Skip to content

Deploy

Deploy #20

Workflow file for this run

name: Deploy
on:
workflow_run:
workflows:
- Test
types:
- completed
workflow_dispatch:
inputs:
environment:
description: 'Deploy to environment'
required: true
type: environment
default: 'Stage'
jobs:
setup-check:
runs-on: ubuntu-latest
environment: ${{ inputs.environment || 'Production' }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Check environment variables
uses: ./.github/actions/setup-check
with:
deploy_host: ${{ secrets.DEPLOY_HOST }}
deploy_user: ${{ secrets.DEPLOY_USER }}
deploy_path: ${{ secrets.DEPLOY_PATH }}
deploy_key: ${{ secrets.DEPLOY_KEY }}
deploy:
runs-on: ubuntu-latest
needs: setup-check
environment: ${{ inputs.environment || 'Production' }}
if: ${{ github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch' }}
permissions:
id-token: write
contents: read
env:
DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
DEPLOY_PATH: ${{ secrets.DEPLOY_PATH }}
AWS_ENABLED: ${{ secrets.AWS_ACCOUNT != '' && secrets.AWS_REGION != '' && secrets.AWS_SECURITY_GROUP != '' }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Configure AWS credentials
if: ${{ env.AWS_ENABLED == 'true' }}
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_REGION }}
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT }}:role/MOT-SSH
- name: Get runners public IP address
if: ${{ env.AWS_ENABLED == 'true' }}
id: ip
uses: haythem/[email protected]
- name: Authorize IP address
if: ${{ env.AWS_ENABLED == 'true' }}
id: auth-ip
uses: ./.github/actions/authorize-ip
with:
ip: ${{ steps.ip.outputs.ipv4 }}
sgid: ${{ secrets.AWS_SECURITY_GROUP }}
- name: Start ssh-agent and add key
uses: webfactory/[email protected]
with:
ssh-private-key: ${{ secrets.DEPLOY_KEY }}
- name: Add server to known hosts
run: ssh-keyscan -H $DEPLOY_HOST >> ~/.ssh/known_hosts
- name: Deploy live
run: |
rsync -az --delete \
--exclude '.git' \
--exclude '.github' \
--exclude '.env' \
--exclude 'tests' \
--exclude 'config' \
--exclude 'models/' \
--exclude 'web/sites/*/files' \
--exclude 'web/libraries' \
./ $DEPLOY_USER@$DEPLOY_HOST:$DEPLOY_PATH
- name: Post-deploy tasks
run: |
ssh $DEPLOY_USER@$DEPLOY_HOST << EOF
echo "Deploying to $DEPLOY_PATH"
cd $DEPLOY_PATH
composer install --no-dev --no-progress --optimize-autoloader
./vendor/bin/drush cr
./vendor/bin/drush updb -y
EOF
- name: Revoke IP address
if: ${{ steps.auth-ip.outcome == 'success' }}
uses: ./.github/actions/revoke-ip
with:
ip: ${{ steps.ip.outputs.ipv4 }}
sgid: ${{ secrets.AWS_SECURITY_GROUP }}