boost-data-collector/.github/workflows/deploy.yml at develop · cppalliance/boost-data-collector · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
name: Deploy

on:
  workflow_run:
    workflows: ["CI"]
    branches: [main, develop]
    types: [completed]

permissions:
  contents: read

concurrency:
  group: deploy-${{ github.event.workflow_run.head_branch }}
  cancel-in-progress: false

jobs:
  deploy:
    if: github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'push'
    runs-on: ubuntu-latest
    timeout-minutes: 20
    environment: ${{ github.event.workflow_run.head_branch == 'main' && 'production' || (github.event.workflow_run.head_branch == 'develop' && 'staging' || '')}}
    env:
      BRANCH: ${{ github.event.workflow_run.head_branch }}
      REPO_URL: https://github.com/${{ github.repository }}.git
      SCRIPT_URL: ${{ secrets.DEPLOY_SCRIPT_URL || format('https://raw.githubusercontent.com/{0}/{1}/.github/workflows/deploy-script/deploy.sh', github.repository, github.event.workflow_run.head_sha) }}
    steps:
      - name: Deploy via SSH
        uses: appleboy/ssh-action@0ff4204d59e8e51228ff73bce53f80d53301dee2
        env:
          DEPLOY_SCRIPT_TOKEN: ${{ secrets.DEPLOY_SCRIPT_TOKEN }}
        with:
          host: ${{ secrets.SSH_HOST }}
          username: ${{ secrets.SSH_USER }}
          key: ${{ secrets.SSH_PRIVATE_KEY }}
          passphrase: ${{ secrets.SSH_KEY_PASSPHRASE }}
          port: ${{ secrets.SSH_PORT || '22' }}
          envs: SCRIPT_URL,DEPLOY_SCRIPT_TOKEN,BRANCH,REPO_URL
          script: |
            set -euo pipefail
            tmp_script="$(mktemp /tmp/deploy.XXXXXX.sh)"
            trap 'rm -f "$tmp_script"' EXIT
            if [ -n "$DEPLOY_SCRIPT_TOKEN" ]; then
              curl --silent --show-error --location --fail \
                --retry 3 --retry-delay 2 --retry-all-errors \
                --connect-timeout 10 --max-time 60 \
                -H "Authorization: token $DEPLOY_SCRIPT_TOKEN" \
                "$SCRIPT_URL" -o "$tmp_script"
            else
              curl --silent --show-error --location --fail \
                --retry 3 --retry-delay 2 --retry-all-errors \
                --connect-timeout 10 --max-time 60 \
                "$SCRIPT_URL" -o "$tmp_script"
            fi
            bash "$tmp_script"