Write SSH key to file #7
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deployment | |
on: | |
push: | |
branches: | |
- main | |
- nickclyde/deployment-workflow | |
permissions: | |
id-token: write | |
jobs: | |
deploy: | |
name: Deploy phinvads-go | |
runs-on: ubuntu-latest | |
environment: main | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: "1.23.0" | |
- name: Azure CLI Login | |
uses: azure/login@v2 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- name: Allow GitHub Runner IP | |
run: | | |
set -eu | |
agentIP=$(curl -s https://api.ipify.org/) | |
az network nsg rule create \ | |
--resource-group phinvads-go \ | |
--nsg-name phinvads-go-nsg \ | |
--name AllowSSHFromGitHubActions \ | |
--priority 200 \ | |
--direction Inbound \ | |
--access Allow \ | |
--protocol Tcp \ | |
--destination-port-ranges 22 \ | |
--source-address-prefixes $agentIP \ | |
--destination-address-prefixes '*' \ | |
--description "Allow SSH from GitHub Actions" | |
sleep 3 | |
- name: Deploy phinvads-go to VM | |
env: | |
AZURE_VM_IP: ${{ secrets.AZURE_VM_IP }} | |
AZURE_VM_SSH_KEY: ${{ secrets.AZURE_VM_SSH_KEY }} | |
run: | | |
install -m 600 -D /dev/null ~/.ssh/phinvads-go | |
echo "${{ secrets.AZURE_VM_SSH_KEY }}" > ~/.ssh/phinvads-go | |
ssh-keyscan -H $AZURE_VM_IP > ~/.ssh/known_hosts | |
go install github.com/a-h/templ/cmd/templ@latest | |
templ generate | |
go build -o phinvads-go ./cmd/phinvads-go | |
scp -i ~/.ssh/phinvads-go ./phinvads-go azureuser@${AZURE_VM_IP}:/home/azureuser/phinvads-go | |
- name: Disallow GitHub Runner IP | |
run: | | |
set -eu | |
agentIP=$(curl -s https://api.ipify.org/) | |
az network nsg rule remove \ | |
--resource-group phinvads-go \ | |
--nsg-name phinvads-go-nsg \ | |
--name AllowSSHFromGitHubActions |