3c4a292db2
All checks were successful
Deploy XIP / deploy (push) Successful in 35s
- concurrency group deploy-xip-prod (evite la course docker compose --build) - passe HOST/USER/KEY par env (cle multi-ligne preservee) - SSH sans known_hosts (StrictHostKeyChecking=no) Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
36 lines
1.3 KiB
YAML
36 lines
1.3 KiB
YAML
name: Deploy XIP
|
|
|
|
# Auto-deploy on every push to main. The runner SSHes into the xip-app CT
|
|
# (Echelon CT502) and runs scripts/deploy.sh, which pulls + rebuilds the stack.
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
workflow_dispatch:
|
|
|
|
# Serialize deploys: never run two deploys against the CT at the same time
|
|
# (concurrent `docker compose up --build` on the same project races and fails).
|
|
concurrency:
|
|
group: deploy-xip-prod
|
|
cancel-in-progress: false
|
|
|
|
jobs:
|
|
deploy:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Deploy over SSH to xip-app
|
|
env:
|
|
# Secrets via env (not inlined in the script) so the multi-line key
|
|
# keeps its newlines and never breaks shell quoting.
|
|
DEPLOY_HOST: ${{ secrets.XIP_DEPLOY_HOST }}
|
|
DEPLOY_USER: ${{ secrets.XIP_DEPLOY_USER }}
|
|
DEPLOY_KEY: ${{ secrets.XIP_DEPLOY_KEY }}
|
|
run: |
|
|
set -e
|
|
command -v ssh >/dev/null 2>&1 || (apt-get update && apt-get install -y --no-install-recommends openssh-client)
|
|
mkdir -p ~/.ssh
|
|
printf '%s\n' "$DEPLOY_KEY" > ~/.ssh/id_ed25519
|
|
chmod 600 ~/.ssh/id_ed25519
|
|
ssh -i ~/.ssh/id_ed25519 \
|
|
-o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null \
|
|
"$DEPLOY_USER@$DEPLOY_HOST" 'bash /opt/xip/scripts/deploy.sh'
|