linus/Workshop-Wahlen
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases 1 Activity

upstream develop
All checks were successful
Deploy Workshop-Wahlen (DEV / PROD) / deploy (push) Successful in 33s
Details

Browse Source
This commit is contained in:
ProgrammGamer
2026-02-06 19:40:17 +01:00
parent 077ba03a3f
commit a65651358a
1 changed files with 23 additions and 35 deletions
Download Patch File Download Diff File Expand all files Collapse all files

58
.gitea/workflows/deploy.yml
View File

@@ -51,25 +51,25 @@ jobs:
# ===================== # =====================
# PROD DEPLOY (FTP) # PROD DEPLOY (FTP)
# ===================== # =====================
- name: Deploy to PROD via Docker (SSH) - name: Deploy to PROD via SSH
if: github.ref == 'refs/heads/main' if: github.ref == 'refs/heads/main'
env: env:
SSH_HOST: ${{ secrets.PROD_SSH_HOST }} SSH_HOST: ${{ secrets.PROD_SSH_HOST }}
SSH_USER: ${{ secrets.PROD_SSH_USER }} SSH_USER: ${{ secrets.PROD_SSH_USER }}
SSH_PORT: ${{ secrets.PROD_SSH_PORT }} SSH_PORT: ${{ secrets.PROD_SSH_PORT }}
SSH_KEY: ${{ secrets.PROD_SSH_PRIVATE_KEY }} SSH_KEY: ${{ secrets.PROD_SSH_PRIVATE_KEY }}
WP_CONTAINER: ${{ secrets.PROD_WP_CONTAINER }} HOST_WP_ROOT: ${{ secrets.PROD_HOST_WP_ROOT }}
WP_PLUGIN_PATH: ${{ secrets.PROD_WP_PLUGIN_PATH }} HOST_ABS_PLUGIN_PATH: ${{ secrets.PROD_HOST_ABS_PLUGIN_PATH }}
HOST_PLUGIN_PATH: ${{ secrets.PROD_HOST_PLUGIN_PATH }}
run: | run: |
set -euo pipefail set -euo pipefail
apt-get update apt-get update
# docker-cli needed to talk to remote engine; openssh-client to auth; tar for packaging with excludes # openssh-client to auth; tar for packaging with excludes
apt-get install -y docker.io openssh-client tar apt-get install -y openssh-client tar
# Prepare SSH key # Prepare SSH key
mkdir -p ~/.ssh mkdir -p ~/.ssh
echo "$SSH_KEY" > ~/.ssh/prod_docker_key # Write the multiline private key exactly as provided
printf "%s\n" "$SSH_KEY" > ~/.ssh/prod_docker_key
chmod 600 ~/.ssh/prod_docker_key chmod 600 ~/.ssh/prod_docker_key
# Write SSH config so DOCKER_HOST can reference a named host # Write SSH config so DOCKER_HOST can reference a named host
@@ -79,22 +79,14 @@ jobs:
User ${SSH_USER} User ${SSH_USER}
Port ${SSH_PORT} Port ${SSH_PORT}
IdentityFile ~/.ssh/prod_docker_key IdentityFile ~/.ssh/prod_docker_key
IdentitiesOnly yes
PubkeyAuthentication yes
StrictHostKeyChecking accept-new StrictHostKeyChecking accept-new
CFG CFG
# Prime known_hosts (optional, StrictHostKeyChecking accept-new will handle first connect) # Prime known_hosts (optional, StrictHostKeyChecking accept-new will handle first connect)
ssh-keyscan -p "$SSH_PORT" "$SSH_HOST" >> ~/.ssh/known_hosts || true ssh-keyscan -p "$SSH_PORT" "$SSH_HOST" >> ~/.ssh/known_hosts || true
# Point docker CLI to remote engine over SSH
export DOCKER_HOST=ssh://prod-docker
# Sanity checks
docker info > /dev/null
docker ps --format 'table {{.Names}}\t{{.Status}}'
# Defaults if path not provided
: "${WP_PLUGIN_PATH:=/var/www/html/wp-content/plugins/konficastle-workshopwahl}"
# Create a tarball with excludes to avoid copying VCS and CI folders # Create a tarball with excludes to avoid copying VCS and CI folders
TAR_FILE="/tmp/kc-plugin.tar.gz" TAR_FILE="/tmp/kc-plugin.tar.gz"
tar -czf "$TAR_FILE" \ tar -czf "$TAR_FILE" \
@@ -107,23 +99,19 @@ jobs:
--exclude "*.md" \ --exclude "*.md" \
. .
if [ -n "${HOST_PLUGIN_PATH}" ]; then # Choose target path: prefer absolute plugin path; otherwise derive from HOST_WP_ROOT
echo "Deploying to host path relative to root's home: ~/${HOST_PLUGIN_PATH}" if [ -n "${HOST_ABS_PLUGIN_PATH}" ]; then
# Upload tarball to host home and extract to ~/${HOST_PLUGIN_PATH} echo "Deploying to absolute host path: ${HOST_ABS_PLUGIN_PATH}"
scp -o StrictHostKeyChecking=accept-new -i ~/.ssh/prod_docker_key "$TAR_FILE" prod-docker:~/kc-plugin.tar.gz REMOTE_PATH_DECL="PLUGIN_PATH=\"${HOST_ABS_PLUGIN_PATH%/}\""
ssh prod-docker "mkdir -p \"~/${HOST_PLUGIN_PATH}\" && rm -rf \"~/${HOST_PLUGIN_PATH}\"/* && tar -xzf \"~/kc-plugin.tar.gz\" -C \"~/${HOST_PLUGIN_PATH}\" && rm -f \"~/kc-plugin.tar.gz\"" elif [ -n "${HOST_WP_ROOT}" ]; then
# Verify on host echo "Deploying to host path relative to remote home: \$HOME/${HOST_WP_ROOT%/}/wp-content/plugins/konficastle-workshopwahl"
ssh prod-docker "ls -la \"~/${HOST_PLUGIN_PATH}\" | head -n 50" REMOTE_PATH_DECL="PLUGIN_PATH=\$HOME/${HOST_WP_ROOT%/}/wp-content/plugins/konficastle-workshopwahl"
else else
echo "Deploying directly into container plugin path" echo "Error: set PROD_HOST_ABS_PLUGIN_PATH (absolute) or PROD_HOST_WP_ROOT (relative)" >&2
# Defaults if path not provided (container path) exit 1
: "${WP_PLUGIN_PATH:=/var/www/html/wp-content/plugins/konficastle-workshopwahl}"
# Copy tarball into the container
docker cp "$TAR_FILE" "${WP_CONTAINER}:/tmp/kc-plugin.tar.gz"
# Replace plugin contents inside the container and clean up
docker exec "${WP_CONTAINER}" bash -lc "mkdir -p '${WP_PLUGIN_PATH}' && rm -rf '${WP_PLUGIN_PATH}'/* && tar -xzf /tmp/kc-plugin.tar.gz -C '${WP_PLUGIN_PATH}' && rm -f /tmp/kc-plugin.tar.gz"
# List deployed files for verification inside container
docker exec "${WP_CONTAINER}" bash -lc "ls -la '${WP_PLUGIN_PATH}' | head -n 50"
fi fi
# Upload tarball to host home and extract
scp -o StrictHostKeyChecking=accept-new -o IdentitiesOnly=yes -i ~/.ssh/prod_docker_key "$TAR_FILE" prod-docker:~/kc-plugin.tar.gz
# Use \$HOME for remote expansion (tilde does not expand inside quotes)
ssh prod-docker "$REMOTE_PATH_DECL; mkdir -p \"\$PLUGIN_PATH\" && rm -rf \"\$PLUGIN_PATH\"/* && tar -xzf \"\$HOME/kc-plugin.tar.gz\" -C \"\$PLUGIN_PATH\" && rm -f \"\$HOME/kc-plugin.tar.gz\" && ls -la \"\$PLUGIN_PATH\" | head -n 50"