Skip to content
CI

Html + db #113

Sign in to view logs

Html + db

Html + db #113

Workflow file for this run

.github/workflows/ci.yml at fdafe90
name: "CI"
on:
push:
branches: ["master"]
pull_request:
branches: ["master"]
jobs:
deploy:
runs-on: ubuntu-latest
env: # Or as an environment variable
BRANCH: html
DIRECTORY: /opt/jbond
ADDR: ${{ secrets.JBOND_SSH_DOMAIN }}
PORT: 8080
CRON_CERT_RENEW_JOB: "30 4 * * * /usr/bin/certbot renew --quiet"
CRON_CERT_RENEW_FILE: ~/certbot.renew.cron
PG_HBA: /var/lib/pgsql/data/pg_hba.conf
DB_NAME: jbond_db
DB_USER: jbond
DB_PASS: jbond
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Python
# This is the version of the action for setting up Python, not the Python version.
uses: actions/setup-python@v5
with:
# Semantic version range syntax or exact version of a Python version
python-version: '3.x'
# Optional - x64 or x86 architecture, defaults to x64
architecture: 'x64'
- name: Set up Python libs
run: |
python3 -m ensurepip
python3 -m venv /opt/certbot/
pip3 install aiogram tomli certbot
# - name: Install some html stuff
# run: |
# yes | yum install npm
# npm install toml
- name: install ssh keys
# check this thread to understand why its needed:
# <https://stackoverflow.com/a/70447517>
run: |
install -m 600 -D /dev/null ~/.ssh/id_rsa
echo "${{ secrets.JBOND_SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
cat ~/.ssh/id_rsa
ssh-keyscan -H ${{ secrets.JBOND_SSH_HOST }} > ~/.ssh/known_hosts
- name: Stop postgresql
continue-on-error: true
run: |
ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "systemctl stop postgresql && systemctl disable postgresql"
- name: Install postgresql
continue-on-error: true
run: |
ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "yes | yum install postgresql-server"
ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "postgresql-setup --initdb --unit postgresql"
- name: Init postgresql cfg
run: |
ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "cp -f $PG_HBA ${PG_HBA}.bkp"
ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "sed -n -i -E '/local\s+all/d' $PG_HBA"
ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "sed -n -i '/$DB_NAME/d' $PG_HBA"
ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "echo "local all postgres trust" >> $PG_HBA"
ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "echo "local $DB_NAME $DB_USER password" >> $PG_HBA"
ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "echo "host $DB_NAME $DB_USER 127.0.0.1/32 password" >> $PG_HBA"
- name: Start postgresql
run: |
ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "systemctl enable postgresql && systemctl start postgresql"
- name: Create postgresql db
continue-on-error: true
run: ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "$DIRECTORY/db/init.sh ${DB_NAME} ${DB_USER} ${DB_PASS}"
# - name: Create postgresql db
# run: |
# ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "psql -U postgres -c "CREATE USER ${DB_USER} PASSWORD \'${DB_PASS}\';""
# ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "psql -U postgres -c "CREATE DATABASE ${DB_NAME} OWNER=${DB_USER};""
- name: open port
run: ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "firewall-cmd --zone=public --add-port=$PORT/tcp --permanent"
- name: clone repo
run: ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "rm -rf $DIRECTORY && git clone https://github.com/andrevis/jbond.git $DIRECTORY"
- name: checkout-pull
run: ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "cd $DIRECTORY && git checkout $BRANCH -- && git pull origin $BRANCH"
- name: stop service
run: ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "systemctl stop jbond.service && systemctl disable jbond.service"
- name: gen cert
run: ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "certbot certonly --standalone -n -d $ADDR -d www.$ADDR"
- name: Add certbot renew job
run: |
ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "crontab -l | sed -n '/certbot renew/d' > $CRON_CERT_RENEW_FILE"
ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "echo '$CRON_CERT_RENEW_JOB' >> $CRON_CERT_RENEW_FILE"
ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "crontab $CRON_CERT_RENEW_FILE"
- name: gen config
run: |
ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "echo '[server]' > $DIRECTORY/jbond.toml"
ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "echo 'address = \"$ADDR\"' >> $DIRECTORY/jbond.toml"
ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "echo 'port = $PORT' >> $DIRECTORY/jbond.toml"
ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "echo '' >> $DIRECTORY/jbond.toml"
ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "echo '[bot]' >> $DIRECTORY/jbond.toml"
ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "echo 'token = \"${{ secrets.JBOND_BOT_TOKEN }}\"' >> $DIRECTORY/jbond.toml"
- name: setup service
run: ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "cp -f $DIRECTORY/misc/jbond.service /usr/lib/systemd/system/"
- name: enable service
run: ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "systemctl daemon-reload && systemctl enable jbond.service && systemctl restart jbond.service"
- name: setup logrotate
run: ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "cp -f $DIRECTORY/misc/jbond_logrotate /etc/logrotate.d/ && systemctl restart crond"
- name: cleanup keys
if: always()
run: |
ssh ${{ secrets.JBOND_SSH_USER }}@${{ secrets.JBOND_SSH_HOST }} "rm -f $CRON_CERT_RENEW_FILE"
rm -f ~/.ssh/id_rsa