Switch deploy to SSH; remove broken volume-mount approach
This commit is contained in:
@@ -7,9 +7,14 @@ name: Deploy static site to devfarm
|
|||||||
# jobs:
|
# jobs:
|
||||||
# deploy:
|
# deploy:
|
||||||
# uses: ringmaster/actions/.gitea/workflows/deploy-static.yml@main
|
# uses: ringmaster/actions/.gitea/workflows/deploy-static.yml@main
|
||||||
|
# secrets: inherit
|
||||||
# with:
|
# with:
|
||||||
# site: myapp # → https://myapp.dev.clubbabyseal.com
|
# site: myapp # → https://myapp.dev.clubbabyseal.com
|
||||||
# build-command: npm run build
|
# build-command: npm run build
|
||||||
|
#
|
||||||
|
# Required secret (user-level in Gitea → Settings → Actions → Secrets):
|
||||||
|
# DEPLOY_SSH_KEY — private half of the gitea-ci-deploy key pair.
|
||||||
|
# Public key must be in /boot/config/ssh/authorized_keys on the NAS.
|
||||||
|
|
||||||
on:
|
on:
|
||||||
workflow_call:
|
workflow_call:
|
||||||
@@ -41,14 +46,14 @@ on:
|
|||||||
required: false
|
required: false
|
||||||
default: .
|
default: .
|
||||||
type: string
|
type: string
|
||||||
|
secrets:
|
||||||
|
DEPLOY_SSH_KEY:
|
||||||
|
required: true
|
||||||
|
description: SSH private key for the gitea-ci-deploy key pair.
|
||||||
|
|
||||||
jobs:
|
jobs:
|
||||||
deploy:
|
deploy:
|
||||||
runs-on: ubuntu-latest
|
runs-on: ubuntu-latest
|
||||||
container:
|
|
||||||
image: gitea/runner-images:ubuntu-latest
|
|
||||||
volumes:
|
|
||||||
- /mnt/user/devsites:/mnt/user/devsites
|
|
||||||
|
|
||||||
steps:
|
steps:
|
||||||
- uses: actions/checkout@v4
|
- uses: actions/checkout@v4
|
||||||
@@ -63,19 +68,29 @@ jobs:
|
|||||||
run: ${{ inputs.build-command }}
|
run: ${{ inputs.build-command }}
|
||||||
|
|
||||||
- name: Deploy to devfarm
|
- name: Deploy to devfarm
|
||||||
|
env:
|
||||||
|
DEPLOY_SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
|
||||||
run: |
|
run: |
|
||||||
SITE="${{ inputs.site }}"
|
SITE="${{ inputs.site }}"
|
||||||
SRC="${{ inputs.working-directory }}/${{ inputs.dist-dir }}"
|
SRC="${{ inputs.working-directory }}/${{ inputs.dist-dir }}"
|
||||||
TARGET="/mnt/user/devsites/${SITE}/dist"
|
TARGET="/mnt/user/devsites/${SITE}/dist"
|
||||||
|
NAS="192.168.2.117"
|
||||||
|
|
||||||
# Validate site name: alphanumeric + hyphens only, no path traversal.
|
|
||||||
if ! echo "$SITE" | grep -qE '^[a-z0-9-]+$'; then
|
if ! echo "$SITE" | grep -qE '^[a-z0-9-]+$'; then
|
||||||
echo "ERROR: site name must match [a-z0-9-]+"
|
echo "ERROR: site name must match [a-z0-9-]+"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
mkdir -p "$TARGET"
|
mkdir -p ~/.ssh
|
||||||
rm -rf "${TARGET:?}/"* 2>/dev/null || true
|
echo "$DEPLOY_SSH_KEY" > ~/.ssh/deploy_key
|
||||||
cp -a "${SRC}/." "${TARGET}/"
|
chmod 600 ~/.ssh/deploy_key
|
||||||
|
ssh-keyscan -H "$NAS" >> ~/.ssh/known_hosts 2>/dev/null
|
||||||
|
|
||||||
|
ssh -i ~/.ssh/deploy_key "root@${NAS}" "mkdir -p '${TARGET}'"
|
||||||
|
tar -C "${SRC}" -czf - . \
|
||||||
|
| ssh -i ~/.ssh/deploy_key "root@${NAS}" \
|
||||||
|
"rm -rf '${TARGET:?}'/* 2>/dev/null; tar -C '${TARGET}' -xzf -"
|
||||||
|
rm -f ~/.ssh/deploy_key
|
||||||
|
|
||||||
echo "Deployed $SRC → $TARGET"
|
echo "Deployed $SRC → $TARGET"
|
||||||
echo "Live at: https://${SITE}.dev.clubbabyseal.com"
|
echo "Live at: https://${SITE}.dev.clubbabyseal.com"
|
||||||
|
|||||||
Reference in New Issue
Block a user