-
-
Notifications
You must be signed in to change notification settings - Fork 1
80 lines (72 loc) · 3.28 KB
/
build+deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
name: Build & Deploy
on:
push:
branches:
- main
paths:
- 'public/**'
- 'src/**'
# match files with extension in current directory
- '*.m?js'
- '*.json'
- '!.*rc.m?js'
- '!.*rc.json'
env:
PRODUCTION_ARTIFACT_NAME: out/prod.tgz
TESTING_ARTIFACT_NAME: out/test.tgz
jobs:
main:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Set up NodeJS v20
uses: actions/setup-node@v3
with:
node-version: 20
cache: npm
- name: Cache .next
uses: actions/cache@v4
with:
path: ${{ github.workspace }}/.next/cache
# Generate a new cache whenever packages or source files change
key: ${{ runner.os }}-nextjs-${{ hashFiles('package-lock.json') }}-${{ hashFiles('public/**', 'src/**', '*.m?js', 'tsconfig.json', '!.*rc.m?js') }}
# If source files changed but packages didn't, rebuild from a prior cache
restore-keys: ${{ runner.os }}-nextjs-${{ hashFiles('package-lock.json') }}-
- name: Add dev/test/prod API masks
run: |
echo "::add-mask::${{ secrets.API_URL_DEV }}"
echo "::add-mask::${{ secrets.API_URL_TEST }}"
echo "::add-mask::${{ secrets.API_URL_PROD }}"
- name: Build & bundle into gzipped tar
run: |
cat <<'EOF' > .env-cmdrc.js
${{ secrets.FILE_ENV_CMDRC_JS }}
EOF
npm install
npm audit fix --audit-level=none
npx next telemetry disable
npm run build:prod
npm run build:test
rm .env-cmdrc.js
tar -C out/prod -czf $PRODUCTION_ARTIFACT_NAME .
tar -C out/test -czf $TESTING_ARTIFACT_NAME .
- name: Setup SSH keys
run: |
mkdir -p ~/.ssh
echo "${{ secrets.SSH_PRODUCTION_PRIVATE_KEY }}" > ~/.ssh/prod_ed25519
echo "${{ secrets.SSH_TESTING_PRIVATE_KEY }}" > ~/.ssh/test_ed25519
echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config
chmod 600 ~/.ssh/prod_ed25519 ~/.ssh/test_ed25519 ~/.ssh/config
echo -e "Host prod-server\n\tHostName ${{ secrets.SSH_PRODUCTION_HOST }}\n\tPort ${{ secrets.SSH_PRODUCTION_PORT }}\n\tUser ${{ secrets.SSH_PRODUCTION_USERNAME }}\n\tIdentityFile ~/.ssh/prod_ed25519\n\n" >> ~/.ssh/config
echo -e "Host test-server\n\tHostName ${{ secrets.SSH_TESTING_HOST }}\n\tPort ${{ secrets.SSH_TESTING_PORT }}\n\tUser ${{ secrets.SSH_TESTING_USERNAME }}\n\tIdentityFile ~/.ssh/test_ed25519\n\n" >> ~/.ssh/config
- name: Stage to servers & deploy
env:
PRODUCTION_STAGING_DIR_PATH: ${{ secrets.SSH_PRODUCTION_STAGING_DIR_PREFIX }}website
TESTING_STAGING_DIR_PATH: ${{ secrets.SSH_TESTING_STAGING_DIR_PREFIX }}website
run: |
ssh prod-server "mkdir -p $PRODUCTION_STAGING_DIR_PATH && cd $PRODUCTION_STAGING_DIR_PATH && rm *.tgz -f"
ssh test-server "mkdir -p $TESTING_STAGING_DIR_PATH && cd $TESTING_STAGING_DIR_PATH && rm *.tgz -f"
scp $PRODUCTION_ARTIFACT_NAME prod-server:$PRODUCTION_STAGING_DIR_PATH
scp $TESTING_ARTIFACT_NAME test-server:$TESTING_STAGING_DIR_PATH
ssh prod-server "sudo ${{ secrets.SSH_WEBSITE_DEPLOY_SCRIPT }}"
ssh test-server "sudo ${{ secrets.SSH_WEBSITE_DEPLOY_SCRIPT }}"