|
1 | | -name: Deploy App |
2 | | -on: |
3 | | - push: |
4 | | - branches: [ main ] |
5 | | - |
6 | | -jobs: |
7 | | - deploy: |
8 | | - runs-on: ubuntu-latest |
9 | | - steps: |
10 | | - - name: Checkout Code |
11 | | - uses: actions/checkout@v4 |
12 | | - |
13 | | - - name: Install Cloudflared on Runner |
14 | | - run: | |
15 | | - curl -L https://github.com/cloudflare/cloudflared/releases/latest/download/cloudflared-linux-amd64 -o cloudflared |
16 | | - chmod +x cloudflared |
17 | | - sudo mv cloudflared /usr/local/bin/ |
18 | | -
|
19 | | - - name: Deploy via Cloudflare Tunnel |
| 1 | +- name: Deploy via Cloudflare Tunnel |
20 | 2 | run: | |
| 3 | + # 1. Prepare the SSH Key |
21 | 4 | mkdir -p ~/.ssh |
22 | | - echo "${{ secrets.SSH_KEY }}" > ~/.ssh/id_ed25519 |
23 | | - chmod 600 ~/.ssh/id_ed25519 |
| 5 | + echo "${{ secrets.SSH_KEY }}" > ~/.ssh/deploy_key |
| 6 | + chmod 600 ~/.ssh/deploy_key |
24 | 7 |
|
25 | | - # ProxyCommand using Service Token for Zero Trust bypass |
| 8 | + # 2. Define the Cloudflare Proxy Command |
| 9 | + # This tells SSH to "tunnel" through Cloudflare using your Service Token |
26 | 10 | PROXY="cloudflared access ssh --hostname ${{ secrets.SSH_HOST }} --id ${{ secrets.CF_CLIENT_ID }} --secret ${{ secrets.CF_CLIENT_SECRET }}" |
27 | 11 |
|
28 | | - # Sync files to VPS |
29 | | - rsync -e "ssh -o StrictHostKeyChecking=no -o ProxyCommand='$PROXY'" -avz --delete --exclude '.git' . ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }}:/var/www/${{ github.event.repository.name }} |
| 12 | + # 3. Run RSYNC (Syncing the code) |
| 13 | + # We use -e to pass the specific SSH command with the Proxy |
| 14 | + rsync -e "ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no -o ProxyCommand='$PROXY'" \ |
| 15 | + -avz --delete --exclude '.git' . \ |
| 16 | + ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }}:/var/www/${{ github.event.repository.name }} |
30 | 17 |
|
31 | | - # Build and Restart App |
32 | | - ssh -o StrictHostKeyChecking=no -o ProxyCommand="$PROXY" ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} << 'EOF' |
| 18 | + # 4. Run Build and Restart on VPS |
| 19 | + ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no -o ProxyCommand="$PROXY" \ |
| 20 | + ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} << 'EOF' |
| 21 | + |
| 22 | + # Ensure we are in the right directory |
33 | 23 | cd /var/www/${{ github.event.repository.name }} |
34 | 24 | |
35 | | - # Ensure bin paths are loaded |
| 25 | + # Load the paths for nixpacks and pm2 |
36 | 26 | export PATH=$PATH:/usr/local/bin:/usr/bin |
37 | 27 | |
38 | | - # Build using Nixpacks (Docker will use the WARP proxy we configured) |
| 28 | + # Build the app (Docker will use the WARP proxy we set up on the VPS) |
39 | 29 | nixpacks build . --name ${{ github.event.repository.name }} |
40 | 30 | |
41 | | - # Restart or Start the app |
| 31 | + # Restart the app |
42 | 32 | pm2 restart ${{ github.event.repository.name }} || pm2 start "nixpacks run ." --name ${{ github.event.repository.name }} |
43 | 33 | EOF |
0 commit comments