-
Notifications
You must be signed in to change notification settings - Fork 5
59 lines (54 loc) · 1.93 KB
/
01.deploy_to_production.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
name: 01. Deploy to Production
permissions:
id-token: write
contents: read
packages: write
on:
push:
branches:
- main
workflow_run:
workflows: ["CI"]
branches: [main] # Only run on CI completion for main branch
types:
- completed
jobs:
deploy-production:
name: Deploy to production
# Only deploy if either:
# 1. Direct push to main
# 2. CI workflow completed successfully on main branch
if: |
(github.event_name == 'push' && github.ref == 'refs/heads/main') ||
(github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_branch == 'main')
concurrency:
group: production_environment
cancel-in-progress: true
runs-on: ubuntu-latest
environment:
name: production
timeout-minutes: 20
steps:
- uses: actions/checkout@v4
with:
ref: main # Explicitly checkout main branch
- uses: ./.github/workflows/setup
name: Setup
with:
ssh-private-key: ${{ secrets.DROPLET_SSH_PRIVATE_KEY }}
- name: Kamal Deploy
uses: ./.github/workflows/kamal-deploy
with:
kamal-host: ${{ secrets.KAMAL_HOST }}
kamal-registry-username: ${{ secrets.KAMAL_REGISTRY_USERNAME }}
kamal-registry-password: ${{ secrets.KAMAL_REGISTRY_PASSWORD }}
secret-key-base: ${{ secrets.SECRET_KEY_BASE }}
axiom-api-key: ${{ secrets.AXIOM_API_KEY }}
do-token: ${{ secrets.DO_TOKEN }}
spaces-region: ${{ secrets.SPACES_REGION }}
spaces-bucket-name: ${{ secrets.SPACES_BUCKET_NAME }}
spaces-bucket-content: ${{ secrets.SPACES_BUCKET_CONTENT }}
spaces-access-key-id: ${{ secrets.SPACES_ACCESS_KEY_ID }}
spaces-secret-access-key: ${{ secrets.SPACES_SECRET_ACCESS_KEY }}
rails-master-key: ${{ secrets.RAILS_MASTER_KEY }}
environment: production