Refactor CLEAN_BRANCH_NAME #7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # vim: set colorcolumn=: | ||
| name: deployment | ||
| on: | ||
| push: | ||
| branches: | ||
| - develop | ||
| env: | ||
| PHP_VERSION: '8.1' | ||
| permissions: | ||
| contents: read | ||
| jobs: | ||
| linter: | ||
| runs-on: ubuntu-latest | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| - name: Update apt cache | ||
| run: sudo apt-get update | ||
| - name: Install PHP ${{ env.PHP_VERSION }} | ||
| run: sudo apt-get install php${{ env.PHP_VERSION }}-cli | ||
| - name: Validate composer.json and composer.lock | ||
| run: composer validate --strict | ||
| - name: Cache Composer packages | ||
| id: composer-cache | ||
| uses: actions/cache@v4 | ||
| with: | ||
| path: lib | ||
| key: ${{ runner.os }}-php-${{ hashFiles('**/composer.lock') }} | ||
| restore-keys: | | ||
| ${{ runner.os }}-php- | ||
| - name: Install composer/vendor dependencies | ||
| run: composer install --prefer-dist --no-progress --ignore-platform-reqs | ||
| - name: Validate PHP syntax | ||
| run: bash -c 'set -e;for file in $(find ./src -type f -regex ".*\.\(php\|phtml\)" -print); do php -e -l -f "$file"; done' | ||
| deploy: | ||
| needs: linter | ||
| runs-on: ubuntu-latest | ||
| environment: production | ||
| steps: | ||
| - name: Checkout Code | ||
| uses: actions/checkout@v4 | ||
| - name: Sanitize Branch Name | ||
| run: | | ||
| CLEAN_BRANCH_NAME="${GITHUB_REF_NAME//\//_}" | ||
| echo "CLEAN_BRANCH_NAME=${CLEAN_BRANCH_NAME}" >> $GITHUB_ENV | ||
| - name: Compress Artifacts | ||
| run: zip -r ${{ enc.CLEAN_BRANCH_NAME }}.zip . | ||
|
Check failure on line 60 in .github/workflows/deployment.yml
|
||
| - name: Deploy to Remote | ||
| env: | ||
| SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }} | ||
| SSH_HOST: ${{ secrets.SSH_HOST }} | ||
| SSH_PORT: ${{ secrets.SSH_PORT }} | ||
| SSH_USER: ${{ secrets.SSH_USER }} | ||
| SSH_KEY: ${{ secrets.SSH_KEY }} # SSH private key stored as a GitHub secret | ||
| SSH_WEB_PATH: ${{ secrets.SSH_WEB_PATH }} | ||
| run: | | ||
| #!/usr/bin/env bash | ||
| set -ex -o pipefail | ||
| # Setup SSH directory, known hosts, and private key | ||
| mkdir -pv "${HOME}/.ssh" | ||
| echo "${SSH_KNOWN_HOSTS}" > "${HOME}/.ssh/known_hosts" | ||
| chmod -v 644 "${HOME}/.ssh/known_hosts" | ||
| echo "${SSH_KEY}" > "${HOME}/.ssh/id_${SSH_USER}" | ||
| chmod -v 400 "${HOME}/.ssh/id_${SSH_USER}" | ||
| # Deploy artifact to the remote | ||
| scp -i "${HOME}/.ssh/id_${SSH_USER}" -P "${SSH_PORT}" "${CLEAN_BRANCH_NAME}.zip" "${SSH_USER}@${SSH_HOST}:${SSH_WEB_PATH}/" | ||
| # SSH to remote and process artifact | ||
| ssh -i "${HOME}/.ssh/id_${SSH_USER}" -p "${SSH_PORT}" "${SSH_USER}@${SSH_HOST}" << EOF | ||
| set -ex -o pipefail | ||
| cd ${SSH_WEB_PATH}/ | ||
| rm -rfv ./${CLEAN_BRANCH_NAME}/ | ||
| mkdir -pv ./${CLEAN_BRANCH_NAME}/ | ||
| mv -v ./${CLEAN_BRANCH_NAME}.zip ./${CLEAN_BRANCH_NAME}/ | ||
| cd ./${CLEAN_BRANCH_NAME}/ | ||
| unzip -o ./${CLEAN_BRANCH_NAME}.zip | ||
| rm ./${CLEAN_BRANCH_NAME}.zip | ||
| EOF | ||
| # Cleanup the secret | ||
| rm -fv "${HOME}/.ssh/id_${SSH_USER}" "${HOME}/.ssh/id_${SSH_USER}.pub" | ||
