|
22 | 22 | - name: Update apt cache |
23 | 23 | run: sudo apt-get update |
24 | 24 |
|
25 | | - - name: Install php ${{ env.PHP_VERSION }} |
| 25 | + - name: Install PHP ${{ env.PHP_VERSION }} |
26 | 26 | run: sudo apt-get install php${{ env.PHP_VERSION }}-cli |
27 | 27 |
|
28 | 28 | - name: Validate composer.json and composer.lock |
@@ -51,36 +51,51 @@ jobs: |
51 | 51 | - name: Checkout Code |
52 | 52 | uses: actions/checkout@v4 |
53 | 53 |
|
| 54 | + - name: Sanitize Branch Name |
| 55 | + id: sanitize |
| 56 | + run: | |
| 57 | + CLEAN_BRANCH_NAME="${GITHUB_REF_NAME//\//_}" |
| 58 | + echo "CLEAN_BRANCH_NAME=${CLEAN_BRANCH_NAME}" >> $GITHUB_ENV |
| 59 | + outputs: |
| 60 | + CLEAN_BRANCH_NAME: ${{ steps.sanitize.outputs.CLEAN_BRANCH_NAME }} |
| 61 | + |
54 | 62 | - name: Compress Artifacts |
55 | | - run: zip -r project.zip . |
| 63 | + run: zip -r ${{ steps.sanitize.outputs.CLEAN_BRANCH_NAME }}.zip . |
56 | 64 |
|
57 | 65 | - name: Deploy to Remote |
58 | 66 | env: |
| 67 | + SSH_KNOWN_HOSTS: ${{ secrets.SSH_KNOWN_HOSTS }} |
59 | 68 | SSH_HOST: ${{ secrets.SSH_HOST }} |
60 | 69 | SSH_PORT: ${{ secrets.SSH_PORT }} |
61 | 70 | SSH_USER: ${{ secrets.SSH_USER }} |
62 | 71 | SSH_KEY: ${{ secrets.SSH_KEY }} # SSH private key stored as a GitHub secret |
63 | 72 | SSH_WEB_PATH: ${{ secrets.SSH_WEB_PATH }} |
64 | | - BRANCH_NAME: ${{ github.ref_name }} |
| 73 | + CLEAN_BRANCH_NAME: ${{ steps.sanitize.outputs.CLEAN_BRANCH_NAME }} |
65 | 74 | run: | |
66 | 75 | #!/usr/bin/env bash |
67 | 76 | set -ex -o pipefail |
68 | 77 |
|
69 | | - # Save the private key for SSH |
| 78 | + # Setup SSH directory, known hosts, and private key |
70 | 79 | mkdir -pv "${HOME}/.ssh" |
| 80 | + echo "${SSH_KNOWN_HOSTS}" > "${HOME}/.ssh/known_hosts" |
| 81 | + chmod -v 644 "${HOME}/.ssh/known_hosts" |
71 | 82 | echo "${SSH_KEY}" > "${HOME}/.ssh/id_${SSH_USER}" |
72 | 83 | chmod -v 400 "${HOME}/.ssh/id_${SSH_USER}" |
73 | 84 |
|
74 | | - # Copy the artifact to the Remote |
75 | | - scp -i "${HOME}/.ssh/id_${SSH_USER}" -P "${SSH_PORT}" project.zip "${SSH_USER}@${SSH_HOST}:${SSH_WEB_PATH}/${BRANCH_NAME}" |
| 85 | + # Deploy artifact to the remote |
| 86 | + scp -i "${HOME}/.ssh/id_${SSH_USER}" -P "${SSH_PORT}" "${CLEAN_BRANCH_NAME}.zip" "${SSH_USER}@${SSH_HOST}:${SSH_WEB_PATH}/" |
76 | 87 |
|
77 | | - # Connect to the Remote and unzip the project |
| 88 | + # SSH to remote and process artifact |
78 | 89 | ssh -i "${HOME}/.ssh/id_${SSH_USER}" -p "${SSH_PORT}" "${SSH_USER}@${SSH_HOST}" << EOF |
79 | | - mkdir -p ${SSH_WEB_PATH}/${BRANCH_NAME} |
80 | | - cd ${SSH_WEB_PATH}/${BRANCH_NAME} |
81 | | - unzip ./project.zip |
82 | | - rm ./project.zip |
| 90 | + set -ex -o pipefail |
| 91 | + cd ${SSH_WEB_PATH}/ |
| 92 | + rm -rfv ./${CLEAN_BRANCH_NAME}/ |
| 93 | + mkdir -pv ./${CLEAN_BRANCH_NAME}/ |
| 94 | + mv -v ./${CLEAN_BRANCH_NAME}.zip ./${CLEAN_BRANCH_NAME}/ |
| 95 | + cd ./${CLEAN_BRANCH_NAME}/ |
| 96 | + unzip -o ./${CLEAN_BRANCH_NAME}.zip |
| 97 | + rm ./${CLEAN_BRANCH_NAME}.zip |
83 | 98 | EOF |
84 | 99 |
|
85 | 100 | # Cleanup the secret |
86 | | - rm -rfv "${HOME}/.ssh/id_${SSH_USER}" "${HOME}/.ssh/id_${SSH_USER}.pub" |
| 101 | + rm -fv "${HOME}/.ssh/id_${SSH_USER}" "${HOME}/.ssh/id_${SSH_USER}.pub" |
0 commit comments