Merge pull request #1 from OpenRailAssociation/setup

mxmehl · web-flow · commit 35f2e0ba9a52 · 2025-07-29T17:36:12.000+02:00
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -0,0 +1,241 @@
+name: Deploy Production and Preview
+
+on:
+  workflow_call:
+    inputs:
+      artifact_name:
+        required: true
+        type: string
+      condition_production:
+        required: true
+        type: boolean
+      domain_preview:
+        required: true
+        type: string
+      ssh_host:
+        required: true
+        type: string
+      ssh_user:
+        required: true
+        type: string
+      ssh_port:
+        required: false
+        default: 22
+        type: number
+      ssh_timeout:
+        required: false
+        default: "1m"
+        type: string
+      ssh_command_timeout:
+        required: false
+        default: "2m"
+        type: string
+      ssh_rm:
+        required: false
+        default: true
+        type: boolean
+      ssh_strip_components:
+        required: false
+        default: 1
+        type: number
+      dir_base:
+        required: true
+        type: string
+      dir_production:
+        required: true
+        type: string
+      dir_preview_base:
+        required: true
+        type: string
+      dir_preview_subdir:
+        required: true
+        type: string
+      linkchecker_enabled:
+        required: false
+        default: true
+        type: boolean
+      linkchecker_exclude:
+        required: false
+        default: ""
+        type: string
+      linkchecker_include_fragments:
+        required: false
+        default: "true"
+        type: string
+      linkchecker_max_concurrency:
+        required: false
+        default: 1
+        type: number
+      linkchecker_user_agent:
+        required: false
+        default: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
+        type: string
+      linkchecker_retry_times:
+        required: false
+        default: 5
+        type: number
+      linkchecker_fail_on_errors:
+        required: false
+        default: false
+        type: boolean
+      sticky_comment_enabled:
+        required: false
+        default: true
+        type: boolean
+    secrets:
+      ssh_key:
+        required: true
+
+jobs:
+  vars:
+    runs-on: ubuntu-24.04
+    outputs:
+      pr_closed_merged: ${{ steps.pr_status.outputs.pr_closed_merged }}
+      datetime: ${{ steps.datetime.outputs.datetime }}
+      linkchecker_fragments: ${{ steps.linkchecker_fragments.outputs.linkchecker_fragments }}
+      linkchecker_exclude: ${{ steps.linkchecker_exclude.outputs.linkchecker_exclude }}
+    steps:
+      - id: pr_status
+        run: echo "pr_closed_merged=${{ github.event.pull_request.closed_at || github.event.pull_request.merged }}" >> "$GITHUB_OUTPUT"
+
+      - id: datetime
+        run: echo "datetime=$(date '+%Y-%m-%d %H:%M:%S %Z')" >> "$GITHUB_OUTPUT"
+
+      - id: linkchecker_fragments
+        run: |
+          if [ "${{ inputs.linkchecker_include_fragments }}" == 'true' ]; then
+            echo "linkchecker_fragments=--include-fragments" >> "$GITHUB_OUTPUT"
+          else
+            echo "linkchecker_fragments=" >> "$GITHUB_OUTPUT"
+          fi
+
+      - id: linkchecker_exclude
+        run: |
+          if [ -n "${{ inputs.linkchecker_exclude }}" ]; then
+            excludes=$(echo "${{ inputs.linkchecker_exclude }}" | sed 's/,/ --exclude /g; s/^/--exclude /')
+            echo "linkchecker_exclude=$excludes" >> "$GITHUB_OUTPUT"
+          else
+            echo "linkchecker_exclude=" >> "$GITHUB_OUTPUT"
+          fi
+
+  linkchecker:
+    runs-on: ubuntu-24.04
+    needs: vars
+    if: inputs.linkchecker_enabled == true && (needs.vars.outputs.pr_closed_merged == '' || needs.vars.outputs.pr_closed_merged == 'false')
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: ${{ inputs.artifact_name }}
+          path: .
+
+      - name: Link Checker
+        uses: lycheeverse/lychee-action@v2
+        with:
+          args: >-
+            -r ${{ inputs.linkchecker_retry_times }}
+            -u "${{ inputs.linkchecker_user_agent }}"
+            ${{ needs.vars.outputs.linkchecker_fragments }}
+            ${{ needs.vars.outputs.linkchecker_exclude }}
+            --max-concurrency ${{ inputs.linkchecker_max_concurrency }} .
+          fail: ${{ inputs.linkchecker_fail_on_errors }}
+
+  # Deployment jobs
+  deploy-production:
+    runs-on: ubuntu-24.04
+    needs:
+      - vars
+    # Only deploy if production condition is met
+    if: inputs.condition_production
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
+        with:
+          name: ${{ inputs.artifact_name }}
+          path: ./${{ inputs.artifact_name }}
+
+      - name: Copy website to host
+        uses: appleboy/scp-action@ff85246acaad7bdce478db94a363cd2bf7c90345 # v1.0.0
+        with:
+          host: ${{ inputs.ssh_host }}
+          username: ${{ inputs.ssh_user }}
+          key: ${{ secrets.ssh_key }}
+          port: ${{ inputs.ssh_port }}
+          timeout: ${{ inputs.ssh_timeout }}
+          command_timeout: ${{ inputs.ssh_command_timeout }}
+          target: ${{ inputs.dir_base }}/${{ inputs.dir_production }}/
+          source: "${{ inputs.artifact_name }}/*"
+          rm: ${{ inputs.ssh_rm }}
+          strip_components: ${{ inputs.ssh_strip_components }}
+
+  deploy-preview:
+    runs-on: ubuntu-24.04
+    needs:
+      - vars
+    # Only deploy if non-closed/non-merged pull request
+    if: github.event.pull_request && needs.vars.outputs.pr_closed_merged == 'false'
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4
+        with:
+          name: ${{ inputs.artifact_name }}
+          path: ./${{ inputs.artifact_name }}
+
+      - name: Copy website to host
+        uses: appleboy/scp-action@ff85246acaad7bdce478db94a363cd2bf7c90345 # v1.0.0
+        with:
+          host: ${{ inputs.ssh_host }}
+          username: ${{ inputs.ssh_user }}
+          key: ${{ secrets.ssh_key }}
+          port: ${{ inputs.ssh_port }}
+          timeout: ${{ inputs.ssh_timeout }}
+          command_timeout: ${{ inputs.ssh_command_timeout }}
+          target: ${{ inputs.dir_base }}/${{ inputs.dir_preview_base }}/${{ inputs.dir_preview_subdir }}/
+          source: "${{ inputs.artifact_name }}/*"
+          rm: ${{ inputs.ssh_rm }}
+          strip_components: ${{ inputs.ssh_strip_components }}
+
+      - name: Inform about Preview URL
+        uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4
+        if: inputs.sticky_comment_enabled == true
+        with:
+          header: pr-preview
+          message: |
+            Pull Request Live Preview
+            :---:
+            | <p><br />:rocket: View preview at <br />https://${{ inputs.domain_preview }}/${{ inputs.dir_preview_subdir }}/<br /><br /></p>
+            | <p>Last updated: ${{ needs.vars.outputs.datetime }}</p>
+
+  remove-preview:
+    runs-on: ubuntu-24.04
+    needs:
+      - vars
+    # Only deploy if non-closed/non-merged pull request
+    if: github.event.pull_request && needs.vars.outputs.pr_closed_merged != 'false'
+    steps:
+      - name: Create deletion notice
+        run: mkdir -p ${{ inputs.artifact_name }} && echo "This PR has been closed or merged. The preview has been removed." > ${{ inputs.artifact_name }}/index.html
+
+      - name: Copy empty folder to host
+        uses: appleboy/scp-action@ff85246acaad7bdce478db94a363cd2bf7c90345 # v1.0.0
+        with:
+          host: ${{ inputs.ssh_host }}
+          username: ${{ inputs.ssh_user }}
+          key: ${{ secrets.ssh_key }}
+          port: ${{ inputs.ssh_port }}
+          timeout: ${{ inputs.ssh_timeout }}
+          command_timeout: ${{ inputs.ssh_command_timeout }}
+          target: ${{ inputs.dir_base }}/${{ inputs.dir_preview_base }}/${{ inputs.dir_preview_subdir }}/
+          source: "${{ inputs.artifact_name }}/*"
+          rm: ${{ inputs.ssh_rm }}
+          strip_components: ${{ inputs.ssh_strip_components }}
+
+      - name: Inform about preview removal
+        uses: marocchino/sticky-pull-request-comment@773744901bac0e8cbb5a0dc842800d45e9b2b405 # v2.9.4
+        if: inputs.sticky_comment_enabled == true
+        with:
+          header: pr-preview
+          message: |
+            Pull Request Live Preview
+            :---:
+            | <p><br />:x: Preview has been removed.<br /><br /></p>
diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml
@@ -0,0 +1,46 @@
+name: Test Deploy Action
+
+on:
+  workflow_dispatch:
+  pull_request:
+  push:
+    branches:
+      - main
+
+jobs:
+  build:
+    name: Build Website (Placeholder)
+    runs-on: ubuntu-24.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Build website
+        run: |
+          echo "Simulating build..."
+          mkdir -p dist
+          echo "<html><body><p>Hello world: <a href="https://openrailassociation.org">LINK</a></p><p>${{ github.head_ref }}.${{ github.event.pull_request.head.sha }}</p></body></html>" > dist/index.html
+
+      - name: Upload artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: website
+          path: dist
+
+  deploy:
+    name: Call Reusable Deploy Workflow
+    needs: build
+    uses: ./.github/workflows/deploy.yml
+    with:
+      artifact_name: website
+      domain_preview: web-preview.openrailassociation.org
+      ssh_host: uberspace1.openrailassociation.org
+      ssh_user: openrail
+      dir_base: "/var/www/virtual/openrail"
+      dir_production: "web-deployment-action.openrailassociation.org"
+      dir_preview_base: "web-preview.openrailassociation.org"
+      dir_preview_subdir: "webdeploy-pr-${{ github.event.number }}"
+      linkchecker_exclude: "example.com,example.org"
+      condition_production: ${{ github.ref == 'refs/heads/main' }}
+    secrets:
+      ssh_key: ${{ secrets.SSH_PRIVATE_KEY }}
diff --git a/action.yml b/action.yml
@@ -0,0 +1,84 @@
+name: "Deploy production and preview website"
+description: "Deploys the production and preview website using GitHub Actions to an external webspace (e.g., Uberspace)."
+author: "OpenRail Association"
+
+inputs:
+  artifact_name:
+    description: "The name of the artifact to deploy, e.g. 'website'"
+    required: true
+  domain_preview:
+    description: "The domain for the preview deployment, e.g. 'preview.example.com'"
+    required: true
+  ssh_host:
+    description: "The SSH host for the deployment, e.g. 'ssh.example.com'"
+    required: true
+  ssh_user:
+    description: "The SSH user for the deployment, e.g. 'deploy'"
+    required: true
+  ssh_key:
+    description: "The SSH private key for the deployment, e.g. '${{ secrets.SSH_PRIVATE_KEY }}'"
+    required: true
+  ssh_port:
+    description: "The SSH port for the deployment, e.g. '22'"
+    required: false
+    default: "22"
+  ssh_timeout:
+    description: "The SSH connection timeout in seconds. Defaults to 1m."
+    required: false
+    default: "1m"
+  ssh_command_timeout:
+    description: "The SSH command timeout in seconds. Defaults to 2m."
+    required: false
+    default: "2m"
+  ssh_rm:
+    description: "Whether to remove the remote directory before deployment. Defaults to true."
+    required: false
+    default: "true"
+  ssh_strip_components:
+    description: "The number of leading components to strip from the source directory during deployment. Defaults to 1."
+    required: false
+    default: "1"
+  dir_base:
+    description: "The SSH virtual base directory for all deployments, e.g. '/var/www/'"
+    required: true
+  dir_production:
+    description: "The SSH production directory for the deployment inside $dir_base, e.g. 'html'"
+    required: true
+  dir_preview_base:
+    description: "The base directory for the preview deployment inside $dir_base, e.g. 'preview'"
+    required: true
+  dir_preview_subdir:
+    description: "The segment for the preview deployment inside $dir_preview_base, e.g. 'pr-${{ github.event.number }}'"
+    required: true
+  linkchecker_enabled:
+    description: "Whether to enable the link checker step. Defaults to true."
+    required: false
+    default: "true"
+  linkchecker_exclude:
+    description: "A comma-separated list of URLs to exclude from the link checker. Defaults to an empty string."
+    required: false
+    default: ""
+  linkchecker_include_fragments:
+    description: "Whether to include fragments in the link checker. Defaults to true."
+    required: false
+    default: "true"
+  linkchecker_max_concurrency:
+    description: "The maximum number of concurrent requests for the link checker. Defaults to 1."
+    required: false
+    default: "1"
+  linkchecker_user_agent:
+    description: "The user agent string for the link checker. Defaults to a common browser user agent."
+    required: false
+    default: "Mozilla/5.0 (Windows NT 10.0; Win64; x64) Apple WebKit/537.36 (KHTML, like Gecko) Chrome/128.0.0.0 Safari/537.36"
+  linkchecker_retry_times:
+    description: "The time in seconds to wait for a retry for failed links in the link checker. Defaults to 5."
+    required: false
+    default: "5"
+  linkchecker_fail_on_errors:
+    description: "Whether to fail the action on link checker errors. Defaults to false."
+    required: false
+    default: "false"
+
+runs:
+  using: "workflow"
+  main: ".github/workflows/deploy.yml"
