name: Deploy on: push: branches: - dev - main jobs: deploy: runs-on: ubuntu-latest steps: - name: Debug runner run: | cat /etc/os-release which apt || which apk || which yum || echo "no package manager found" - name: Checkout uses: actions/checkout@v4 - name: Install rsync run: apt-get install -y rsync 2>/dev/null || apk add rsync - name: Copy files to NAS run: | ssh -i ~/.ssh/nas_key root@${{ secrets.NAS_HOST }} "mkdir -p ${{ steps.env.outputs.PROJECT_PATH }}" rsync -avz --exclude='.git' --exclude='node_modules' --exclude='.env' \ -e "ssh -i ~/.ssh/nas_key -o StrictHostKeyChecking=no" \ ./ root@${{ secrets.NAS_HOST }}:${{ steps.env.outputs.PROJECT_PATH }}/ - name: Set environment id: env run: | if [ "${{ github.ref_name }}" = "main" ]; then echo "COMPOSE_FILE=docker/docker-compose.prod.yml" >> $GITHUB_OUTPUT echo "PROJECT_PATH=/volume1/docker/auditshield-prod" >> $GITHUB_OUTPUT else echo "COMPOSE_FILE=docker/docker-compose.yml" >> $GITHUB_OUTPUT echo "PROJECT_PATH=/volume1/docker/auditshield-dev" >> $GITHUB_OUTPUT fi - name: Setup SSH key run: | mkdir -p ~/.ssh echo "${{ secrets.NAS_SSH_KEY }}" > ~/.ssh/nas_key chmod 600 ~/.ssh/nas_key ssh-keyscan -p 22 ${{ secrets.NAS_HOST }} >> ~/.ssh/known_hosts - name: Copy files to NAS run: | ssh -i ~/.ssh/nas_key root@${{ secrets.NAS_HOST }} "mkdir -p ${{ steps.env.outputs.PROJECT_PATH }}" rsync -avz --exclude='.git' --exclude='node_modules' --exclude='.env' \ -e "ssh -i ~/.ssh/nas_key" \ ./ root@${{ secrets.NAS_HOST }}:${{ steps.env.outputs.PROJECT_PATH }}/ - name: Copy env file run: | ssh -i ~/.ssh/nas_key root@${{ secrets.NAS_HOST }} \ "cd ${{ steps.env.outputs.PROJECT_PATH }} && cp .env.example .env 2>/dev/null || true" - name: Deploy run: | ssh -i ~/.ssh/nas_key root@${{ secrets.NAS_HOST }} << 'ENDSSH' cd ${{ steps.env.outputs.PROJECT_PATH }} /usr/local/bin/docker compose -f ${{ steps.env.outputs.COMPOSE_FILE }} up -d --build --remove-orphans /usr/local/bin/docker image prune -f ENDSSH