Deploy #35

	name: Deploy

	on:
	workflow_run:
	workflows: [Build]
	types: [completed]
	branches: [main]

	env:
	TERM: xterm

	jobs:
	deploy:
	runs-on: ubuntu-latest

	if: ${{ github.event.workflow_run.conclusion == 'success' }}

	steps:
	- name: Configure AWS Credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
	aws-region: ap-southeast-2

	- name: Get Public IP
	id: publicip
	run: \|
	response=$(curl -s canhazip.com)
	echo "ip='$response'" >> "$GITHUB_OUTPUT"

	- name: Grant security group IP
	run: \|
	aws ec2 authorize-security-group-ingress \
	--group-id ${{ secrets.AWS_INSTANCE_SG_ID }} \
	--protocol tcp \
	--port 22 \
	--cidr ${{ steps.publicip.outputs.ip }}/32

	- name: Deploy to prod server
	uses: appleboy/ssh-action@master
	with:
	host: ${{ secrets.SSH_IP }}
	username: ${{ secrets.SSH_USER }}
	key: ${{ secrets.SSH_KEY }}
	script: \|
	cd ${{ secrets.SSH_PATH }}
	git pull origin main
	docker-compose up --build -d
	docker-compose exec -T php drush deploy -y

	- name: Revoke security group IP
	run: \|
	aws ec2 revoke-security-group-ingress \
	--group-id ${{ secrets.AWS_INSTANCE_SG_ID }} \
	--protocol tcp \
	--port 22 \
	--cidr ${{ steps.publicip.outputs.ip }}/32
	if: always()

	- name: Purge cache
	uses: jakejarvis/cloudflare-purge-action@master
	env:
	CLOUDFLARE_ZONE: ${{ secrets.CLOUDFLARE_ZONE }}
	CLOUDFLARE_TOKEN: ${{ secrets.CLOUDFLARE_TOKEN }}

Provide feedback