Update environment file path #14
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deployment | |
on: | |
push: | |
branches: | |
- main | |
- nickclyde/deployment-workflow | |
permissions: | |
id-token: write | |
jobs: | |
deploy: | |
name: Deploy phinvads-go | |
runs-on: ubuntu-latest | |
environment: main | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: "1.23.0" | |
- name: Azure CLI Login | |
uses: azure/login@v2 | |
with: | |
client-id: ${{ secrets.AZURE_CLIENT_ID }} | |
tenant-id: ${{ secrets.AZURE_TENANT_ID }} | |
subscription-id: ${{ secrets.AZURE_SUBSCRIPTION_ID }} | |
- name: Allow GitHub Runner IP | |
run: | | |
set -eu | |
agentIP=$(curl -s https://api.ipify.org/) | |
az network nsg rule create \ | |
--resource-group phinvads-go \ | |
--nsg-name phinvads-go-nsg \ | |
--name AllowSSHFromGitHubActions \ | |
--priority 200 \ | |
--direction Inbound \ | |
--access Allow \ | |
--protocol Tcp \ | |
--destination-port-ranges 22 \ | |
--source-address-prefixes $agentIP \ | |
--destination-address-prefixes '*' \ | |
--description "Allow SSH from GitHub Actions" | |
sleep 3 | |
- name: Write SSH key to file | |
env: | |
AZURE_VM_SSH_KEY: ${{ secrets.AZURE_VM_SSH_KEY }} | |
run: | | |
install -m 600 -D /dev/null ~/.ssh/phinvads-go | |
echo "${{ secrets.AZURE_VM_SSH_KEY }}" > ~/.ssh/phinvads-go | |
echo "IdentityFile /home/runner/.ssh/phinvads-go" >> ~/.ssh/config | |
- name: Build phinvads-go | |
run: | | |
go install github.com/a-h/templ/cmd/templ@latest | |
templ generate | |
go build -o phinvads-go ./cmd/phinvads-go | |
- name: Deploy phinvads-go to VM | |
env: | |
AZURE_VM_IP: ${{ secrets.AZURE_VM_IP }} | |
run: | | |
scp -o StrictHostKeyChecking=accept-new ./phinvads-go azureuser@${AZURE_VM_IP}:/home/azureuser/phinvads-go | |
scp ./remote/production/phinvads-go.service azureuser@${AZURE_VM_IP}:/home/azureuser/phinvads-go.service | |
ssh azureuser@${AZURE_VM_IP} "sudo mv phinvads-go.service /etc/systemd/system/phinvads-go.service && sudo systemctl enable phinvads-go && sudo systemctl restart phinvads-go" | |
- name: Disallow GitHub Runner IP | |
run: | | |
set -eu | |
agentIP=$(curl -s https://api.ipify.org/) | |
az network nsg rule delete \ | |
--resource-group phinvads-go \ | |
--nsg-name phinvads-go-nsg \ | |
--name AllowSSHFromGitHubActions |