputs.TAG }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3.5.3 | |
- name: Set up metadata | |
id: metadata | |
run: | | |
TAG="${GITHUB_SHA::8}" | |
if [[ "${GITHUB_REF}" == "refs/tags/*" ]]; then | |
TAG="${GITHUB_REF#refs/tags/v}" | |
fi | |
echo "TAG=${TAG}" >> "${GITHUB_OUTPUT}" | |
#- name: Set up QEMU | |
# uses: docker/setup-qemu-action@v2.2.0 | |
# with: | |
# platforms: ${{ env.PLATFORMS }} | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2.9.1 | |
- name: Log into image registry | |
uses: docker/login-action@v2.2.0 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build | |
uses: docker/build-push-action@v4.1.1 | |
with: | |
context: . | |
target: runtime | |
#platforms: ${{ env.PLATFORMS }} | |
push: true | |
tags: ${{ env.IMAGE }}:${{ steps.metadata.outputs.TAG }},${{ env.IMAGE }}:latest | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
deploy: | |
runs-on: ubuntu-latest | |
needs: | |
- test | |
- build | |
steps: | |
- name: Log into image registry | |
uses: docker/login-action@v2.2.0 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Extract binary | |
run: | | |
ID=$(docker create ${{ env.IMAGE }}:${{needs.build.outputs.TAG}} --entrypoint 'sleep infinity') | |
docker cp "${ID}:/usr/local/bin/bin" ./bin | |
docker rm --volumes "${ID}" | |
- name: Set up SSH | |
uses: shimataro/ssh-key-action@v2.5.1 | |
with: | |
name: id_ed25519 | |
key: ${{ secrets.SSH_KEY }} | |
known_hosts: ${{ secrets.SSH_KNOWN_HOSTS }} | |
- name: Deploy | |
run: | | |
ssh caddy@${{ secrets.WEB_HOST }} -p 22001 sudo systemctl stop avptp-brain | |
scp -P 22001 ./bin caddy@${{ secrets.WEB_HOST }}:/srv/avptp/brain | |
ssh caddy@${{ secrets.WEB_HOST }} -p 22001 sudo systemctl start avptp-brain |