-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathaction.yml
More file actions
204 lines (203 loc) · 7.73 KB
/
action.yml
File metadata and controls
204 lines (203 loc) · 7.73 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
name: 'BareMetal Pipeline'
description: 'Deploy applications to baremetal servers via SSH with support for baremetal, Docker, or Kubernetes deployments'
branding:
icon: 'server'
color: 'blue'
inputs:
git_url:
description: 'Git repository URL to clone and deploy (defaults to current repository URL)'
required: false
git_auth_method:
description: 'Git authentication method: token (HTTPS with token), ssh (SSH key), or none (public repos only)'
required: false
default: 'none'
git_token:
description: 'GitHub token for authentication (required if git_auth_method is token)'
required: false
git_user:
description: 'GitHub username (required if git_auth_method is token, defaults to GitHub actor)'
required: false
git_ssh_key:
description: 'SSH private key for Git authentication (required if git_auth_method is ssh). Can be same as ssh_key'
required: false
deployment_type:
description: 'Deployment type: baremetal (direct to server), docker (Docker Compose), or k8s (Kubernetes)'
required: false
default: 'baremetal'
environment:
description: 'Deployment environment (dev, staging, prod)'
required: false
default: 'dev'
remote_user:
description: 'SSH remote user (comma-separated if multiple hosts, supports reuse/distribution)'
required: false
default: 'root'
remote_host:
description: 'SSH remote host IP or domain (comma-separated for multiple hosts)'
required: true
remote_dir:
description: 'Remote directory path for deployment'
required: false
ssh_key:
description: 'SSH private key for authentication (base64 encoded or raw, comma-separated if multiple keys needed)'
required: false
remote_password:
description: 'SSH password for authentication (if not using SSH key, comma-separated if multiple passwords needed)'
required: false
registry_type:
description: 'Docker registry type (ghcr, dockerhub, ecr)'
required: false
default: 'ghcr'
registry_username:
description: 'Docker registry username (for dockerhub)'
required: false
registry_password:
description: 'Docker registry password (for dockerhub)'
required: false
aws_region:
description: 'AWS region (for ECR)'
required: false
aws_account_id:
description: 'AWS account ID (for ECR)'
required: false
profile:
description: 'Docker Compose profile to use (for docker deployment type)'
required: false
deploy_command:
description: 'Command to run for baremetal deployment (e.g., "make deploy" or "./deploy.sh"). Defaults to "make {environment}" if Makefile exists'
required: false
k8s_manifest_path:
description: 'Path to Kubernetes manifest file or directory (for k8s deployment type). Defaults to "k8s/" or "manifests/"'
required: false
k8s_namespace:
description: 'Kubernetes namespace to deploy to (for k8s deployment type)'
required: false
default: 'default'
use_sudo:
description: 'Use sudo for commands (true/false). Some commands may still require sudo regardless of this setting'
required: false
default: 'false'
env_files_generate:
description: 'Generate .env files from GitHub secrets/variables'
required: false
default: 'false'
env_files_structure:
description: 'Environment file structure: single, flat, nested, auto, custom'
required: false
default: 'auto'
env_files_path:
description: 'Custom path for environment files (when structure=custom)'
required: false
env_files_patterns:
description: 'Comma-separated list of .env file patterns (e.g., .env.app,.env.database). Only used if env_files_structure is NOT set to "auto".'
required: false
env_files_create_root:
description: 'Also create .env files in project root'
required: false
default: 'false'
env_files_format:
description: 'Format for parsing all-in-one secrets: auto, env, json, yaml'
required: false
default: 'auto'
copy_artifacts:
description: 'Comma-separated list of build artifacts to copy to the server (local_path:remote_path). Paths are relative to git_dir unless absolute.'
required: false
outputs:
deployment_status:
description: 'Deployment status (success/failed)'
remote_hostname:
description: 'Hostname of the remote server'
runs:
using: 'composite'
steps:
- name: Setup Python
uses: actions/setup-python@v5
with:
python-version: '3.x'
- name: Cache Poetry installation
uses: actions/cache@v4
id: cache-poetry-bin
with:
path: ${{ github.workspace }}/.poetry
key: ${{ runner.os }}-poetry
restore-keys: |
${{ runner.os }}-poetry-
- name: Get Poetry lock hash
id: poetry-lock-hash
shell: bash
run: |
cd ${{ github.action_path }}
if [ -f poetry.lock ]; then
LOCK_HASH=$(sha256sum poetry.lock | cut -d' ' -f1 | head -c 16)
echo "hash=$LOCK_HASH" >> $GITHUB_OUTPUT
else
echo "hash=no-lock" >> $GITHUB_OUTPUT
fi
- name: Cache Poetry virtualenv
uses: actions/cache@v4
id: cache-poetry-venv
with:
path: ~/.cache/pypoetry/virtualenvs
key: ${{ runner.os }}-poetry-venv-${{ steps.poetry-lock-hash.outputs.hash }}
restore-keys: |
${{ runner.os }}-poetry-venv-
- name: Install Poetry
shell: bash
run: |
export POETRY_HOME="${{ github.workspace }}/.poetry"
POETRY_BIN="$POETRY_HOME/bin"
mkdir -p "$POETRY_BIN"
if [ ! -f "$POETRY_BIN/poetry" ]; then
echo "Poetry not found in cache, installing..."
curl -sSL https://install.python-poetry.org | POETRY_HOME="$POETRY_HOME" python3 - --version 2.2.1
else
echo "Poetry found in cache"
chmod +x "$POETRY_BIN/poetry"
fi
- name: Add Poetry to PATH
shell: bash
run: |
echo "${{ github.workspace }}/.poetry/bin" >> $GITHUB_PATH
- name: Install dependencies
shell: bash
run: |
cd ${{ github.action_path }}
poetry install --no-root --only=main
- name: Run deployment
shell: bash
run: |
cd ${{ github.action_path }}
poetry run python main.py
env:
GIT_URL: ${{ inputs.git_url }}
GIT_AUTH_METHOD: ${{ inputs.git_auth_method }}
GIT_TOKEN: ${{ inputs.git_token }}
GIT_USER: ${{ inputs.git_user }}
GITHUB_REPOSITORY: ${{ github.repository }}
GITHUB_ACTOR: ${{ github.actor }}
GIT_SSH_KEY: ${{ inputs.git_ssh_key }}
DEPLOYMENT_TYPE: ${{ inputs.deployment_type }}
ENVIRONMENT: ${{ inputs.environment }}
REMOTE_USER: ${{ inputs.remote_user }}
REMOTE_HOST: ${{ inputs.remote_host }}
REMOTE_DIR: ${{ inputs.remote_dir }}
SSH_KEY: ${{ inputs.ssh_key }}
REMOTE_PASSWORD: ${{ inputs.remote_password }}
REGISTRY_TYPE: ${{ inputs.registry_type }}
REGISTRY_USERNAME: ${{ inputs.registry_username }}
REGISTRY_PASSWORD: ${{ inputs.registry_password }}
AWS_REGION: ${{ inputs.aws_region }}
AWS_ACCOUNT_ID: ${{ inputs.aws_account_id }}
PROFILE: ${{ inputs.profile }}
DEPLOY_COMMAND: ${{ inputs.deploy_command }}
K8S_MANIFEST_PATH: ${{ inputs.k8s_manifest_path }}
K8S_NAMESPACE: ${{ inputs.k8s_namespace }}
USE_SUDO: ${{ inputs.use_sudo }}
ENV_FILES_GENERATE: ${{ inputs.env_files_generate }}
ENV_FILES_STRUCTURE: ${{ inputs.env_files_structure }}
ENV_FILES_PATH: ${{ inputs.env_files_path }}
ENV_FILES_PATTERNS: ${{ inputs.env_files_patterns }}
ENV_FILES_CREATE_ROOT: ${{ inputs.env_files_create_root }}
ENV_FILES_FORMAT: ${{ inputs.env_files_format }}
COPY_ARTIFACTS: ${{ inputs.copy_artifacts }}
GITHUB_WORKSPACE: ${{ github.workspace }}