|
| 1 | +name: Deploy ohm adiff generator in Hetzner Cloud |
| 2 | + |
| 3 | +on: |
| 4 | + push: |
| 5 | + branches: |
| 6 | + - main |
| 7 | + - ohmexpress |
| 8 | +jobs: |
| 9 | + deploy: |
| 10 | + runs-on: ubuntu-latest |
| 11 | + |
| 12 | + steps: |
| 13 | + - name: Set up SSH key |
| 14 | + uses: webfactory/[email protected] |
| 15 | + with: |
| 16 | + ssh-private-key: ${{ secrets.HETZNER_SSH_PRIVATE_KEY }} |
| 17 | + |
| 18 | + - name: Add EC2 host to known_hosts |
| 19 | + run: | |
| 20 | + ssh-keyscan -H ${{ secrets.HETZNER_HOST }} >> ~/.ssh/known_hosts |
| 21 | +
|
| 22 | + - name: Create .env file with all variables |
| 23 | + run: | |
| 24 | + # Get branch name |
| 25 | + BRANCH_NAME="${GITHUB_REF##*/}" |
| 26 | + echo "BRANCH_NAME=${BRANCH_NAME}" > .env |
| 27 | + echo "REPO=${{ github.repository }}" >> .env |
| 28 | + echo "AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID}}" >> .env |
| 29 | + echo "AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY}}" >> .env |
| 30 | +
|
| 31 | + case "$BRANCH_NAME" in |
| 32 | + staging|ohmexpress) |
| 33 | + ENVIRONMENT="staging" |
| 34 | + REMOTE_APP_DIR="/staging/ohmx_addif" |
| 35 | + echo "ENVIRONMENT=$ENVIRONMENT" >> .env |
| 36 | + echo "REMOTE_APP_DIR=$REMOTE_APP_DIR" >> .env |
| 37 | + ;; |
| 38 | + main) |
| 39 | + ENVIRONMENT="production" |
| 40 | + REMOTE_APP_DIR="/production/ohmx_addif" |
| 41 | + echo "ENVIRONMENT=$ENVIRONMENT" >> .env |
| 42 | + echo "REMOTE_APP_DIR=$REMOTE_APP_DIR" >> .env |
| 43 | + ;; |
| 44 | + *) |
| 45 | + echo "Unknown branch: $BRANCH_NAME" |
| 46 | + exit 1 |
| 47 | + ;; |
| 48 | + esac |
| 49 | + echo ".env file created for branch: $BRANCH_NAME" |
| 50 | + echo "REMOTE_APP_DIR=$REMOTE_APP_DIR" >> $GITHUB_ENV |
| 51 | + echo "ENVIRONMENT=$ENVIRONMENT" >> $GITHUB_ENV |
| 52 | + echo "------------------------------------------" |
| 53 | +
|
| 54 | + - name: Deploy ohmx_adiff app |
| 55 | + run: | |
| 56 | + scp -o StrictHostKeyChecking=no .env root@${{ secrets.HETZNER_HOST }}:/tmp/.env.ohmx_adiff |
| 57 | + ssh root@${{ secrets.HETZNER_HOST }} <<'EOF' |
| 58 | + set -e |
| 59 | + echo "Starting app deployment..." |
| 60 | +
|
| 61 | + # Load variables from temporary .env |
| 62 | + set -o allexport |
| 63 | + source /tmp/.env.ohmx_adiff |
| 64 | + set +o allexport |
| 65 | +
|
| 66 | + echo "-----------------------------------------" |
| 67 | + echo "Clone or update $BRANCH_NAME" |
| 68 | + if [ ! -d "$REMOTE_APP_DIR/.git" ]; then |
| 69 | + echo "Repo not found. Cloning..." |
| 70 | + git clone -b $BRANCH_NAME https://github.com/$REPO.git $REMOTE_APP_DIR |
| 71 | + cd $REMOTE_APP_DIR |
| 72 | + else |
| 73 | + cd $REMOTE_APP_DIR |
| 74 | + git reset --hard HEAD |
| 75 | + git fetch origin |
| 76 | + git checkout $BRANCH_NAME |
| 77 | + git pull origin $BRANCH_NAME |
| 78 | + fi |
| 79 | +
|
| 80 | + TARGET_DIR="$REMOTE_APP_DIR/hetzner/ohmx_adiff" |
| 81 | + ENV_FILE="$TARGET_DIR/.env.ohmx_adiff" |
| 82 | +
|
| 83 | + echo "-----------------------------------------" |
| 84 | + echo "Checking if .env.ohmx_adiff has changed" |
| 85 | +
|
| 86 | + if [ -f "$ENV_FILE" ]; then |
| 87 | + if cmp -s /tmp/.env.ohmx_adiff "$ENV_FILE"; then |
| 88 | + echo ".env.ohmx_adiff is identical to the previous version" |
| 89 | + ENV_CHANGED=false |
| 90 | + else |
| 91 | + echo ".env.ohmx_adiff has changed. Updating..." |
| 92 | + cp /tmp/.env.ohmx_adiff "$ENV_FILE" |
| 93 | + ENV_CHANGED=true |
| 94 | + fi |
| 95 | + else |
| 96 | + echo "No previous .env.ohmx_adiff found. Copying new one..." |
| 97 | + cp /tmp/.env.ohmx_adiff "$ENV_FILE" |
| 98 | + ENV_CHANGED=true |
| 99 | + fi |
| 100 | +
|
| 101 | + echo "-----------------------------------------" |
| 102 | + echo "Checking for changes in $TARGET_DIR/ohmx_adiff.$ENVIRONMENT.yml" |
| 103 | +
|
| 104 | + # Get list of changed files since last pull |
| 105 | + CHANGED_FILES=$(git diff --name-only HEAD@{1} HEAD || echo "") |
| 106 | + echo "Changed files since last update:" |
| 107 | + echo "$CHANGED_FILES" |
| 108 | +
|
| 109 | + TARGET_FILE="hetzner/ohmx_adiff/ohmx_adiff.$ENVIRONMENT.yml" |
| 110 | + if echo "$CHANGED_FILES" | grep -q "^$TARGET_FILE\$"; then |
| 111 | + echo "$TARGET_FILE changed" |
| 112 | + FILE_CHANGED=true |
| 113 | + else |
| 114 | + echo "No changes in $TARGET_FILE" |
| 115 | + FILE_CHANGED=false |
| 116 | + fi |
| 117 | +
|
| 118 | + echo "-----------------------------------------" |
| 119 | + if [ "$ENV_CHANGED" = true ] || [ "$FILE_CHANGED" = true ]; then |
| 120 | + echo "Changes detected. Building and redeploying..." |
| 121 | + docker compose -f $TARGET_FILE build --pull --no-cache |
| 122 | + docker compose -f $TARGET_FILE up -d --force-recreate |
| 123 | + echo "Deployment finished in $REMOTE_APP_DIR" |
| 124 | + else |
| 125 | + echo "No relevant changes. Skipping Docker build and redeploy." |
| 126 | + fi |
| 127 | +
|
| 128 | + echo "-----------------------------------------" |
| 129 | + docker ps | grep ohmx_adiff || echo "ohmx_adiff container not running" |
| 130 | + EOF |
0 commit comments