ci(github-actions): oops #23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deployments | |
| on: | |
| push: | |
| branches: ["*"] | |
| paths: | |
| - config/caddy/* | |
| - docker/Dockerfile | |
| - scripts/* | |
| - .github/workflows/deploy.yml | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write # This is required for the tailscale action to request a JWT from GitHub | |
| packages: write # Also required for pushing Docker images on GHCR | |
| contents: read | |
| jobs: | |
| #proxypartylab-prod-railwayapp: | |
| # name: Production Caddy server on railway.app | |
| # runs-on: ubuntu-latest | |
| # environment: | |
| # name: production | |
| # url: https://proxypartylab.up.railway.app | |
| # steps: | |
| # - uses: actions/checkout@v4 | |
| # - run: echo TODO | |
| docker-builds: | |
| name: Build and push Docker images | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Log in to GitLab Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: registry.gitlab.com | |
| username: ${{ secrets.RTDEVBOT_GITLAB_SERVICE_ACCOUNT }} | |
| password: ${{ secrets.RTDEVBOT_GITLAB_REGISTRY_TOKEN }} | |
| - name: Generate metadata for Docker images | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: | | |
| ghcr.io/recaptime-dev/proxyparty-caddy/caddy-builds | |
| registry.gitlab.com/recaptime-dev/infra/proxyparty-caddy/caddy-builds | |
| tags: | | |
| type=ref,event=branch,prefix=branch- | |
| type=sha,format=long,prefix=commit- | |
| type=raw,value=latest,enable={{is_default_branch}} | |
| type=raw,prefix=build-,value={{commit_date 'YYYYMMDDHHmmss' tz='Etc/UTC'}} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Build and push proxyparty-caddy image | |
| id: proxyparty-caddy-image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| file: ./docker/Dockerfile | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: linux/amd64,linux/arm64 | |
| production-azure: | |
| name: Production - Dedicated Caddy server on Azure VM | |
| needs: [docker-builds] | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' | |
| environment: | |
| name: production | |
| url: https://proxyparty.recaptime.dev | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup Tailscale (using OIDC workload federation) | |
| uses: tailscale/github-action@v4 | |
| with: | |
| oauth-client-id: TysnXTahJ911CNTRL-knEDkFDtWs11CNTRL | |
| audience: api.tailscale.com/TysnXTahJ911CNTRL-knEDkFDtWs11CNTRL | |
| tags: tag:ci | |
| - name: Deploy updates to server | |
| run: | | |
| ssh caddy@proxyparty-caddy-production.tuna-skate.ts.net "/var/lib/caddy/src/scripts/deploy-updates" |