ci(github-actions): tweak ssh command to disable strict hostkey checks #29
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deployments | |
| on: | |
| push: | |
| branches: ["*"] | |
| paths: | |
| - config/caddy/* | |
| - scripts/* | |
| - .github/workflows/deploy.yml | |
| - .trigger-deploy | |
| workflow_dispatch: | |
| permissions: | |
| id-token: write # This is required for the tailscale action to request a JWT from GitHub | |
| contents: read | |
| jobs: | |
| production-azure: | |
| name: Production - Dedicated Caddy server on Azure VM | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' | |
| environment: | |
| name: production | |
| url: https://proxyparty.recaptime.dev | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Setup Tailscale (using OIDC workload federation) | |
| uses: tailscale/github-action@v4 | |
| with: | |
| # Since they are just client IDs, we're publishing them for | |
| # tracking proposes, although we gated them behind production | |
| # deploys here and via Tailscale admin dashboard. | |
| oauth-client-id: TysnXTahJ911CNTRL-knEDkFDtWs11CNTRL | |
| audience: api.tailscale.com/TysnXTahJ911CNTRL-knEDkFDtWs11CNTRL | |
| tags: tag:ci-builds,tag:caddy | |
| - name: Deploy updates to server | |
| run: | | |
| ssh -o "SetEnv FF_UPDATE_CONTAINER_IMAGE=true" \ | |
| -o StrictHostKeyChecking=no \ | |
| -o UserKnownHostsFile=/dev/null \ | |
| caddy@proxyparty-caddy-production.tuna-skate.ts.net \ | |
| "/var/lib/caddy/src/scripts/deploy-updates" |