fixed workflows #106
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Deploy to Server | |
| on: | |
| push: | |
| branches: | |
| - master | |
| paths-ignore: | |
| - "README.md" | |
| jobs: | |
| build-env: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: "3.12" | |
| - name: Construct .env | |
| run: python production_build/construct_env.py | |
| env: | |
| NEXT_PUBLIC_API_URL: ${{ secrets.NEXT_PUBLIC_API_URL }} | |
| NEXT_PUBLIC_GLOBAL_API_URL: ${{ secrets.NEXT_PUBLIC_GLOBAL_API_URL }} | |
| NEXT_PUBLIC_COLORABLE_ID: ${{ secrets.NEXT_PUBLIC_COLORABLE_ID }} | |
| NEXT_PUBLIC_LOGIN_URL: ${{ secrets.NEXT_PUBLIC_LOGIN_URL }} | |
| TOKEN: ${{ secrets.TOKEN }} | |
| - name: Set up OpenSSL | |
| run: sudo apt-get install -y openssl | |
| - name: Encrypt env file | |
| run: | | |
| openssl aes-256-cbc -salt -in ./production_build/env -out env.enc -k ${{ secrets.ENCRYPTION_KEY }} | |
| - name: Upload env file | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: encrypted-env | |
| path: env.enc | |
| build: | |
| runs-on: ubuntu-latest | |
| needs: build-env | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Cache Node.js modules | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.npm | |
| .next/cache | |
| key: ${{ runner.os }}-node-${{ hashFiles('package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Set up Node.js | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: "20" | |
| - name: Download env file | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: encrypted-env | |
| path: . | |
| - name: Decrypt env file | |
| run: | | |
| openssl aes-256-cbc -d -in env.enc -out .env -k ${{ secrets.ENCRYPTION_KEY }} | |
| - name: Install dependencies | |
| run: npm install | |
| - name: Run build | |
| run: npm run build | |
| - name: Archive production artifacts | |
| run: tar -czf build.tar.gz .next public package.json package-lock.json env.enc | |
| - name: Upload production artifacts | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-artifacts | |
| path: build.tar.gz | |
| deploy: | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Download production artifacts | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: build-artifacts | |
| path: . | |
| - name: Install SSH and SCP | |
| run: sudo apt-get update && sudo apt-get install -y openssh-client sshpass | |
| - name: Copy build artifacts via SCP | |
| env: | |
| SSHPASS: ${{ secrets.ROOT_SSH_PASSWORD }} | |
| run: | | |
| sshpass -e scp -o StrictHostKeyChecking=no build.tar.gz root@${{ secrets.SERVER_IP }}:/home/ppl_site | |
| - name: Extract build artifacts on server | |
| env: | |
| SSHPASS: ${{ secrets.ROOT_SSH_PASSWORD }} | |
| run: | | |
| sshpass -e ssh -o StrictHostKeyChecking=no root@${{ secrets.SERVER_IP }} << 'EOF' | |
| cd /home/ppl_site | |
| tar -xzf build.tar.gz | |
| openssl aes-256-cbc -d -in env.enc -out .env -k ${{ secrets.ENCRYPTION_KEY }} | |
| rm build.tar.gz | |
| npm install --production | |
| systemctl restart ppl_site | |
| EOF | |
| - name: Clean up local build artifacts | |
| run: rm build.tar.gz |