110 lines
3.9 KiB
YAML
110 lines
3.9 KiB
YAML
name: Deploy Webzine
|
|
run-name: Deploy to production by @${{ github.actor }}
|
|
|
|
on: [push]
|
|
|
|
jobs:
|
|
deploy-production:
|
|
name: Deploy to Production
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup SSH key
|
|
env:
|
|
PROD_SSH_KEY: ${{ secrets.PROD_SSH_KEY }}
|
|
run: |
|
|
mkdir -p ~/.ssh
|
|
echo "$PROD_SSH_KEY" > ~/.ssh/id_prod
|
|
chmod 600 ~/.ssh/id_prod
|
|
|
|
echo "=== [DEBUG] Premiers caractères de la clé ==="
|
|
head -1 ~/.ssh/id_prod
|
|
tail -1 ~/.ssh/id_prod
|
|
|
|
echo "=== [DEBUG] Nombre de lignes ==="
|
|
wc -l ~/.ssh/id_prod
|
|
|
|
echo "=== [DEBUG] Vérification des caractères spéciaux ==="
|
|
cat -A ~/.ssh/id_prod | head -3
|
|
cat -A ~/.ssh/id_prod | tail -3
|
|
|
|
echo "=== [DEBUG] Validation de la clé avec ssh-keygen ==="
|
|
ssh-keygen -y -f ~/.ssh/id_prod > /dev/null && echo "Clé valide ✅" || echo "Clé invalide ❌"
|
|
|
|
echo "=== [DEBUG] ssh-keyscan sur le serveur ==="
|
|
ssh-keyscan -v -p ${{ secrets.PROD_SSH_PORT || 22 }} ${{ secrets.PROD_HOST }} >> ~/.ssh/known_hosts 2>&1
|
|
echo "Exit code ssh-keyscan: $?"
|
|
|
|
echo "=== [DEBUG] Contenu known_hosts ==="
|
|
cat ~/.ssh/known_hosts
|
|
|
|
- name: Test SSH connection
|
|
run: |
|
|
echo "=== [DEBUG] Test de connexion SSH ==="
|
|
ssh -v \
|
|
-i ~/.ssh/id_prod \
|
|
-p ${{ secrets.PROD_SSH_PORT || 22 }} \
|
|
-o StrictHostKeyChecking=no \
|
|
-o ConnectTimeout=10 \
|
|
${{ secrets.PROD_USER }}@${{ secrets.PROD_HOST }} \
|
|
"echo 'Connexion SSH OK ✅ — user: $(whoami), host: $(hostname)'" 2>&1
|
|
echo "Exit code SSH: $?"
|
|
|
|
- name: Upload source to server
|
|
run: |
|
|
echo "=== [DEBUG] Création de l'archive ==="
|
|
tar --exclude='.git' --exclude='*.user' -czf /tmp/webzine-src.tar.gz .
|
|
echo "Taille archive: $(du -sh /tmp/webzine-src.tar.gz | cut -f1)"
|
|
|
|
echo "=== [DEBUG] Transfert SCP ==="
|
|
scp -v \
|
|
-i ~/.ssh/id_prod \
|
|
-P ${{ secrets.PROD_SSH_PORT || 22 }} \
|
|
-o StrictHostKeyChecking=no \
|
|
-o ConnectTimeout=10 \
|
|
/tmp/webzine-src.tar.gz \
|
|
${{ secrets.PROD_USER }}@${{ secrets.PROD_HOST }}:/tmp/webzine-src.tar.gz 2>&1
|
|
echo "Exit code SCP: $?"
|
|
|
|
- name: Build and deploy on PRODUCTION server
|
|
run: |
|
|
ssh -i ~/.ssh/id_prod \
|
|
-p ${{ secrets.PROD_SSH_PORT || 22 }} \
|
|
-o StrictHostKeyChecking=no \
|
|
${{ secrets.PROD_USER }}@${{ secrets.PROD_HOST }} << 'ENDSSH'
|
|
set -e
|
|
|
|
echo "=== [PROD] Extraction des sources ==="
|
|
mkdir -p /opt/webzine/prod/src
|
|
tar -xzf /tmp/webzine-src.tar.gz -C /opt/webzine/prod/src/
|
|
rm /tmp/webzine-src.tar.gz
|
|
|
|
echo "=== [PROD] Construction de l'image ==="
|
|
docker build \
|
|
-t webzine:latest \
|
|
-f /opt/webzine/prod/src/Webzine.WebApplication/Dockerfile \
|
|
/opt/webzine/prod/src/
|
|
|
|
echo "=== [PROD] Arrêt de l'ancien conteneur ==="
|
|
docker stop webzine-prod 2>/dev/null || true
|
|
docker rm webzine-prod 2>/dev/null || true
|
|
|
|
echo "=== [PROD] Démarrage du nouveau conteneur ==="
|
|
docker run -d \
|
|
--name webzine-prod \
|
|
--restart unless-stopped \
|
|
-p 80:8080 \
|
|
-p 443:8081 \
|
|
-v /opt/webzine/prod/data:/app/Data \
|
|
-v /opt/webzine/prod/logs:/Logs \
|
|
-e ASPNETCORE_ENVIRONMENT=Production \
|
|
webzine:latest
|
|
|
|
echo "=== [PROD] Nettoyage des anciennes images ==="
|
|
docker image prune -f
|
|
|
|
echo "=== [PROD] Déploiement terminé ==="
|
|
ENDSSH |