.github/workflows/deployment-dev.yml

name: Deployment to DEV environment

on:
  workflow_dispatch :
    inputs:
      tag:
       description: 'Version tag for deployment'
       type: string
       required: true

env:
  branch: dev
  server_deploy_root: /home/amcr/aiscr-webamcr
  dep_script: scripts/ci_deployment/deploy_server.sh

jobs:
  deployment:
    name: Connect to VPN, do deployment actions on DEV SERVER, Kill VPN
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
        with:
          ref: v${{ inputs.tag }}
      - name: Install OpenVPN
        run: |
          sudo apt-get update
          sudo apt-get --assume-yes --no-install-recommends install openvpn iputils-ping dnsutils          

      - name: Setup VPN config
        run: |
          echo "${{ secrets.VPN_CA_CRT }}" > .github/vpn/openvpn20_huldio_ci_ca.crt
          echo "${{ secrets.VPN_USER_CRT }}" > .github/vpn/openvpn20_huldio_ci_user.crt
          echo "${{ secrets.VPN_USER_KEY }}" > .github/vpn/openvpn20_huldio_ci_user.key
          echo "${{ secrets.VPN_SECRET_USERNAME_PASSWORD }}" > secret.txt

      - name: Connect VPN
        run: sudo openvpn --config ".github/vpn/openvpn20_huldio_ci.ovpn" --daemon --askpass secret.txt

      - name: Wait for a VPN connection
        timeout-minutes: 2
        run: until dig ${{ secrets.DNS_RESOLVER }} ${{ secrets.DEPLOYMENT_SERVER_DEV }} A +time=1; do sleep 2; done

      - name: SSH connection DEPLOYMENT_SERVER_DEV
        run: |
          eval $(ssh-agent -s)
          echo "${{ secrets.SSH_PRIVATE_KEY_SERVER_DEV }}" | tr -d '\r' | ssh-add -
          mkdir -p ~/.ssh
          chmod 700 ~/.ssh
          echo "${{ secrets.SSH_KNOWN_HOST_DEV }}" >> ~/.ssh/known_hosts
          chmod 644 ~/.ssh/known_hosts
          sleep 30
          ping -c 10 ${{ secrets.DEPLOYMENT_SERVER_DEV }}
          echo "date_stamp=$(date +%Y%m%dT%H%M%S)" >> "$GITHUB_ENV"
          ssh amcr@${{ secrets.DEPLOYMENT_SERVER_DEV }} << EOF
          sudo su - root << AOF
          cd ${{ env.server_deploy_root }}
          git stash push -m "CI_autostash_${{ inputs.tag }}_${{ env.date_stamp }}"
          git checkout ${{ env.branch }}
          git pull
          chmod +x ${{ env.dep_script }}
          ./${{ env.dep_script }} ${{ inputs.tag }} ${{ env.server_deploy_root }} ${{ env.branch }}
          AOF
          EOF

      - name: disconnect VPN
        if: always()
        run: |
          sudo killall openvpn