Skip to content
Deploy

Update Deploy.yml #33

Sign in to view logs

Update Deploy.yml

Update Deploy.yml #33

Workflow file for this run

.github/workflows/Deploy.yml at d5a80e8
name: Deploy
on:
push:
branches: [ master ]
workflow_dispatch:
env:
DOCKER_REGISTRY: ghcr.io
IMAGE_NAME: safeturned/api
jobs:
deploy:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout code with submodules
uses: actions/checkout@v4
with:
submodules: recursive
token: ${{ secrets.GITHUB_TOKEN }}
- name: Force initialize submodule
run: |
echo "=== Force initializing FileChecker submodule ==="
git submodule add --force https://github.com/Safeturned/FileChecker.git FileChecker || true
git submodule update --init --recursive
echo "=== Checking submodule status ==="
git submodule status
echo "=== FileChecker directory contents ==="
ls -la FileChecker/
echo "=== FileChecker/src directory contents ==="
ls -la FileChecker/src/
- name: Setup .NET
uses: actions/setup-dotnet@v4
env:
DOTNET_NOLOGO: true
DOTNET_SKIP_FIRST_TIME_EXPERIENCE: true
DOTNET_CLI_TELEMETRY_OPTOUT: true
with:
dotnet-version: 9.*
- name: Setup Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Install Aspire CLI
run: dotnet tool install --global Aspire.Cli
- name: Publish with Aspire
run: |
aspire publish -o ./publish/aspire
- name: Debug Aspire output
run: |
echo "=== Aspire publish output ==="
ls -la ./publish/aspire/
- name: Login to GHCR
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin
- name: Find and tag Docker image
run: |
# Look for the built image with various possible names
BUILT_IMAGE=$(docker images --format "{{.Repository}}:{{.Tag}}" | grep -E "(safeturned-api|safeturned-api)" | head -n 1)
if [ -z "$BUILT_IMAGE" ]; then
# Try to find any image with safeturned in the name
BUILT_IMAGE=$(docker images --format "{{.Repository}}:{{.Tag}}" | grep safeturned | head -n 1)
fi
if [ -z "$BUILT_IMAGE" ]; then
# List all images for debugging
echo "Available Docker images:"
docker images
echo "❌ No built image found"
exit 1
fi
echo "Found built image: $BUILT_IMAGE"
# Tag for GHCR
docker tag "$BUILT_IMAGE" "ghcr.io/safeturned/api:latest"
docker tag "$BUILT_IMAGE" "ghcr.io/safeturned/api:v${{ github.run_number }}"
echo "✅ Image tagged successfully"
- name: Push Docker image
run: |
# Push both latest and versioned tags
docker push "ghcr.io/safeturned/api:latest"
docker push "ghcr.io/safeturned/api:v${{ github.run_number }}"
echo "✅ Images pushed successfully"
- name: Create deployment package
run: |
mkdir -p ./deploy
# Copy Aspire generated files
cp ./publish/aspire/docker-compose.yaml ./deploy/
cp ./publish/aspire/.env ./deploy/ 2>/dev/null || true
# Create override to use registry image and expose port
cat > ./deploy/docker-compose.override.yaml << EOF
services:
safeturned-api:
image: ghcr.io/safeturned/api:latest
ports:
- "8081:8081" # Map host port to container port
healthcheck:
test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:8081/health"]
interval: 30s
timeout: 10s
retries: 3
start_period: 60s
EOF
# Create deployment script
cat > ./deploy/deploy.sh << 'EOF'
#!/bin/bash
set -e
echo "Starting deployment..."
# Stop existing containers
docker compose down || true
# Pull the latest image from registry
echo "Pulling latest image from registry..."
docker pull ghcr.io/safeturned/api:latest || echo "Image pull failed, will build locally"
# Start with Aspire's docker-compose
docker compose up -d
# Wait for services to be healthy
echo "Waiting for services to be healthy..."
timeout 120 bash -c 'until docker compose ps | grep -q "healthy"; do sleep 10; echo "Still waiting for healthy services..."; done' || echo "Warning: Some services may not be healthy"
# Show final status
echo "Final container status:"
docker compose ps
echo "Deployment completed successfully!"
echo "API is available on port 8081 for Cloudflare Tunnel"
EOF
chmod +x ./deploy/deploy.sh
echo "Deployment package created in ./deploy/"
- name: Copy files to server
uses: appleboy/scp-action@v1
with:
host: ${{ secrets.SERVER_HOST }}
port: ${{ secrets.SSH_PORT }}
username: ${{ secrets.SERVER_USER }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
source: "./deploy/deploy.sh,./deploy/docker-compose.yaml,./deploy/docker-compose.override.yaml"
target: "/opt/safeturned"
- name: Deploy to server
uses: appleboy/ssh-action@v1
with:
host: ${{ secrets.SERVER_HOST }}
port: ${{ secrets.SSH_PORT }}
username: ${{ secrets.SERVER_USER }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
script: |
echo "=== Starting deployment ==="
# Go to the deploy directory where files are copied
cd /opt/safeturned/deploy
# Run deployment
./deploy.sh
- name: Verify deployment
uses: appleboy/ssh-action@v1
with:
host: ${{ secrets.SERVER_HOST }}
port: ${{ secrets.SSH_PORT }}
username: ${{ secrets.SERVER_USER }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
script: |
echo "=== Verifying deployment ==="
cd /opt/safeturned
echo "=== Container Status ==="
docker compose ps
echo "=== Port Check ==="
netstat -tlnp | grep 8081 || echo "Port 8081 not listening"
echo "=== Test API from host ==="
curl -f -s http://localhost:8081/health && echo "✅ API is responding" || echo "❌ API not responding"
echo "=== Deployment verification completed ==="
#- name: Create Release
# if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main'
# uses: actions/create-release@v1
# env:
# GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
# with:
# tag_name: v${{ github.run_number }}
# release_name: Release v${{ github.run_number }}
# body: |
# ## Changes
# - Built from commit: ${{ github.sha }}
#
# draft: false
# prerelease: false