name: Build & Deploy on: push: branches: [main] env: # REGISTRY secret = "git.vpn.cusano.net/logan" (full image prefix) REGISTRY: ${{ secrets.REGISTRY }} jobs: build: name: Build & push images runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Log in to Gitea registry uses: docker/login-action@v3 with: registry: git.vpn.cusano.net username: ${{ secrets.REGISTRY_USER }} password: ${{ secrets.BUILD_TOKEN }} - name: Build & push c2-core uses: docker/build-push-action@v5 with: context: ./drb-c2-core push: true tags: | ${{ env.REGISTRY }}/c2-core:latest ${{ env.REGISTRY }}/c2-core:${{ gitea.sha }} - name: Build & push discord-bot uses: docker/build-push-action@v5 with: context: ./drb-server-discord-bot push: true tags: | ${{ env.REGISTRY }}/discord-bot:latest ${{ env.REGISTRY }}/discord-bot:${{ gitea.sha }} - name: Build & push frontend uses: docker/build-push-action@v5 with: context: ./drb-frontend push: true tags: | ${{ env.REGISTRY }}/frontend:latest ${{ env.REGISTRY }}/frontend:${{ gitea.sha }} deploy: name: Deploy to VM needs: build runs-on: ubuntu-latest steps: - name: Write SSH key run: | echo "${{ secrets.SSH_PRIVATE_KEY }}" > /tmp/deploy_key chmod 600 /tmp/deploy_key - name: Deploy run: | ssh -o StrictHostKeyChecking=no \ -o HostKeyAlgorithms=ssh-ed25519,rsa-sha2-256,rsa-sha2-512 \ -i /tmp/deploy_key \ drb@${{ secrets.SERVER_IP }} << 'ENDSSH' set -e cd /opt/drb # Update compose files + mosquitto config git pull origin main # Pull pre-built images and restart (no build on the VM) docker compose -f docker-compose.yml -f docker-compose.prod.yml pull docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d --remove-orphans docker image prune -f ENDSSH - name: Health check run: | sleep 20 curl -f https://api.${{ secrets.DRB_DOMAIN }}/health || \ (echo "Health check failed" && exit 1)