Update GitHub Actions

Author: mythz

.github/workflows/build-container.yml

@@ -15,8 +15,7 @@ on:
 # Only update envs here if you need to change them for this workflow
 env:
   DOCKER_BUILDKIT: 1
-  KAMAL_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
-  KAMAL_REGISTRY_USERNAME: ${{ github.actor }}
+  KAMAL_DEPLOY_HOST: ${{ secrets.KAMAL_DEPLOY_HOST }}
 
 jobs:
   build-container:
@@ -28,18 +27,34 @@ jobs:
 
       - name: Set up environment variables
         run: |
-          echo "image_repository_name=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
-          echo "repository_name=$(echo ${{ github.repository }} | cut -d '/' -f 2)" >> $GITHUB_ENV
-          echo "repository_name_lower=$(echo ${{ github.repository }} | cut -d '/' -f 2 | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
-          echo "org_name=$(echo ${{ github.repository }} | cut -d '/' -f 1)" >> $GITHUB_ENV
+          echo "IMAGE=ghcr.io/$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
+          repo_name="$(echo ${{ github.repository }} | cut -d '/' -f 2)"
+
+          # Set SERVICE: derive from repo name (replace dots with dashes)
+          echo "SERVICE=$(echo $repo_name | tr '[:upper:]' '[:lower:]' | tr '.' '-')" >> $GITHUB_ENV
+
+          # Set KAMAL_DEPLOY_HOST: use secret if available, otherwise use repository name
+          if [ -n "${{ secrets.KAMAL_DEPLOY_HOST }}" ]; then
+            DEPLOY_HOST="${{ secrets.KAMAL_DEPLOY_HOST }}"
+          else
+            DEPLOY_HOST="$repo_name"
+          fi
+
+          # Validate KAMAL_DEPLOY_HOST contains at least one '.'
+          if [[ ! "$DEPLOY_HOST" == *.* ]]; then
+            echo "Error: KAMAL_DEPLOY_HOST must contain a hostname, e.g. example.com (got: $DEPLOY_HOST)"
+            exit 1
+          fi
+
+          echo "KAMAL_DEPLOY_HOST=$DEPLOY_HOST" >> $GITHUB_ENV
 
       # This step is for the deployment of the templates only, safe to delete
       - name: Modify csproj for template deploy
         env: 
           KAMAL_DEPLOY_IP: ${{ secrets.KAMAL_DEPLOY_IP }}
         if: env.KAMAL_DEPLOY_IP != null
         run: |
-          sed -i 's#<ContainerLabel Include="service" Value="my-app" />#<ContainerLabel Include="service" Value="${{ env.repository_name_lower }}" />#g' MyApp/MyApp.csproj
+          sed -i 's#<ContainerLabel Include="service" Value="my-app" />#<ContainerLabel Include="service" Value="${{ env.SERVICE }}" />#g' MyApp/MyApp.csproj
 
       - name: Check for Client directory and package.json
         id: check_client
@@ -54,39 +69,37 @@ jobs:
         if: steps.check_client.outputs.client_exists == 'true'
         uses: actions/setup-node@v3
         with:
-          node-version: 22
+          node-version: 24
 
       - name: Install npm dependencies
         if: steps.check_client.outputs.client_exists == 'true'
         working-directory: ./MyApp.Client
         run: npm install
 
-      - name: Install x tool
-        run: dotnet tool install -g x
-
-      - name: Apply Production AppSettings
-        env:
-          APPSETTINGS_PATCH: ${{ secrets.APPSETTINGS_PATCH }}      
-        if: env.APPSETTINGS_PATCH != null
-        working-directory: ./MyApp
-        run: |
-          cat <<EOF >> appsettings.json.patch
-          ${{ secrets.APPSETTINGS_PATCH }}
-          EOF
-          x patch appsettings.json.patch
+      - name: Build client
+        if: steps.check_client.outputs.client_exists == 'true'
+        working-directory: ./MyApp.Client
+        run: npm run build
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
-          username: ${{ env.KAMAL_REGISTRY_USERNAME }}
-          password: ${{ env.KAMAL_REGISTRY_PASSWORD }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Setup .NET
         uses: actions/setup-dotnet@v5
         with:
           dotnet-version: 10.0.x
 
       - name: Build and push Docker image
+        env:
+          SERVICESTACK_LICENSE: ${{ secrets.SERVICESTACK_LICENSE }}
+          KAMAL_DEPLOY_HOST: ${{ secrets.KAMAL_DEPLOY_HOST }}
         run: |
-          dotnet publish --os linux --arch x64 -c Release -p:ContainerRepository=${{ env.image_repository_name }} -p:ContainerRegistry=ghcr.io -p:ContainerImageTags=latest -p:ContainerPort=80
+          dotnet publish --os linux --arch x64 -c Release \
+            -p:ContainerRepository=${{ env.IMAGE }} \
+            -p:ContainerRegistry=ghcr.io -p:ContainerImageTags=latest \
+            -p:ContainerPort=80 \
+            -p:ContainerEnvironmentVariable="SERVICESTACK_LICENSE=${{ env.SERVICESTACK_LICENSE }}"

.github/workflows/build.yml

@@ -1,4 +1,3 @@
-
 name: Build
 
 on:

.github/workflows/release.yml

@@ -15,6 +15,7 @@ on:
 env:
   DOCKER_BUILDKIT: 1
   SERVICESTACK_LICENSE: ${{ secrets.SERVICESTACK_LICENSE }}
+  APPSETTINGS_JSON: ${{ secrets.APPSETTINGS_JSON }}
   KAMAL_DEPLOY_IP: ${{ secrets.KAMAL_DEPLOY_IP }}
   KAMAL_DEPLOY_HOST: ${{ secrets.KAMAL_DEPLOY_HOST }}
   KAMAL_REGISTRY_USERNAME: ${{ github.actor }}
@@ -28,12 +29,18 @@ jobs:
       - name: Checkout code
         uses: actions/checkout@v5
 
+      - name: Encode APPSETTINGS_JSON for runtime
+        if: env.APPSETTINGS_JSON != null
+        run: |
+          # Base64 encode to avoid shell/YAML quoting issues; keep as a single env var.
+          b64=$(printf '%s' "$APPSETTINGS_JSON" | base64 -w0)
+          echo "APPSETTINGS_JSON_BASE64=$b64" >> $GITHUB_ENV
+
       - name: Set up environment variables
         run: |
-          echo "image_repository_name=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
-          echo "repository_name=$(echo ${{ github.repository }} | cut -d '/' -f 2)" >> $GITHUB_ENV
-          echo "repository_name_lower=$(echo ${{ github.repository }} | cut -d '/' -f 2 | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
-          echo "org_name=$(echo ${{ github.repository }} | cut -d '/' -f 1)" >> $GITHUB_ENV
+          echo "IMAGE=ghcr.io/$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
+          repo_name="$(echo ${{ github.repository }} | cut -d '/' -f 2)"
+          echo "SERVICE=$(echo $repo_name | tr '[:upper:]' '[:lower:]' | tr '.' '-')" >> $GITHUB_ENV
           if find . -maxdepth 2 -type f -name "Configure.Db.Migrations.cs" | grep -q .; then
             echo "HAS_MIGRATIONS=true" >> $GITHUB_ENV
           else
@@ -73,22 +80,22 @@ jobs:
       - name: Ensure directories exist with correct permissions
         run: |
           echo "Creating directories with correct permissions"
-          kamal server exec "mkdir -p /opt/docker/${{ env.repository_name }}/App_Data /opt/docker/${{ env.repository_name }}/initdb.d"
+          kamal server exec "mkdir -p /opt/docker/${{ env.SERVICE }}/App_Data /opt/docker/${{ env.SERVICE }}/initdb.d"
 
           echo "Setting app file permissions"
-          kamal server exec "chown -R 1654:1654 /opt/docker/${{ env.repository_name }}/App_Data /opt/docker/${{ env.repository_name }}/initdb.d"
+          kamal server exec "chown -R 1654:1654 /opt/docker/${{ env.SERVICE }}/App_Data /opt/docker/${{ env.SERVICE }}/initdb.d"
 
       - name: Check if first run and execute kamal app boot if necessary
         run: |
-          FIRST_RUN_FILE="~/first-run/${{ env.repository_name }}"
+          FIRST_RUN_FILE="~/first-run/${{ env.SERVICE }}"
           if ! kamal server exec -q "test -f $FIRST_RUN_FILE"; then
             kamal server exec -q "mkdir -p ~/first-run && touch $FIRST_RUN_FILE" || true
 
             if [ -n "${{env.INIT_DB_SQL}}" ]; then
               echo "Initializing DB with INIT_DB_SQL secret..."
               # Save the SQL content to a temporary file
               echo "${{ env.INIT_DB_SQL }}" > init-db.sql
-              cat init-db.sql | kamal server exec -i "cat > /opt/docker/${{ env.repository_name }}/initdb.d/${{ env.repository_name }}.sql" && rm init-db.sql || true
+              cat init-db.sql | kamal server exec -i "cat > /opt/docker/${{ env.SERVICE }}/initdb.d/${{ env.SERVICE }}.sql" && rm init-db.sql || true
             fi
             # Start all kamal accessories
             kamal accessory boot all || true
@@ -101,13 +108,13 @@ jobs:
 
       - name: Verify file permissions before deploy
         run: |
-          kamal server exec --no-interactive "chown -R 1654:1654 /opt/docker/${{ env.repository_name }}/App_Data /opt/docker/${{ env.repository_name }}/initdb.d"
+          kamal server exec --no-interactive "chown -R 1654:1654 /opt/docker/${{ env.SERVICE }}/App_Data /opt/docker/${{ env.SERVICE }}/initdb.d"
 
       - name: Deploy with Kamal
         run: |
           kamal lock release -v
           kamal server exec --no-interactive 'echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin'
-          kamal server exec --no-interactive 'docker pull ghcr.io/${{ env.image_repository_name }}:latest'
+          kamal server exec --no-interactive 'docker pull ${{ env.IMAGE }}:latest'
           kamal deploy -P --version latest
 
       - name: Migration

.kamal/secrets

@@ -6,6 +6,7 @@
 KAMAL_REGISTRY_PASSWORD=$KAMAL_REGISTRY_PASSWORD
 KAMAL_REGISTRY_USERNAME=$KAMAL_REGISTRY_USERNAME
 SERVICESTACK_LICENSE=$SERVICESTACK_LICENSE
+APPSETTINGS_JSON_BASE64=$APPSETTINGS_JSON_BASE64
 
 # Option 2: Read secrets via a command
 # RAILS_MASTER_KEY=$(cat config/master.key)

config/deploy.yml

@@ -1,19 +1,22 @@
+# <% require "dotenv"; Dotenv.load(".env") %>
 # Kamal deploy config for this repository. Uses environment variables:
-# - GITHUB_REPOSITORY (e.g. acme/example.org)   - from GitHub Action ${github.repository}
-# - KAMAL_REGISTRY_USERNAME (e.g. my-user)      - from GitHub Action ${github.actor}
-# - KAMAL_REGISTRY_PASSWORD ($GITHUB_TOKEN)     - from GitHub Action ${secrets.GITHUB_TOKEN}
-# - KAMAL_DEPLOY_IP (e.g. 100.100.100.100)      - from GitHub Action Secret
-# - KAMAL_DEPLOY_HOST (e.g. example.org)        - from GitHub Action Secret
-# - POSTGRES_PASSWORD (e.g. random-password)    - from GitHub Action Secret
-
+# - GITHUB_REPOSITORY (e.g. acme/example.org) - from GitHub Action ${github.repository}
+#     SERVICE (e.g. example-org)
+#     IMAGE   (e.g. ghcr.io/acme/example.org)
+# - KAMAL_REGISTRY_USERNAME (e.g. my-user)    - from GitHub Action ${github.actor}
+# - KAMAL_REGISTRY_PASSWORD ($GITHUB_TOKEN)   - from GitHub Action ${secrets.GITHUB_TOKEN}
+# - KAMAL_DEPLOY_IP (e.g. 100.100.100.100)    - from GitHub Action Secret
+# - KAMAL_DEPLOY_HOST (e.g. example.org)      - from GitHub Action Secret
+# - POSTGRES_PASSWORD (e.g. random-password)  - from GitHub Action Secret
+#
 # Using environment variables keeps this configuration reusable across multiple apps.
-# For a simpler, app-specific setup, you can replace them with hard-coded values.
+# For a simpler app-specific setup (without needing .env), they can be replaced with hard-coded values.
 
 # Name of your application. Used to uniquely configure containers. (e.g. example-org)
-service: <%= ENV['GITHUB_REPOSITORY'].to_s.split('/').last.tr('.', '-') %>
+service: <%= ENV['SERVICE'] %>
 
-# Name of the container image. (e.g. ghcr.io/acne/example.org)
-image: ghcr.io/<%= ENV['GITHUB_REPOSITORY'].to_s.downcase %>
+# Name of the container image. (e.g. ghcr.io/acme/example.org)
+image: <%= ENV['IMAGE'] %>
 
 # Required for use of ASP.NET Core with Kamal-Proxy.
 env:
@@ -22,6 +25,7 @@ env:
   # secrets from ./kamal/secrets
   secret:
     - SERVICESTACK_LICENSE
+    - APPSETTINGS_JSON_BASE64
 
 # Deploy to these servers.
 servers:
@@ -56,7 +60,7 @@ builder:
   arch: amd64
 
 volumes:
-  - "/opt/docker/<%= ENV['GITHUB_REPOSITORY'].to_s.split('/').last %>/App_Data:/app/App_Data"
+  - "/opt/docker/<%= ENV['SERVICE'] %>/App_Data:/app/App_Data"
 
 #accessories:
 #  litestream: