-
Notifications
You must be signed in to change notification settings - Fork 2
86 lines (73 loc) · 3.06 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
name: "[MAIN] Docker Image Build and Publish"
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
on:
push:
branches: ["main"]
env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# github.repository as <account>/<repo>
IMAGE_NAME: ${{ github.repository }}
jobs:
ghcr:
name: Deploy to GitHub Container Registry
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
# This is used to complete the identity challenge
# with sigstore/fulcio when running outside of PRs.
id-token: write
steps:
- name: Checkout repository
uses: actions/checkout@v3
# Install the cosign tool except on PR
# https://github.com/sigstore/cosign-installer
- name: Install cosign
if: github.event_name != 'pull_request'
uses: sigstore/[email protected]
# Workaround: https://github.com/docker/build-push-action/issues/461
- name: Setup Docker buildx
uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
- name: Login to GitHub Container Registry ${{ env.REGISTRY }}
if: github.event_name != 'pull_request'
uses: docker/login-action@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ secrets.GHCR_USERNAME }}
password: ${{ secrets.GHCR_TOKEN }}
- name: downcase REPO
run: echo "REPO=${GITHUB_REPOSITORY,,}" >>${GITHUB_ENV}
- name: Build and Push Docker Image
run: |
export CURRENT_BRANCH=${GITHUB_REF#refs/heads/}
export TAG=$([[ $CURRENT_BRANCH == "main" ]] && echo $CURRENT_BRANCH || echo "latest")
export GITHUB_REF_IMAGE=ghcr.io/myriadflow/smartcontracts:$GITHUB_SHA
export GITHUB_BRANCH_IMAGE=ghcr.io/myriadflow/smartcontracts:$TAG
docker build -t $GITHUB_REF_IMAGE -t $GITHUB_BRANCH_IMAGE .
echo "Pushing Image to GitHub Container Registry"
docker push $GITHUB_REF_IMAGE
docker push $GITHUB_BRANCH_IMAGE
deploy:
needs: ghcr
name: Deploy to dev server
runs-on: ubuntu-latest
steps:
- name: Deploy on Dev Server
if: github.ref == 'refs/heads/main'
uses: appleboy/[email protected]
with:
host: ${{ secrets.DEV_REMOTE_SERVER_ADDRESS }}
username: ${{ secrets.DEV_SERVER_USERNAME }}
key: ${{ secrets.DEV_REMOTE_SERVER_KEY }}
port: ${{ secrets.DEV_SSH_PORT }}
script: |
pwd
cd smartcontracts
sudo podman stop smartcontracts && sudo podman rm smartcontracts && sudo podman image rm smartcontracts
echo ${{ secrets.GHCR_TOKEN }} | podman login ghcr.io -u secrets.GHCR_USERNAME --password-stdin
sudo podman pull ghcr.io/myriadflow/smartcontracts:main
sudo podman run --name="smartcontracts" --env-file=.env --net=gateway -p 8080:8080 -d ghcr.io/myriadflow/smartcontracts:main