diff --git a/.github/actions/ssh/action.yml b/.github/actions/ssh/action.yml new file mode 100644 index 00000000..5c4886ab --- /dev/null +++ b/.github/actions/ssh/action.yml @@ -0,0 +1,42 @@ +name: SSH setup +description: Set up the SSH agent + +inputs: + config: + description: The SSH configuration + required: true + key: + description: The private SSH key + required: true + known-hosts: + description: The list of known hosts + required: true + +runs: + using: composite + + steps: + - name: Configure SSH + shell: sh + env: + CONFIG: ${{ inputs.config }} + KNOWN_HOSTS: ${{ inputs.known-hosts }} + run: | + mkdir -p ~/.ssh + echo "${CONFIG}" > ~/.ssh/config + echo "${KNOWN_HOSTS}" > ~/.ssh/known_hosts + + - name: Start SSH agent + shell: bash + env: + SOCKET: /tmp/ssh-agent.sock + run: | + echo "SSH_AUTH_SOCK=${SOCKET}" >> $GITHUB_ENV + ssh-agent -a ${SOCKET} > /dev/null + + - name: Add SSH key + shell: bash + env: + KEY: ${{ inputs.key }} + run: | + ssh-add - <<< "${KEY}" diff --git a/.github/workflows/stage.yml b/.github/workflows/stage.yml index af3e3b17..97c4961d 100644 --- a/.github/workflows/stage.yml +++ b/.github/workflows/stage.yml @@ -1,10 +1,6 @@ name: Deploy (Staging) -on: - workflow_dispatch - -env: - SSH_AUTH_SOCK: /tmp/ssh-agent.sock +on: workflow_dispatch jobs: stage: @@ -17,6 +13,13 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Set up SSH agent + uses: ./.github/actions/ssh + with: + config: ${{ vars.SSH_CONFIG }} + key: ${{ secrets.SSH_PRIVATE_KEY }} + known-hosts: ${{ vars.SSH_KNOWN_HOSTS }} + - name: Set up Java uses: actions/setup-java@v4 with: @@ -29,22 +32,17 @@ jobs: - name: Build with Gradle run: ./gradlew installDist - - name: Set up SSH agent - run: | - ssh-agent -a $SSH_AUTH_SOCK > /dev/null - ssh-add - <<< "${{ secrets.SSH_PRIVATE_KEY }}" - mkdir -p ~/.ssh - echo '${{ vars.SSH_CONFIG }}' > ~/.ssh/config - echo '${{ vars.KNOWN_HOSTS }}' > ~/.ssh/known_hosts - - name: Publish to staging server run: | - rsync build/install/helma/ antville.dev:/ \ + rsync ./build/install/helma/ antville.dev:./ \ --verbose --archive --delete --compress \ - --filter 'protect /lib/ext' \ + --filter '+ /bin' \ + --filter '+ /extras' \ --filter '+ /launcher.jar' \ + --filter '- /lib/ext' \ --filter '+ /lib' \ - --filter '- /*' \ + --filter '+ /modules' \ + --filter '- /*' - name: Restart Helma run: ssh antville.dev restart diff --git a/src/dist/extras/deploy.sh b/src/dist/extras/deploy.sh new file mode 100644 index 00000000..fa426a8b --- /dev/null +++ b/src/dist/extras/deploy.sh @@ -0,0 +1,52 @@ +#!/bin/sh + +# Use this script as forced command of an authorized SSH key: +# command="/home/helma/extras/deploy.sh" ssh-ed25519 AAAAC3NzaC… + +case "$SSH_ORIGINAL_COMMAND" in + ping) + echo pong + ;; + + deploy-helma) + rsync ./ p3k.org:./ \ + --archive --compress --delete --verbose \ + --filter '+ /bin' \ + --filter '+ /extras' \ + --filter '+ /launcher.jar' \ + --filter '- /lib/ext' \ + --filter '+ /lib' \ + --filter '+ /modules' \ + --filter '- /*' + ;; + + deploy-antville) + rsync ./apps/antville/ p3k.org:./apps/antville/ \ + --archive --compress --delete --verbose \ + --filter '+ /claustra' \ + --filter '+ /code' \ + --filter '+ /compat' \ + --filter '+ /i18n' \ + --filter '+ /lib' \ + --filter '- /*' + rsync ./apps/antville/static/helma/ p3k.org:/var/www/weblogs.at/ \ + --archive --compress --verbose \ + --filter '+ /fonts' \ + --filter '+ /formica.html' \ + --filter '+ /img' \ + --filter '+ /scripts' \ + --filter '+ /styles' \ + --filter '- /*' + ;; + + restart) + printf 'Restarting Helma… ' + sudo /bin/systemctl restart helma + printf '%s\n' 'done.' + ;; + + *) + # Allow any rsync command but restrict it to the installation directory + rrsync -wo /home/helma + ;; +esac