Skip to content

Deploy

Deploy #11

Workflow file for this run

name: Deploy
on:
workflow_run:
workflows: [Build]
types: [completed]
branches: [main]
env:
TERM: xterm
jobs:
deploy:
runs-on: ubuntu-latest
if: ${{ github.event.workflow_run.conclusion == 'success' }}
steps:
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-southeast-2
- name: Get Public IP
id: publicip
run: |
response=$(curl -s canhazip.com)
echo "ip='$response'" >> "$GITHUB_OUTPUT"
- name: Grant security group IP
run: |
aws ec2 authorize-security-group-ingress \
--group-id ${{ secrets.AWS_INSTANCE_SG_ID }} \
--protocol tcp \
--port 22 \
--cidr ${{ steps.publicip.outputs.ip }}/32
- name: Deploy to prod server
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.SSH_IP }}
username: ${{ secrets.SSH_USER }}
key: ${{ secrets.SSH_KEY }}
script: |
cd ${{ secrets.SSH_PATH }}
git pull origin main
docker-compose up --build -d
docker-compose exec -T php drush deploy -y
- name: Revoke security group IP
run: |
aws ec2 revoke-security-group-ingress \
--group-id ${{ secrets.AWS_INSTANCE_SG_ID }} \
--protocol tcp \
--port 22 \
--cidr ${{ steps.publicip.outputs.ip }}/32
if: always()
- name: Purge cache
uses: jakejarvis/cloudflare-purge-action@master
env:
CLOUDFLARE_ZONE: ${{ secrets.CLOUDFLARE_ZONE }}
CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}