fix export variables #9
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD - Giftizy | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| jobs: | |
| build-and-push: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Log in to GHCR | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_PAT }} | |
| - name: Build and push | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| push: true | |
| tags: ghcr.io/jordan-182/giftizy:latest | |
| platforms: linux/amd64 | |
| deploy-on-vps: | |
| needs: build-and-push | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' | |
| steps: | |
| - name: Deploy to VPS via SSH | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ secrets.VPS_HOST }} | |
| username: ${{ secrets.VPS_USER }} | |
| key: ${{ secrets.VPS_SSH_PRIVATE_KEY }} | |
| port: ${{ secrets.VPS_SSH_PORT }} | |
| script: | | |
| # Option A : create/update secrets (only if passed as GH secrets) | |
| # Note: Be careful: creating secrets overwrites if same name exists; we remove before create for simplicity | |
| # echo "${DB_PASSWORD}" | docker secret rm DB_PASSWORD || true | |
| # echo "${DB_PASSWORD}" | docker secret create DB_PASSWORD - | |
| # For security, prefer manually creating secrets on the VPS or use 'docker secret inspect' to check before replace. | |
| # Pull latest image (optional) | |
| docker pull ghcr.io/jordan-182/giftizy:latest || true | |
| # Deploy stack (file should exist on VPS at /srv/apps/giftizy/docker-stack.yml) | |
| docker stack deploy -c /srv/apps/giftizy/docker-stack.yml giftizy | |
| # Wait for service to be ready | |
| echo "Waiting for service to be ready..." | |
| sleep 30 | |
| # Run migrations | |
| echo "Running database migrations..." | |
| SERVICE_ID=$(docker service ps giftizy_app --format "{{.ID}}" --filter "desired-state=running" | head -1) | |
| if [ ! -z "$SERVICE_ID" ]; then | |
| CONTAINER_ID=$(docker inspect --format="{{.Status.ContainerStatus.ContainerID}}" $SERVICE_ID) | |
| if [ ! -z "$CONTAINER_ID" ]; then | |
| docker exec $CONTAINER_ID npx prisma migrate deploy || echo "Migration failed or no migrations to run" | |
| fi | |
| fi |