Skip to content
Deploy

Update Deploy.yml #24

Sign in to view logs

Update Deploy.yml

Update Deploy.yml #24

Workflow file for this run

.github/workflows/Deploy.yml at a5e352b
name: Deploy
on:
push:
branches: [ master ]
workflow_dispatch:
env:
DOCKER_REGISTRY: ghcr.io
IMAGE_NAME: safeturned/api
jobs:
deploy:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout code with submodules
uses: actions/checkout@v4
with:
submodules: recursive
token: ${{ secrets.GITHUB_TOKEN }}
- name: Force initialize submodule
run: |
echo "=== Force initializing FileChecker submodule ==="
git submodule add --force https://github.com/Safeturned/FileChecker.git FileChecker || true
git submodule update --init --recursive
echo "=== Checking submodule status ==="
git submodule status
echo "=== FileChecker directory contents ==="
ls -la FileChecker/
echo "=== FileChecker/src directory contents ==="
ls -la FileChecker/src/
- name: Setup .NET
uses: actions/setup-dotnet@v4
env:
DOTNET_NOLOGO: true
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
with:
dotnet-version: 9.*
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Install Aspire CLI
run: dotnet tool install --global Aspire.Cli
- name: Publish with Aspire
run: |
aspire publish -o ./publish/aspire
- name: Debug Aspire output
run: |
echo "=== Aspire publish output ==="
ls -la ./publish/aspire/
echo "=== Docker compose content ==="
cat ./publish/aspire/docker-compose.yaml
- name: Login to GHCR
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
- name: Find and tag Docker image
run: |
# Look for the built image with various possible names
BUILT_IMAGE=$(docker images --format "{{.Repository}}:{{.Tag}}" | grep -E "(safeturned-api|safeturned-api)" | head -n 1)
if [ -z "$BUILT_IMAGE" ]; then
# Try to find any image with safeturned in the name
BUILT_IMAGE=$(docker images --format "{{.Repository}}:{{.Tag}}" | grep safeturned | head -n 1)
fi
if [ -z "$BUILT_IMAGE" ]; then
# List all images for debugging
echo "Available Docker images:"
docker images
echo "❌ No built image found"
exit 1
fi
echo "Found built image: $BUILT_IMAGE"
# Tag for GHCR
docker tag "$BUILT_IMAGE" "ghcr.io/safeturned/api:latest"
docker tag "$BUILT_IMAGE" "ghcr.io/safeturned/api:v${{ github.run_number }}"
echo "✅ Image tagged successfully"
- name: Push Docker image
run: |
# Push both latest and versioned tags
docker push "ghcr.io/safeturned/api:latest"
docker push "ghcr.io/safeturned/api:v${{ github.run_number }}"
echo "✅ Images pushed successfully"
- name: Create deployment package
run: |
mkdir -p ./deploy
# Copy Aspire generated files
cp ./publish/aspire/docker-compose.yaml ./deploy/
cp ./publish/aspire/.env ./deploy/ 2>/dev/null || true
# Update the .env file with our values
cat > ./deploy/.env << EOF
# Default container port for safeturned-api
SAFETURNED_API_PORT=${{ secrets.SAFETURNED_API_PORT }}
# Parameter database-password
DATABASE_PASSWORD=safeturned_password
# Container image name for safeturned-api
SAFETURNED_API_IMAGE=ghcr.io/safeturned/api:latest
EOF
# Create override to use registry image and expose port
cat > ./deploy/docker-compose.override.yaml << EOF
services:
safeturned-api:
image: ghcr.io/safeturned/api:latest
ports:
- "${{ secrets.SAFETURNED_API_PORT }}:8080" # Expose for Cloudflare Tunnel
healthcheck:
test: ["CMD", "curl", "-f", "http://localhost:8080/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 60s
EOF
# Create deployment script with resolved variables
cat > ./deploy/deploy.sh << 'EOF'
#!/bin/bash
set -e
echo "Starting deployment..."
# Set default environment variables
export DATABASE_PASSWORD=${DATABASE_PASSWORD:-"safeturned_password"}
export SAFETURNED_API_PORT=${SAFETURNED_API_PORT:-"${{ secrets.SAFETURNED_API_PORT }}"}
echo "Environment variables set:"
echo "DATABASE_PASSWORD: $DATABASE_PASSWORD"
echo "SAFETURNED_API_PORT: $SAFETURNED_API_PORT"
# Stop existing containers
docker compose down || true
# Pull the latest image from registry
echo "Pulling latest image from registry..."
docker pull ghcr.io/safeturned/api:latest || echo "Image pull failed, will build locally"
# Start with Aspire's docker-compose
docker compose up -d
# Wait for services to be healthy
echo "Waiting for services to be healthy..."
timeout 120 bash -c 'until docker compose ps | grep -q "healthy"; do sleep 10; echo "Still waiting for healthy services..."; done' || echo "Warning: Some services may not be healthy"
# Show final status
echo "Final container status:"
docker compose ps
echo "Deployment completed successfully!"
echo "API is available on port $SAFETURNED_API_PORT for Cloudflare Tunnel"
EOF
chmod +x ./deploy/deploy.sh
echo "Deployment package created in ./deploy/"
- name: Debug deployment files
run: |
echo "=== Debugging deployment files ==="
echo "Current directory: $(pwd)"
echo "Deploy directory contents:"
ls -la ./deploy/
echo "Deploy.sh contents:"
cat ./deploy/deploy.sh
echo "=== Testing file copy ==="
echo "Files to be copied:"
ls -la ./deploy/*
- name: Copy files to server
uses: appleboy/scp-action@v1
with:
host: ${{ secrets.SERVER_HOST }}
port: ${{ secrets.SSH_PORT }}
username: ${{ secrets.SERVER_USER }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
source: "./deploy/"
target: "/opt/safeturned"
strip_components: 0
- name: Debug server files
uses: appleboy/ssh-action@v1
with:
host: ${{ secrets.SERVER_HOST }}
port: ${{ secrets.SSH_PORT }}
username: ${{ secrets.SERVER_USER }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
script: |
echo "=== Debugging server files ==="
echo "Current directory: $(pwd)"
echo "Opt directory contents:"
ls -la /opt/
echo "Safeturned directory contents:"
ls -la /opt/safeturned/ || echo "Directory does not exist"
echo "=== Checking if deploy.sh exists ==="
if [ -f "/opt/safeturned/deploy.sh" ]; then
echo "✅ deploy.sh exists"
ls -la /opt/safeturned/deploy.sh
else
echo "❌ deploy.sh does not exist"
echo "Files in /opt/safeturned/:"
ls -la /opt/safeturned/ || echo "Directory is empty"
fi
echo "=== Checking deploy subdirectory ==="
if [ -d "/opt/safeturned/deploy" ]; then
echo "✅ deploy directory exists"
echo "Files in deploy directory:"
ls -la /opt/safeturned/deploy/
if [ -f "/opt/safeturned/deploy/deploy.sh" ]; then
echo "✅ deploy.sh exists in deploy directory"
ls -la /opt/safeturned/deploy/deploy.sh
else
echo "❌ deploy.sh does not exist in deploy directory"
fi
else
echo "❌ deploy directory does not exist"
fi
- name: Deploy to server
uses: appleboy/ssh-action@v1
with:
host: ${{ secrets.SERVER_HOST }}
port: ${{ secrets.SSH_PORT }}
username: ${{ secrets.SERVER_USER }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
script: |
echo "=== Starting deployment ==="
echo "Current directory: $(pwd)"
# Check if we're in the right directory
if [ -f "/opt/safeturned/deploy/deploy.sh" ]; then
echo "✅ Found deploy.sh in deploy directory"
cd /opt/safeturned/deploy
./deploy.sh
elif [ -f "/opt/safeturned/deploy.sh" ]; then
echo "✅ Found deploy.sh in root directory"
cd /opt/safeturned
./deploy.sh
else
echo "❌ deploy.sh not found"
echo "Available files:"
ls -la /opt/safeturned/
if [ -d "/opt/safeturned/deploy" ]; then
echo "Files in deploy directory:"
ls -la /opt/safeturned/deploy/
fi
exit 1
fi
#- name: Create Release
# if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main'
# uses: actions/create-release@v1
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# with:
# tag_name: v${{ github.run_number }}
# release_name: Release v${{ github.run_number }}
# body: |
# ## Changes
# - Built from commit: ${{ github.sha }}
#
# draft: false
# prerelease: false