name: Backend deploy on: push: branches: - master workflow_dispatch: jobs: deploy-backend: runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Import Secrets id: import-secrets uses: hashicorp/vault-action@v3.4.0 with: url: https://vault.d3m0k1d.ru token: ${{ secrets.VAULT }} secrets: | secrets/site/prod/data/gitea TOKEN | GITEA_TOKEN ; secrets/site/prod/data/server SSH_KEY | SSH_KEY ; secrets/site/prod/data/server USER | SERVER_USER ; secrets/site/prod/data/server HOST | SERVER_HOST ; secrets/site/prod/data/server PORT | SERVER_PORT ; secrets/site/prod/data/auth GITHUB_CLIENT_ID | GITHUB_CLIENT_ID ; secrets/site/prod/data/auth GITHUB_CLIENT_SECRET | GITHUB_CLIENT_SECRET ; secrets/site/prod/data/auth JWT_SECRET | JWT_SECRET - name: Login to registry run: echo "${{ steps.import-secrets.outputs.GITEA_TOKEN }}" | docker login gitea.d3m0k1d.ru -u d3m0k1d --password-stdin - name: Build and push run: | docker build -t gitea.d3m0k1d.ru/d3m0k1d/backend:latest ./backend docker push gitea.d3m0k1d.ru/d3m0k1d/backend:latest - name: Deploy at server uses: appleboy/ssh-action@v1.2.0 with: host: ${{ steps.import-secrets.outputs.SERVER_HOST }} port: ${{ steps.import-secrets.outputs.SERVER_PORT }} username: ${{ steps.import-secrets.outputs.SERVER_USER }} key: ${{ steps.import-secrets.outputs.SSH_KEY }} script: | docker login -u d3m0k1d -p ${{ steps.import-secrets.outputs.GITEA_TOKEN }} gitea.d3m0k1d.ru docker pull gitea.d3m0k1d.ru/d3m0k1d/backend:latest docker rm -f d3m0k1d-backend || true docker run --name d3m0k1d-backend -d -p 8080:8080 \ -e JWT_SECRET="${{ steps.import-secrets.outputs.JWT_SECRET }}" \ -e GITHUB_CLIENT_ID="${{ steps.import-secrets.outputs.GITHUB_CLIENT_ID }}" \ -e GITHUB_CLIENT_SECRET="${{ steps.import-secrets.outputs.GITHUB_CLIENT_SECRET }}" \ -e REDIRECT_URL="https://d3m0k1d.ru/api/v1/callback/github" \ --restart unless-stopped \ gitea.d3m0k1d.ru/d3m0k1d/backend:latest