-
Notifications
You must be signed in to change notification settings - Fork 0
130 lines (108 loc) · 4.23 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: Main deployment
# Controls when the action will run. Triggers the workflow on push or pull request
# events but only for the main and staging branches
on:
push:
branches: [ main, staging ]
# globals
env:
MUSCAT_GUIDELINES_REPO: rism-digital/muscat-guidelines
MUSCAT_REPO: rism-digital/muscat
TRANSLATIONS_REPO: rism-digital/translations
MUSCAT_GUIDELINES_PATH: 'muscat-guidelines'
MUSCAT_PATH: 'muscat'
TRANSLATIONS_PATH: 'translations'
BUILD_PATH: 'build'
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
# This workflow contains a single job called "build"
build:
# The type of runner that the job will run on
runs-on: ubuntu-latest
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
- name: "Install ruby"
uses: actions/setup-ruby@v1
with:
ruby-version: '3.1'
- name: Install packages
run: |
sudo apt install openresolv wireguard
# Checks-out external repositories
- uses: actions/checkout@v4
with:
repository: ${{ env.MUSCAT_GUIDELINES_REPO }}
path: ${{ env.MUSCAT_GUIDELINES_PATH }}
- uses: actions/checkout@v4
with:
repository: ${{ env.MUSCAT_REPO }}
path: ${{ env.MUSCAT_PATH }}
- uses: actions/checkout@v4
with:
repository: ${{ env.TRANSLATIONS_REPO }}
path: ${{ env.TRANSLATIONS_PATH }}
# Checks-out this repository under $BUILD_PATH
- uses: actions/checkout@v4
with:
path: ${{ env.BUILD_PATH }}
- name:
working-directory: ${{ env.BUILD_PATH }}
run: sed -i 's/https:\/\/guidelines\.rism\.info/https:\/\/guidelines-stage\.rism\.info/g' _config.yml
if: endsWith(github.ref, '/staging')
# Use GitHub Actions' cache to shorten build times and decrease load on servers
- uses: actions/cache@v3
with:
path: ${{ env.BUILD_PATH }}/vendor/bundle
key: ${{ runner.os }}-gems-${{ hashFiles('**/Gemfile.lock') }}-v3
restore-keys: |
${{ runner.os }}-gems-v3
- name: "Build the site"
working-directory: ${{ env.BUILD_PATH }}
run: |
bundle config path vendor/bundle
bundle install
bundle exec jekyll build
# Install node/lunr and build the index
- uses: actions/setup-node@v3
with:
node-version: '16'
- name: Build the index
working-directory: ${{ env.BUILD_PATH }}
run: |
npm install [email protected]
npm install lunr-languages
node _site/assets/js/build_index.js _site/pages.json index.json
# looks like lemonarc/[email protected] runs as root...
sudo mv index.json ./_site/
- name: Set server to deployment if on staging branch
if: endsWith(github.ref, '/staging')
run: |
echo "DEPLOY_SERVER=${{ secrets.DEPLOY_STAGING_SERVER }}" >> $GITHUB_ENV
echo "DEPLOY_PATH=${{ secrets.DEPLOY_STAGING_PATH }}" >> $GITHUB_ENV
- name: Set server to production if on main branch
if: endsWith(github.ref, '/main')
run: |
echo "DEPLOY_SERVER=${{ secrets.DEPLOY_PRODUCTION_SERVER }}" >> $GITHUB_ENV
echo "DEPLOY_PATH=${{ secrets.DEPLOY_PRODUCTION_PATH }}" >> $GITHUB_ENV
- name: Install packages
working-directory: ${{ env.BUILD_PATH }}
run: |
sudo echo "${{ secrets.VPN_CONFIGURATION }}" > ./wg0.conf
- name: Set up Wireguard VPN
working-directory: ${{ env.BUILD_PATH }}
run: |
sudo wg-quick up ./wg0.conf
# Deploy to remote server
- name: Deploy with rsync
uses: burnett01/[email protected]
with:
switches: -avzr --delete --exclude="uploads" --exclude=".well-known" --exclude="wg0.conf"
path: ${{ env.BUILD_PATH }}/_site/
remote_path: ${{ env.DEPLOY_PATH }}
remote_host: ${{ env.DEPLOY_SERVER }}
remote_user: ${{ secrets.DEPLOY_USER }}
remote_key: ${{ secrets.DEPLOY_KEY }}
- name: Disconnect VPN
working-directory: ${{ env.BUILD_PATH }}
run: |
sudo wg-quick down ./wg0.conf