1+ # Note: variables: SSH_HOST and SSH_USER must be set for your environment.
2+ # Note: secrets: SSH_PRIVATE_KEY must be set for your environment.
3+
4+ name : Remote Deploy (Compose)
5+
6+ on :
7+ workflow_call :
8+ inputs :
9+ environment :
10+ description : " The Github environment to get variables from. Default repository vars."
11+ required : false
12+ type : string
13+ docker_compose_file :
14+ description : " Path to docker compose file to deploy."
15+ required : true
16+ type : string
17+ example_env_file_path :
18+ description : " Path to example dotenv file to substitute variables for."
19+ type : string
20+ default : .env.example
21+ env_file_path :
22+ description : " Path to write dotenv file"
23+ type : string
24+ default : .env
25+
26+ jobs :
27+ remote-deploy :
28+ runs-on : ubuntu-latest
29+ environment : ${{ inputs.environment }}
30+
31+ steps :
32+ - name : Checkout Repository
33+ uses : actions/checkout@v4
34+
35+ - name : Vars and Secrets to Env
36+ env :
37+ GIT_BRANCH : ${{ github.ref_name }}
38+ VARS_CONTEXT : ${{ toJson(vars) }}
39+ SECRETS_CONTEXT : ${{ toJson(secrets) }}
40+ run : |
41+ # Random delimeter string for security
42+ delim=$(dd if=/dev/urandom bs=15 count=1 status=none | base64)
43+
44+ # Parse JSON with multiline strings, using delimeter (Github specific)
45+ to_envs() { jq -r "to_entries[] | \"\(.key)<<$delim\n\(.value)\n$delim\n\""; }
46+
47+ # Set vars to env for next step
48+ echo "GIT_BRANCH=${GIT_BRANCH}" >> $GITHUB_ENV
49+ echo "TAG_OVERRIDE=${TAG_OVERRIDE}" >> $GITHUB_ENV
50+
51+ # Set VARS_CONTEXT if not null
52+ if [ "${VARS_CONTEXT}" != "null" ]; then
53+ echo "${VARS_CONTEXT}" | to_envs >> $GITHUB_ENV
54+ fi
55+
56+ # Set SECRETS_CONTEXT if not null
57+ if [ "${SECRETS_CONTEXT}" != "null" ]; then
58+ echo "${SECRETS_CONTEXT}" | to_envs >> $GITHUB_ENV
59+ fi
60+
61+ name : Create .env file
62+ env :
63+ EXAMPLE_DOTENV : ${{ inputs.example_env_file_path }}
64+ run : |
65+ echo "Checking if ${EXAMPLE_DOTENV} exists"
66+ if [ -f ${EXAMPLE_DOTENV} ]; then
67+ # Get a8m/envsubst (required for default vals syntax ${VAR:-default})
68+ echo "Downloading envsubst"
69+ curl -L https://github.com/a8m/envsubst/releases/download/v1.2.0/envsubst-`uname -s`-`uname -m` -o envsubst
70+ if [ $? -ne 0 ]; then
71+ echo "Failed to download envsubst"
72+ exit 1
73+ fi
74+ chmod +x envsubst
75+ echo "Substituting variables from ${EXAMPLE_DOTENV} --> ${{ inputs.env_file_path }}"
76+ ./envsubst < "${EXAMPLE_DOTENV}" > ${{ inputs.env_file_path }}
77+ else
78+ echo "${EXAMPLE_DOTENV} not found, creating empty ${{ inputs.env_file_path }}"
79+ touch ${{ inputs.env_file_path }}
80+ fi
81+
82+ echo "GIT_BRANCH=${GIT_BRANCH}" >> ${{ inputs.env_file_path }}
83+ echo "TAG_OVERRIDE=${TAG_OVERRIDE}" >> ${{ inputs.env_file_path }}
84+
85+ # TODO: Add step to force new deployment here: also update image_tag accordingly in terraform vars.
86+ # - uses: webfactory/[email protected] 87+ # with:
88+ # ssh-private-key: "${{ secrets.SSH_PRIVATE_KEY }}"
89+
90+ # - name: Add host keys to known_hosts
91+ # run: |
92+ # ssh-keyscan "${{ vars.SSH_HOST }}" >> ~/.ssh/known_hosts
93+
94+ # - name: Deploy
95+ # run: |
96+ # docker compose --file ${{ inputs.docker_compose_file }} pull
97+ # docker compose --file ${{ inputs.docker_compose_file }} up \
98+ # --detach --remove-orphans --force-recreate
99+ # env:
100+ # DOCKER_HOST: "ssh://${{ vars.SSH_USER }}@${{ vars.SSH_HOST }}"
0 commit comments