Skip to content

Configure nix env in deploy workflow #203

Configure nix env in deploy workflow

Configure nix env in deploy workflow #203

Workflow file for this run

name: deploy
on:
push:
branches:
- dev
- main
paths-ignore:
- "*.md"
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
steps:
- name: Prepare environment
run: |
echo "TAG=${{ github.head_ref || github.ref_name }}" >> $GITHUB_ENV
- name: Checkout repository
uses: actions/checkout@v4
- name: Install Nix
uses: cachix/install-nix-action@v30
with:
nix_path: nixpkgs=channel:nixpkgs-24.05-darwin
- name: Generate cache key
run: |
nixpkgs_hash=$(egrep -o 'archive/[0-9a-f]{40}\.tar\.gz' shell.nix | cut -d'/' -f2 | cut -d'.' -f1)
echo "CACHE_KEY=${{ runner.os }}-$nixpkgs_hash" >> $GITHUB_ENV
- name: Cache Nix store
uses: actions/cache@v4
id: nix-cache
with:
key: nix-${{ env.CACHE_KEY }}
path: /tmp/nix-cache
- name: Import Nix store cache
if: steps.nix-cache.outputs.cache-hit == 'true'
run: |
nix-store --import < /tmp/nix-cache
- name: Cache Python venv
uses: actions/cache@v4
with:
key: python-${{ env.CACHE_KEY }}-${{ hashFiles('uv.lock') }}
path: |
~/.cache/uv
.venv
- name: Build container image
run: |
nix-shell --pure --run true
echo "IMAGE_PATH=$(nix-build --no-out-link)" >> $GITHUB_ENV
- name: Export Nix store cache
if: steps.nix-cache.outputs.cache-hit != 'true'
run: |
nix-store --export $(find /nix/store -maxdepth 1 -name '*-*') > /tmp/nix-cache
- name: Configure SSH
run: |
mkdir -p ~/.ssh
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id && chmod 600 ~/.ssh/id
echo "${{ secrets.SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts
echo "Host remote
HostName ${{ secrets.SSH_HOST }}
User ${{ secrets.SSH_USER }}
Port ${{ secrets.SSH_PORT }}
IdentityFile ~/.ssh/id
" > ~/.ssh/config
- name: Upload container image
run: |
scp "${{ env.IMAGE_PATH }}" remote:~
- name: Deploy on remote
run: |
ssh remote <<\EOF
set -e
tag="${{ env.TAG }}"
image_filename="$(basename "${{ env.IMAGE_PATH }}")"
cleanup() {
cd ~
echo "Cleaning up"
rm -f "$image_filename"
}
trap cleanup EXIT
echo "Loading Docker image"
docker load < "$image_filename"
echo "Fetching latest changes from the git repository"
cd "$tag"
git fetch origin "$tag"
git checkout "$tag"
git reset --hard "origin/$tag"
echo "Restarting containers"
docker compose down --remove-orphans
TAG="$tag" docker compose --env-file "envs/compose/$tag.env" up -d
echo "Pruning dangling images"
docker image prune -f
EOF