Release #49
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release | |
| permissions: | |
| packages: write | |
| contents: write | |
| on: | |
| workflow_run: | |
| workflows: ["Build Container"] | |
| types: | |
| - completed | |
| branches: | |
| - main | |
| - master | |
| workflow_dispatch: | |
| env: | |
| DOCKER_BUILDKIT: 1 | |
| SERVICESTACK_LICENSE: ${{ secrets.SERVICESTACK_LICENSE }} | |
| APPSETTINGS_JSON: ${{ secrets.APPSETTINGS_JSON }} | |
| KAMAL_DEPLOY_IP: ${{ secrets.KAMAL_DEPLOY_IP }} | |
| KAMAL_DEPLOY_HOST: ${{ secrets.KAMAL_DEPLOY_HOST }} | |
| KAMAL_REGISTRY_USERNAME: ${{ github.actor }} | |
| KAMAL_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }} | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v5 | |
| - name: Encode APPSETTINGS_JSON for runtime | |
| if: env.APPSETTINGS_JSON != null | |
| run: | | |
| # Base64 encode to avoid shell/YAML quoting issues; keep as a single env var. | |
| b64=$(printf '%s' "$APPSETTINGS_JSON" | base64 -w0) | |
| echo "APPSETTINGS_JSON_BASE64=$b64" >> $GITHUB_ENV | |
| - name: Set up environment variables | |
| run: | | |
| echo "IMAGE=ghcr.io/$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV | |
| repo_name="$(echo ${{ github.repository }} | cut -d '/' -f 2)" | |
| echo "SERVICE=$(echo $repo_name | tr '[:upper:]' '[:lower:]' | tr '.' '-')" >> $GITHUB_ENV | |
| if find . -maxdepth 2 -type f -name "Configure.Db.Migrations.cs" | grep -q .; then | |
| echo "HAS_MIGRATIONS=true" >> $GITHUB_ENV | |
| else | |
| echo "HAS_MIGRATIONS=false" >> $GITHUB_ENV | |
| fi | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Set up SSH key | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} | |
| - name: Setup Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: 3.3.0 | |
| bundler-cache: true | |
| - name: Install Kamal | |
| run: gem install kamal -v 2.3.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver-opts: image=moby/buildkit:master | |
| - name: Kamal bootstrap | |
| run: | | |
| kamal server bootstrap | |
| - name: Ensure directories exist with correct permissions | |
| run: | | |
| echo "Creating directories with correct permissions" | |
| kamal server exec "mkdir -p /opt/docker/${{ env.SERVICE }}/App_Data /opt/docker/${{ env.SERVICE }}/initdb.d" | |
| echo "Setting app file permissions" | |
| kamal server exec "chown -R 1654:1654 /opt/docker/${{ env.SERVICE }}/App_Data /opt/docker/${{ env.SERVICE }}/initdb.d" | |
| - name: Check if first run and execute kamal app boot if necessary | |
| run: | | |
| FIRST_RUN_FILE="~/first-run/${{ env.SERVICE }}" | |
| if ! kamal server exec -q "test -f $FIRST_RUN_FILE"; then | |
| kamal server exec -q "mkdir -p ~/first-run && touch $FIRST_RUN_FILE" || true | |
| if [ -n "${{env.INIT_DB_SQL}}" ]; then | |
| echo "Initializing DB with INIT_DB_SQL secret..." | |
| # Save the SQL content to a temporary file | |
| echo "${{ env.INIT_DB_SQL }}" > init-db.sql | |
| cat init-db.sql | kamal server exec -i "cat > /opt/docker/${{ env.SERVICE }}/initdb.d/${{ env.SERVICE }}.sql" && rm init-db.sql || true | |
| fi | |
| # Start all kamal accessories | |
| kamal accessory boot all || true | |
| # Deploy latest version | |
| kamal deploy -q -P --version latest || true | |
| else | |
| echo "Not first run, skipping kamal app boot" | |
| fi | |
| - name: Verify file permissions before deploy | |
| run: | | |
| kamal server exec --no-interactive "chown -R 1654:1654 /opt/docker/${{ env.SERVICE }}/App_Data /opt/docker/${{ env.SERVICE }}/initdb.d" | |
| - name: Deploy with Kamal | |
| run: | | |
| kamal lock release -v | |
| kamal server exec --no-interactive 'echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin' | |
| kamal server exec --no-interactive 'docker pull ${{ env.IMAGE }}:latest' | |
| kamal deploy -P --version latest | |
| - name: Migration | |
| if: env.HAS_MIGRATIONS == 'true' | |
| run: | | |
| kamal app exec --no-reuse --no-interactive --version=latest "--AppTasks=migrate" |