diff --git a/.github/workflows/ci_dev.yml b/.github/workflows/ci_dev.yml new file mode 100644 index 0000000..73c31ed --- /dev/null +++ b/.github/workflows/ci_dev.yml @@ -0,0 +1,43 @@ +name: "CI - Build and push with reusable workflow (Development)" + +on: + push: + branches: [dev] + paths: + - ./** + - .github/workflows/ci_dev.yml + pull_request: + branches: [dev] + paths: + - ./** + - .github/workflows/ci_dev.yml + workflow_dispatch: + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + build: + permissions: + contents: read + packages: write + uses: TIHLDE/tihlde-workflows/.github/workflows/_ci_ghcr.yml@v1 + with: + tag-prefix: dev + push: ${{ github.event_name != 'pull_request' }} + build-args: | + NEXT_PUBLIC_ALLOWED_GROUP_SLUGS=drift,index + + deploy: + needs: build + if: github.event_name != 'pull_request' + uses: TIHLDE/tihlde-workflows/.github/workflows/_notify_deploy.yml@v1.1.3 + with: + tag: dev + environment: dev + secrets: + DEPLOY_RECEIVER_TOKEN: ${{ secrets.DEPLOY_RECEIVER_TOKEN }} diff --git a/.github/workflows/ci_prod.yml b/.github/workflows/ci_prod.yml new file mode 100644 index 0000000..e7ace5e --- /dev/null +++ b/.github/workflows/ci_prod.yml @@ -0,0 +1,43 @@ +name: "CI - Build and push with reusable workflow (Production)" + +on: + push: + branches: [main] + paths: + - ./** + - .github/workflows/ci_prod.yml + pull_request: + branches: [main] + paths: + - ./** + - .github/workflows/ci_prod.yml + workflow_dispatch: + +permissions: + contents: read + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +jobs: + build: + permissions: + contents: read + packages: write + uses: TIHLDE/tihlde-workflows/.github/workflows/_ci_ghcr.yml@v1 + with: + tag-prefix: "" + push: ${{ github.event_name != 'pull_request' }} + build-args: | + NEXT_PUBLIC_ALLOWED_GROUP_SLUGS=drift,index + + deploy: + needs: build + if: github.event_name != 'pull_request' + uses: TIHLDE/tihlde-workflows/.github/workflows/_notify_deploy.yml@v1.1.3 + with: + tag: latest + environment: prod + secrets: + DEPLOY_RECEIVER_TOKEN: ${{ secrets.DEPLOY_RECEIVER_TOKEN }} diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml deleted file mode 100644 index 8e8e5a5..0000000 --- a/.github/workflows/deploy.yml +++ /dev/null @@ -1,64 +0,0 @@ -name: Deploy to Drift - -on: - push: - branches: - - main - -jobs: - deploy: - name: Deploy - runs-on: ubuntu-latest - concurrency: - group: deployment_lock - cancel-in-progress: false - steps: - - name: Checkout Code - uses: actions/checkout@v4 - - - name: Set up SSH key - env: - PROXY_HOST: ${{ vars.PROXY_HOST }} - SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} - run: | - mkdir -p ~/.ssh - echo "$SSH_PRIVATE_KEY" > ~/.ssh/key - chmod 600 ~/.ssh/key - ssh-keyscan -H $PROXY_HOST >> ~/.ssh/known_hosts - - - name: Deploy to OpenStack server - env: - PROXY_HOST: ${{ vars.PROXY_HOST }} - HOST: ${{ vars.HOST }} - USER: ${{ vars.USER }} - WORKING_DIRECTORY: ${{ vars.WORKING_DIRECTORY }} - VAULTWARDEN_MASTER_PASSWORD: ${{ secrets.VAULTWARDEN_MASTER_PASSWORD }} - VAULTWARDEN_ITEM_ID: ${{ secrets.VAULTWARDEN_ITEM_ID }} - ENV_RELATIVE_PATH: ${{ vars.ENV_RELATIVE_PATH }} - run: | - # Start ssh-agent and add the SSH key - eval $(ssh-agent -s) - ssh-add ~/.ssh/key - - # SSH into the server via the proxy and run deployment commands - ssh -o StrictHostKeyChecking=no -J $USER@$PROXY_HOST $USER@$HOST << ENDSSH - - # WE ARE NOW ON THE REMOTE SERVER - - # If any command fails, the script will exit immediately with a non-zero status - set -euo pipefail - - # Load environment variables from Vaultwarden - cd - ./get-env.sh "$VAULTWARDEN_MASTER_PASSWORD" "$VAULTWARDEN_ITEM_ID" "$WORKING_DIRECTORY/$ENV_RELATIVE_PATH" - - # Change permissions of .env to be readable only by the owner - chmod 0600 "$WORKING_DIRECTORY/$ENV_RELATIVE_PATH" - - # Navigate to the working directory, pull the latest code, and run the deployment script - cd "$WORKING_DIRECTORY" - git fetch - git reset --hard origin/main - ./deploy.sh - - ENDSSH