Configure nix env in deploy workflow #203
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: deploy | |
on: | |
push: | |
branches: | |
- dev | |
- main | |
paths-ignore: | |
- "*.md" | |
jobs: | |
deploy: | |
name: Deploy | |
runs-on: ubuntu-latest | |
steps: | |
- name: Prepare environment | |
run: | | |
echo "TAG=${{ github.head_ref || github.ref_name }}" >> $GITHUB_ENV | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Install Nix | |
uses: cachix/install-nix-action@v30 | |
with: | |
nix_path: nixpkgs=channel:nixpkgs-24.05-darwin | |
- name: Generate cache key | |
run: | | |
nixpkgs_hash=$(egrep -o 'archive/[0-9a-f]{40}\.tar\.gz' shell.nix | cut -d'/' -f2 | cut -d'.' -f1) | |
echo "CACHE_KEY=${{ runner.os }}-$nixpkgs_hash" >> $GITHUB_ENV | |
- name: Cache Nix store | |
uses: actions/cache@v4 | |
id: nix-cache | |
with: | |
key: nix-${{ env.CACHE_KEY }} | |
path: /tmp/nix-cache | |
- name: Import Nix store cache | |
if: steps.nix-cache.outputs.cache-hit == 'true' | |
run: | | |
nix-store --import < /tmp/nix-cache | |
- name: Cache Python venv | |
uses: actions/cache@v4 | |
with: | |
key: python-${{ env.CACHE_KEY }}-${{ hashFiles('uv.lock') }} | |
path: | | |
~/.cache/uv | |
.venv | |
- name: Build container image | |
run: | | |
nix-shell --pure --run true | |
echo "IMAGE_PATH=$(nix-build --no-out-link)" >> $GITHUB_ENV | |
- name: Export Nix store cache | |
if: steps.nix-cache.outputs.cache-hit != 'true' | |
run: | | |
nix-store --export $(find /nix/store -maxdepth 1 -name '*-*') > /tmp/nix-cache | |
- name: Configure SSH | |
run: | | |
mkdir -p ~/.ssh | |
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id && chmod 600 ~/.ssh/id | |
echo "${{ secrets.SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts | |
echo "Host remote | |
HostName ${{ secrets.SSH_HOST }} | |
User ${{ secrets.SSH_USER }} | |
Port ${{ secrets.SSH_PORT }} | |
IdentityFile ~/.ssh/id | |
" > ~/.ssh/config | |
- name: Upload container image | |
run: | | |
scp "${{ env.IMAGE_PATH }}" remote:~ | |
- name: Deploy on remote | |
run: | | |
ssh remote <<\EOF | |
set -e | |
tag="${{ env.TAG }}" | |
image_filename="$(basename "${{ env.IMAGE_PATH }}")" | |
cleanup() { | |
cd ~ | |
echo "Cleaning up" | |
rm -f "$image_filename" | |
} | |
trap cleanup EXIT | |
echo "Loading Docker image" | |
docker load < "$image_filename" | |
echo "Fetching latest changes from the git repository" | |
cd "$tag" | |
git fetch origin "$tag" | |
git checkout "$tag" | |
git reset --hard "origin/$tag" | |
echo "Restarting containers" | |
docker compose down --remove-orphans | |
TAG="$tag" docker compose --env-file "envs/compose/$tag.env" up -d | |
echo "Pruning dangling images" | |
docker image prune -f | |
EOF |