@@ -22,16 +22,27 @@ jobs:
2222 echo "${{ secrets.SSH_KEY }}" > ~/.ssh/id_ed25519
2323 chmod 600 ~/.ssh/id_ed25519
2424
25+ # Use Service Tokens to bypass the Cloudflare Access login screen
2526 cat <<EOF > ~/.ssh/config
2627 Host ${{ secrets.SSH_HOST }}
27- ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h
28+ ProxyCommand /usr/local/bin/cloudflared access ssh --hostname %h --service-token-id ${{ secrets.CF_CLIENT_ID }} --service-token-secret ${{ secrets.CF_CLIENT_SECRET }}
2829 EOF
2930
30- ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} << 'EOF'
31+ # Sync the project files to the VPS
32+ rsync -e "ssh -o StrictHostKeyChecking=no" -avz --delete --exclude '.git' . ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }}:/var/www/${{ github.event.repository.name }}
33+
34+ # Build and Restart on the VPS
35+ ssh -o StrictHostKeyChecking=no ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} << 'EOF'
3136 cd /var/www/${{ github.event.repository.name }}
3237
33- git pull origin main
38+ # 1. Build the environment using Nixpacks
39+ /usr/bin/nixpacks build . --name ${{ github.event.repository.name }}
40+
41+ # 2. Restart the app using the fixed PM2 path
42+ # We delete first to ensure a clean start with the new build
43+ /usr/bin/pm2 delete ${{ github.event.repository.name }} || true
44+ /usr/bin/pm2 start "pnpm start" --name ${{ github.event.repository.name }}
3445
35- sudo nixpacks build . --name ${{ github.event.repository.name }}
36- sudo pm2 restart ${{ github.event.repository.name }} || sudo pm2 start "nixpacks run ." --name ${{ github.event.repository.name }}
46+ # 3. Save the process list for reboots
47+ /usr/bin/ pm2 save
3748 EOF
0 commit comments