Skip to content

Fill in the .ssh/known_hosts file. #5

Fill in the .ssh/known_hosts file.

Fill in the .ssh/known_hosts file. #5

Workflow file for this run

name: Continuous Integration
on:
pull_request:
push:
branches: ["main"]
# These are the IDs for https://github.com/organizations/w3ctag/settings/apps/w3c-tag-bot.
env:
APP_ID: "1013567"
CLIENT_ID: "Iv23liXTAsX4IYm9H6lc"
jobs:
test:
runs-on: ubuntu-latest
env:
DATABASE_URL: file:./test.db
steps:
- uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v4
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version-file: "package.json"
cache: pnpm
- run: pnpm install
- run: pnpm prisma db push
- name: Make a private key for testing.
run: openssl genrsa -traditional -out testkey.pem
- name: Run tests
run: PRIVATE_KEY=$(cat testkey.pem) pnpm test
env:
# Generated just for this file and never used elsewhere.
CLIENT_SECRET: 6d5e528bb01faa2de86ef59dacbdca0b4a406e09
WEBHOOK_SECRET: 37651a9cf25c2d370308aee98ce0b7c9a6bfc30c
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Setup pnpm
uses: pnpm/action-setup@v4
- name: Setup Node
uses: actions/setup-node@v4
with:
node-version-file: "package.json"
cache: pnpm
- run: pnpm install
- run: pnpm build
- run: rm -rf node_modules
- run: pnpm install --prod
- run: pnpm prisma generate
- run: tar -cf built-server.tar package.json dist node_modules prisma
- uses: actions/upload-artifact@v4
with:
name: built-server
path: built-server.tar
if-no-files-found: error
deploy:
if: ${{ github.event_name == 'push' && github.ref == 'refs/heads/main' }}
needs: [test, build]
environment:
name: production
url: "https://github-bot.w3ctag.org/"
concurrency:
group: production
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@v4
with:
name: built-server
- name: Extract the built server
run: |
mkdir built-server
tar -xf built-server.tar -C built-server
- name: Store ssh private key and host key
run: |
mkdir ~/.ssh
echo "$SSH_KEY" > ~/.ssh/deploy_key
echo "[$SSH_HOST]:$SSH_PORT $SSH_HOST_KEY" > ~/.ssh/known_hosts
chmod 700 ~/.ssh
chmod 600 ~/.ssh/*
env:
SSH_KEY: ${{ secrets.SSH_KEY }}
SSH_HOST: ${{ vars.SSH_HOST }}
SSH_PORT: ${{ vars.SSH_PORT }}
SSH_HOST_KEY: ${{ vars.SSH_HOST_KEY }}
- name: Upload
run: rsync -e "ssh -p $SSH_PORT" -azv --safe-links --hard-links --progress --delete built-server/ "$SSH_USER@$SSH_HOST:$DEPLOY_PATH"
env:
SSH_PORT: ${{ vars.SSH_PORT }}
SSH_HOST: ${{ vars.SSH_HOST }}
SSH_USER: ${{ vars.SSH_USER }}
DEPLOY_PATH: ${{ vars.DEPLOY_PATH }}
- name: Update and Restart
run: 'ssh -p $SSH_PORT "$SSH_USER@$SSH_HOST" sh -c "DATABASE_URL=file:/var/local/github-bot/prod.db node_modules/.bin/prisma migrate deploy && sudo /usr/bin/systemctl restart github-bot"'
env:
SSH_PORT: ${{ vars.SSH_PORT }}
SSH_HOST: ${{ vars.SSH_HOST }}
SSH_USER: ${{ vars.SSH_USER }}