-
-
Notifications
You must be signed in to change notification settings - Fork 0
43 lines (39 loc) · 1.38 KB
/
deploy.yml
File metadata and controls
43 lines (39 loc) · 1.38 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
name: Deployments
on:
push:
branches: ["*"]
paths:
- config/caddy/*
- scripts/*
- .github/workflows/deploy.yml
- .trigger-deploy
workflow_dispatch:
permissions:
id-token: write # This is required for the tailscale action to request a JWT from GitHub
contents: read
jobs:
production-azure:
name: Production - Dedicated Caddy server on Azure VM
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/main'
environment:
name: production
url: https://proxyparty.recaptime.dev
steps:
- uses: actions/checkout@v6
- name: Setup Tailscale (using OIDC workload federation)
uses: tailscale/github-action@v4
with:
# Since they are just client IDs, we're publishing them for
# tracking proposes, although we gated them behind production
# deploys here and via Tailscale admin dashboard.
oauth-client-id: TysnXTahJ911CNTRL-knEDkFDtWs11CNTRL
audience: api.tailscale.com/TysnXTahJ911CNTRL-knEDkFDtWs11CNTRL
tags: tag:ci-builds,tag:caddy
- name: Deploy updates to server
run: |
ssh -o "SetEnv FF_UPDATE_CONTAINER_IMAGE=true" \
-o StrictHostKeyChecking=no \
-o UserKnownHostsFile=/dev/null \
caddy@proxyparty-caddy-production.tuna-skate.ts.net \
"/var/lib/caddy/src/scripts/deploy-updates"