chore(master): release 1.99.0 (#1126) #1199
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy project | |
on: | |
push: | |
branches: | |
- master | |
- deploy-* | |
tags: | |
- v*.*.* | |
# Note on secrets used for connection | |
# They are configured as environment secrets | |
# HOST is the internal ip of VM containing docker | |
# PROXY_HOST is the host of VMs | |
# USERNAME is the user used for operations | |
# SSH_PRIVATE_KEY is the private key (shared between VM and host) | |
jobs: | |
deploy: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
env: | |
# Note: env is also the name of the directory on the server | |
- ${{ startsWith(github.ref, 'refs/tags/v') && 'open-prices-org' || 'open-prices-net' }} | |
environment: ${{ matrix.env }} | |
concurrency: ${{ matrix.env }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20 | |
cache: "yarn" | |
- name: Install dependencies | |
run: yarn install --immutable | |
- name: Build (staging) | |
run: | | |
yarn build-staging | |
if: matrix.env == 'open-prices-net' | |
- name: Build (prod) | |
run: | | |
yarn build-prod | |
if: matrix.env == 'open-prices-org' | |
# Deploy | |
- name: Set common variables | |
run: | | |
# We use the prod oauth server for all environments | |
echo "SSH_PROXY_HOST=ovh1.openfoodfacts.org" >> $GITHUB_ENV | |
echo "SSH_USERNAME=off" >> $GITHUB_ENV | |
- name: Set various variable for staging (net) deployment | |
if: matrix.env == 'open-prices-net' | |
run: | | |
echo "SSH_HOST=10.1.0.200" >> $GITHUB_ENV | |
- name: Set various variable for production deployment | |
if: matrix.env == 'open-prices-org' | |
run: | | |
echo "SSH_HOST=10.1.0.201" >> $GITHUB_ENV | |
- name: Copy dist via scp | |
uses: appleboy/scp-action@master | |
with: | |
host: ${{ env.SSH_HOST }} | |
username: ${{ env.SSH_USERNAME }} | |
key: ${{ secrets.SSH_PRIVATE_KEY }} | |
proxy_host: ${{ env.SSH_PROXY_HOST }} | |
proxy_username: ${{ env.SSH_USERNAME }} | |
proxy_key: ${{ secrets.SSH_PRIVATE_KEY }} | |
source: "dist" | |
target: "/home/${{ env.SSH_USERNAME }}/${{ matrix.env }}/www" | |
rm: true | |
strip_components: 1 | |
# We need to restart nginx to prevent permission issues after deploying | |
# front-end code directly by untarring it in the www directory. | |
# This is a workaround, we should use a better solution in the long-term | |
- name: Restart nginx | |
uses: appleboy/ssh-action@master | |
with: | |
host: ${{ env.SSH_HOST }} | |
username: ${{ env.SSH_USERNAME }} | |
key: ${{ secrets.SSH_PRIVATE_KEY }} | |
proxy_host: ${{ env.SSH_PROXY_HOST }} | |
proxy_username: ${{ env.SSH_USERNAME }} | |
proxy_key: ${{ secrets.SSH_PRIVATE_KEY }} | |
script: | | |
cd ${{ matrix.env }} && docker compose restart nginx |