add linode deployment script

ayinke-llc · Dec 31, 2024 · 6ccaba4 · 6ccaba4
1 parent 98090d3
commit 6ccaba4
Show file tree

Hide file tree

Showing 2 changed files with 45 additions and 6 deletions.
diff --git a/.github/workflows/deploy_to_linode.yml b/.github/workflows/deploy_to_linode.yml
@@ -1,8 +1,10 @@
 name: Deploy to Linode
+
 on:
   push:
-    branches:
-      - main
+    tags:
+      - "*"
+
 jobs:
   deploy:
     runs-on: ubuntu-latest
@@ -16,7 +18,7 @@ jobs:
 
       - uses: actions/setup-go@v5
       - name: Build app
-        run: go build -o gympeek ./cmd
+        run: go build -o sdump ./cmd
 
       - name: SCP to Linode instance ( Binary )
         uses: appleboy/scp-action@master
@@ -25,14 +27,14 @@ jobs:
           username: "root"
           key: ${{ secrets.SSH_KEY }}
           port: 22
-          source: "gympeek"
+          source: "sdump"
           target: "/root"
 
       - name: Run Migrations
         run: |
-          migrate -database ${{ secrets.POSTGRES_ROOT_DSN }}/gympeek -path ./internal/datastore/postgres/migrations up
+          migrate -database ${{ secrets.POSTGRES_ROOT_DSN }}/sdump -path ./datastore/postgres/migrations up
 
-      - name: Restart gympeek systemd service
+      - name: Restart sdump systemd service
         uses: appleboy/ssh-action@master
         env:
           INFISICAL_CLIENT_ID: ${{ secrets.INFISICAL_CLIENT_ID }}

diff --git a/deploy/linode.sh b/deploy/linode.sh
@@ -0,0 +1,37 @@
+#!/bin/bash
+
+## fetch the token from Infisical
+## safe to store here. token Only valid for about about a minute
+
+# Check if required environment variables are set
+if [ -z "$INFISICAL_CLIENT_ID" ]; then
+	echo "Error: INFISICAL_CLIENT_ID is not set"
+	exit 1
+fi
+
+if [ -z "$INFISICAL_CLIENT_SECRET" ]; then
+	echo "Error: INFISICAL_CLIENT_SECRET is not set"
+	exit 1
+fi
+
+mkdir -p /etc/infisical
+export INFISICAL_TOKEN=$(infisical login --method=universal-auth --client-id="${INFISICAL_CLIENT_ID}" --client-secret="${INFISICAL_CLIENT_SECRET}" --silent --plain)
+
+if [ -z "$INFISICAL_TOKEN" ]; then
+	echo "Error: Failed to obtain INFISICAL_TOKEN"
+	exit 1
+fi
+
+sudo echo "INFISICAL_TOKEN=$INFISICAL_TOKEN" >/etc/infisical/infisical.env
+
+sudo chmod 600 /etc/infisical/infisical.env
+
+## restart service. Service already reads this config file
+sudo systemctl stop sdump-http
+sudo mv /root/sdump /usr/local/bin/sdump
+sudo systemctl restart sdump-http
+sudo systemctl status sdump-http
+
+sudo systemctl stop sdump-ssh
+sudo systemctl restart sdump-ssh
+sudo systemctl status sdump-ssh