name: Deploy on: push: branches: - dev - main jobs: deploy: runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v4 - name: Set environment id: env run: | if [ "${{ github.ref_name }}" = "main" ]; then echo "COMPOSE_FILE=docker/docker-compose.prod.yml" >> $GITHUB_OUTPUT echo "PROJECT_PATH=/volume1/docker/auditshield-prod" >> $GITHUB_OUTPUT else echo "COMPOSE_FILE=docker/docker-compose.yml" >> $GITHUB_OUTPUT echo "PROJECT_PATH=/volume1/docker/auditshield-dev" >> $GITHUB_OUTPUT fi - name: Setup SSH key run: | mkdir -p ~/.ssh echo "${{ secrets.NAS_SSH_KEY_B64 }}" | base64 -d > ~/.ssh/nas_key chmod 600 ~/.ssh/nas_key ssh-keyscan -p 22 ${{ secrets.NAS_HOST }} >> ~/.ssh/known_hosts 2>/dev/null - name: Copy files to NAS run: | ssh -i ~/.ssh/nas_key -o StrictHostKeyChecking=no root@${{ secrets.NAS_HOST }} \ "mkdir -p ${{ steps.env.outputs.PROJECT_PATH }}" tar --exclude='.git' --exclude='node_modules' --exclude='.env' -czf - . | \ ssh -i ~/.ssh/nas_key -o StrictHostKeyChecking=no root@${{ secrets.NAS_HOST }} \ "tar -xzf - -C ${{ steps.env.outputs.PROJECT_PATH }}" - name: Setup env file run: | ssh -i ~/.ssh/nas_key -o StrictHostKeyChecking=no root@${{ secrets.NAS_HOST }} \ "cat > ${{ steps.env.outputs.PROJECT_PATH }}/.env << 'EOF' SECRET_KEY=${{ secrets.APP_SECRET_KEY }} DEBUG=false POSTGRES_DB=auditshield POSTGRES_USER=auditshield POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} DATABASE_URL=postgresql://auditshield:${{ secrets.POSTGRES_PASSWORD }}@postgres:5432/auditshield REDIS_URL=redis://redis:6379/0 NEXT_PUBLIC_API_URL=https://auditshield.rigolet.tech DOMAIN=auditshield.rigolet.tech TAG=latest EOF" - name: Deploy run: | ssh -i ~/.ssh/nas_key -o StrictHostKeyChecking=no root@${{ secrets.NAS_HOST }} \ "cd ${{ steps.env.outputs.PROJECT_PATH }} && /usr/local/bin/docker compose -f ${{ steps.env.outputs.COMPOSE_FILE }} up -d --build --remove-orphans && /usr/local/bin/docker image prune -f"