Merge pull request #7 from oxygen-updater/dependabot/npm_and_yarn/bra… #12
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build & Deploy | |
on: | |
push: | |
branches: | |
- main | |
paths: | |
- 'public/**' | |
- 'src/**' | |
# match files with extension in current directory | |
- '*.m?js' | |
- '*.json' | |
- '!.*rc.m?js' | |
- '!.*rc.json' | |
env: | |
PRODUCTION_ARTIFACT_NAME: out/prod.tgz | |
TESTING_ARTIFACT_NAME: out/test.tgz | |
jobs: | |
main: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up NodeJS v20 | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 20 | |
cache: npm | |
- name: Cache .next | |
uses: actions/cache@v4 | |
with: | |
path: ${{ github.workspace }}/.next/cache | |
# Generate a new cache whenever packages or source files change | |
key: ${{ runner.os }}-nextjs-${{ hashFiles('package-lock.json') }}-${{ hashFiles('public/**', 'src/**', '*.m?js', 'tsconfig.json', '!.*rc.m?js') }} | |
# If source files changed but packages didn't, rebuild from a prior cache | |
restore-keys: ${{ runner.os }}-nextjs-${{ hashFiles('package-lock.json') }}- | |
- name: Add dev/test/prod API masks | |
run: | | |
echo "::add-mask::${{ secrets.API_URL_DEV }}" | |
echo "::add-mask::${{ secrets.API_URL_TEST }}" | |
echo "::add-mask::${{ secrets.API_URL_PROD }}" | |
- name: Build & bundle into gzipped tar | |
run: | | |
cat <<'EOF' > .env-cmdrc.js | |
${{ secrets.FILE_ENV_CMDRC_JS }} | |
EOF | |
npm install | |
npm audit fix --audit-level=none | |
npx next telemetry disable | |
npm run build:prod | |
npm run build:test | |
rm .env-cmdrc.js | |
tar -C out/prod -czf $PRODUCTION_ARTIFACT_NAME . | |
tar -C out/test -czf $TESTING_ARTIFACT_NAME . | |
- name: Setup SSH keys | |
run: | | |
mkdir -p ~/.ssh | |
echo "${{ secrets.SSH_PRODUCTION_PRIVATE_KEY }}" > ~/.ssh/prod_ed25519 | |
echo "${{ secrets.SSH_TESTING_PRIVATE_KEY }}" > ~/.ssh/test_ed25519 | |
echo -e "Host *\n\tStrictHostKeyChecking no\n\n" > ~/.ssh/config | |
chmod 600 ~/.ssh/prod_ed25519 ~/.ssh/test_ed25519 ~/.ssh/config | |
echo -e "Host prod-server\n\tHostName ${{ secrets.SSH_PRODUCTION_HOST }}\n\tPort ${{ secrets.SSH_PRODUCTION_PORT }}\n\tUser ${{ secrets.SSH_PRODUCTION_USERNAME }}\n\tIdentityFile ~/.ssh/prod_ed25519\n\n" >> ~/.ssh/config | |
echo -e "Host test-server\n\tHostName ${{ secrets.SSH_TESTING_HOST }}\n\tPort ${{ secrets.SSH_TESTING_PORT }}\n\tUser ${{ secrets.SSH_TESTING_USERNAME }}\n\tIdentityFile ~/.ssh/test_ed25519\n\n" >> ~/.ssh/config | |
- name: Stage to servers & deploy | |
env: | |
PRODUCTION_STAGING_DIR_PATH: ${{ secrets.SSH_PRODUCTION_STAGING_DIR_PREFIX }}website | |
TESTING_STAGING_DIR_PATH: ${{ secrets.SSH_TESTING_STAGING_DIR_PREFIX }}website | |
run: | | |
ssh prod-server "mkdir -p $PRODUCTION_STAGING_DIR_PATH && cd $PRODUCTION_STAGING_DIR_PATH && rm *.tgz -f" | |
ssh test-server "mkdir -p $TESTING_STAGING_DIR_PATH && cd $TESTING_STAGING_DIR_PATH && rm *.tgz -f" | |
scp $PRODUCTION_ARTIFACT_NAME prod-server:$PRODUCTION_STAGING_DIR_PATH | |
scp $TESTING_ARTIFACT_NAME test-server:$TESTING_STAGING_DIR_PATH | |
ssh prod-server "sudo ${{ secrets.SSH_WEBSITE_DEPLOY_SCRIPT }}" | |
ssh test-server "sudo ${{ secrets.SSH_WEBSITE_DEPLOY_SCRIPT }}" |