fix build 6
This commit is contained in:
@@ -15,7 +15,6 @@ env:
|
|||||||
GIT_SSL_NO_VERIFY: "true"
|
GIT_SSL_NO_VERIFY: "true"
|
||||||
REGISTRY_HOST: 192.168.3.80
|
REGISTRY_HOST: 192.168.3.80
|
||||||
DEPLOY_REGISTRY_HOST: 10.0.0.4
|
DEPLOY_REGISTRY_HOST: 10.0.0.4
|
||||||
DEPLOY_SSH_HOST: 10.0.0.1
|
|
||||||
DOCKERFILE_PATH: Dockerfile.production
|
DOCKERFILE_PATH: Dockerfile.production
|
||||||
DOCKER_PLATFORM: linux/amd64
|
DOCKER_PLATFORM: linux/amd64
|
||||||
DEPLOY_ROOT: /opt/rentaldrivego
|
DEPLOY_ROOT: /opt/rentaldrivego
|
||||||
@@ -127,14 +126,13 @@ jobs:
|
|||||||
VPS_SSH_KEY: ${{ secrets.VPS_SSH_KEY }}
|
VPS_SSH_KEY: ${{ secrets.VPS_SSH_KEY }}
|
||||||
VPS_SSH_KEY_B64: ${{ secrets.VPS_SSH_KEY_B64 }}
|
VPS_SSH_KEY_B64: ${{ secrets.VPS_SSH_KEY_B64 }}
|
||||||
run: |
|
run: |
|
||||||
VPS_HOST="${VPS_HOST:-$DEPLOY_SSH_HOST}"
|
|
||||||
if [ -z "$VPS_SSH_KEY" ] && [ -z "$VPS_SSH_KEY_B64" ]; then
|
if [ -z "$VPS_SSH_KEY" ] && [ -z "$VPS_SSH_KEY_B64" ]; then
|
||||||
echo "::error::VPS_SSH_KEY_B64 or VPS_SSH_KEY is required to build on the remote Docker host"
|
echo "::error::VPS_SSH_KEY_B64 or VPS_SSH_KEY is required to build on the remote Docker host"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
if [ -z "$VPS_HOST" ] || \
|
if [ -z "$VPS_HOST" ] || \
|
||||||
[ -z "${{ secrets.VPS_USER }}" ]; then
|
[ -z "${{ secrets.VPS_USER }}" ]; then
|
||||||
echo "::error::VPS_USER and either VPS_IP or DEPLOY_SSH_HOST are required to build on the remote Docker host"
|
echo "::error::VPS_USER and VPS_IP secrets are required to build on the remote Docker host"
|
||||||
exit 1
|
exit 1
|
||||||
fi
|
fi
|
||||||
|
|
||||||
@@ -151,7 +149,10 @@ jobs:
|
|||||||
VPS_SSH_KEY: ${{ secrets.VPS_SSH_KEY }}
|
VPS_SSH_KEY: ${{ secrets.VPS_SSH_KEY }}
|
||||||
VPS_SSH_KEY_B64: ${{ secrets.VPS_SSH_KEY_B64 }}
|
VPS_SSH_KEY_B64: ${{ secrets.VPS_SSH_KEY_B64 }}
|
||||||
run: |
|
run: |
|
||||||
VPS_HOST="${VPS_HOST:-$DEPLOY_SSH_HOST}"
|
if [ -z "$VPS_HOST" ]; then
|
||||||
|
echo "::error::VPS_IP secret is required"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
echo "Using SSH host $VPS_HOST"
|
echo "Using SSH host $VPS_HOST"
|
||||||
mkdir -p ~/.ssh && chmod 700 ~/.ssh
|
mkdir -p ~/.ssh && chmod 700 ~/.ssh
|
||||||
if [ -n "$VPS_SSH_KEY_B64" ]; then
|
if [ -n "$VPS_SSH_KEY_B64" ]; then
|
||||||
@@ -192,7 +193,10 @@ jobs:
|
|||||||
env:
|
env:
|
||||||
VPS_HOST: ${{ secrets.VPS_IP }}
|
VPS_HOST: ${{ secrets.VPS_IP }}
|
||||||
run: |
|
run: |
|
||||||
VPS_HOST="${VPS_HOST:-$DEPLOY_SSH_HOST}"
|
if [ -z "$VPS_HOST" ]; then
|
||||||
|
echo "::error::VPS_IP secret is required"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
SSH_OPTIONS="-i $HOME/.ssh/id_rsa -o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=$HOME/.ssh/known_hosts"
|
SSH_OPTIONS="-i $HOME/.ssh/id_rsa -o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=$HOME/.ssh/known_hosts"
|
||||||
key_fingerprint="$(ssh-keygen -lf "$HOME/.ssh/id_rsa.pub" | awk '{print $2}')"
|
key_fingerprint="$(ssh-keygen -lf "$HOME/.ssh/id_rsa.pub" | awk '{print $2}')"
|
||||||
echo "Testing SSH authentication to $VPS_HOST with deploy key fingerprint $key_fingerprint"
|
echo "Testing SSH authentication to $VPS_HOST with deploy key fingerprint $key_fingerprint"
|
||||||
@@ -206,7 +210,10 @@ jobs:
|
|||||||
REMOTE_BUILD_DIR: ${{ env.DEPLOY_ROOT }}/build-context
|
REMOTE_BUILD_DIR: ${{ env.DEPLOY_ROOT }}/build-context
|
||||||
VPS_HOST: ${{ secrets.VPS_IP }}
|
VPS_HOST: ${{ secrets.VPS_IP }}
|
||||||
run: |
|
run: |
|
||||||
VPS_HOST="${VPS_HOST:-$DEPLOY_SSH_HOST}"
|
if [ -z "$VPS_HOST" ]; then
|
||||||
|
echo "::error::VPS_IP secret is required"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
SSH_OPTIONS="-i $HOME/.ssh/id_rsa -o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=$HOME/.ssh/known_hosts"
|
SSH_OPTIONS="-i $HOME/.ssh/id_rsa -o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=$HOME/.ssh/known_hosts"
|
||||||
ssh $SSH_OPTIONS "${{ secrets.VPS_USER }}@$VPS_HOST" \
|
ssh $SSH_OPTIONS "${{ secrets.VPS_USER }}@$VPS_HOST" \
|
||||||
"rm -rf '$REMOTE_BUILD_DIR' && mkdir -p '$REMOTE_BUILD_DIR'"
|
"rm -rf '$REMOTE_BUILD_DIR' && mkdir -p '$REMOTE_BUILD_DIR'"
|
||||||
@@ -235,7 +242,10 @@ jobs:
|
|||||||
REMOTE_BUILD_DIR: ${{ env.DEPLOY_ROOT }}/build-context
|
REMOTE_BUILD_DIR: ${{ env.DEPLOY_ROOT }}/build-context
|
||||||
VPS_HOST: ${{ secrets.VPS_IP }}
|
VPS_HOST: ${{ secrets.VPS_IP }}
|
||||||
run: |
|
run: |
|
||||||
VPS_HOST="${VPS_HOST:-$DEPLOY_SSH_HOST}"
|
if [ -z "$VPS_HOST" ]; then
|
||||||
|
echo "::error::VPS_IP secret is required"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
SSH_OPTIONS="-i $HOME/.ssh/id_rsa -o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=$HOME/.ssh/known_hosts"
|
SSH_OPTIONS="-i $HOME/.ssh/id_rsa -o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=$HOME/.ssh/known_hosts"
|
||||||
REGISTRY_PASSWORD_B64="$(printf '%s' "$REGISTRY_PASSWORD" | base64 | tr -d '\n')"
|
REGISTRY_PASSWORD_B64="$(printf '%s' "$REGISTRY_PASSWORD" | base64 | tr -d '\n')"
|
||||||
ssh $SSH_OPTIONS "${{ secrets.VPS_USER }}@$VPS_HOST" "
|
ssh $SSH_OPTIONS "${{ secrets.VPS_USER }}@$VPS_HOST" "
|
||||||
@@ -326,7 +336,6 @@ jobs:
|
|||||||
VPS_SSH_KEY: ${{ secrets.VPS_SSH_KEY }}
|
VPS_SSH_KEY: ${{ secrets.VPS_SSH_KEY }}
|
||||||
VPS_SSH_KEY_B64: ${{ secrets.VPS_SSH_KEY_B64 }}
|
VPS_SSH_KEY_B64: ${{ secrets.VPS_SSH_KEY_B64 }}
|
||||||
run: |
|
run: |
|
||||||
VPS_HOST="${VPS_HOST:-$DEPLOY_SSH_HOST}"
|
|
||||||
if { [ -z "$VPS_SSH_KEY" ] && [ -z "$VPS_SSH_KEY_B64" ]; } || \
|
if { [ -z "$VPS_SSH_KEY" ] && [ -z "$VPS_SSH_KEY_B64" ]; } || \
|
||||||
[ -z "$VPS_HOST" ] || \
|
[ -z "$VPS_HOST" ] || \
|
||||||
[ -z "${{ secrets.VPS_USER }}" ]; then
|
[ -z "${{ secrets.VPS_USER }}" ]; then
|
||||||
@@ -351,7 +360,10 @@ jobs:
|
|||||||
VPS_SSH_KEY: ${{ secrets.VPS_SSH_KEY }}
|
VPS_SSH_KEY: ${{ secrets.VPS_SSH_KEY }}
|
||||||
VPS_SSH_KEY_B64: ${{ secrets.VPS_SSH_KEY_B64 }}
|
VPS_SSH_KEY_B64: ${{ secrets.VPS_SSH_KEY_B64 }}
|
||||||
run: |
|
run: |
|
||||||
VPS_HOST="${VPS_HOST:-$DEPLOY_SSH_HOST}"
|
if [ -z "$VPS_HOST" ]; then
|
||||||
|
echo "::error::VPS_IP secret is required"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
echo "Using SSH host $VPS_HOST"
|
echo "Using SSH host $VPS_HOST"
|
||||||
mkdir -p ~/.ssh && chmod 700 ~/.ssh
|
mkdir -p ~/.ssh && chmod 700 ~/.ssh
|
||||||
if [ -n "$VPS_SSH_KEY_B64" ]; then
|
if [ -n "$VPS_SSH_KEY_B64" ]; then
|
||||||
@@ -393,7 +405,10 @@ jobs:
|
|||||||
env:
|
env:
|
||||||
VPS_HOST: ${{ secrets.VPS_IP }}
|
VPS_HOST: ${{ secrets.VPS_IP }}
|
||||||
run: |
|
run: |
|
||||||
VPS_HOST="${VPS_HOST:-$DEPLOY_SSH_HOST}"
|
if [ -z "$VPS_HOST" ]; then
|
||||||
|
echo "::error::VPS_IP secret is required"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
SSH_OPTIONS="-i $HOME/.ssh/id_rsa -o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=$HOME/.ssh/known_hosts"
|
SSH_OPTIONS="-i $HOME/.ssh/id_rsa -o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=$HOME/.ssh/known_hosts"
|
||||||
key_fingerprint="$(ssh-keygen -lf "$HOME/.ssh/id_rsa.pub" | awk '{print $2}')"
|
key_fingerprint="$(ssh-keygen -lf "$HOME/.ssh/id_rsa.pub" | awk '{print $2}')"
|
||||||
echo "Testing SSH authentication to $VPS_HOST with deploy key fingerprint $key_fingerprint"
|
echo "Testing SSH authentication to $VPS_HOST with deploy key fingerprint $key_fingerprint"
|
||||||
@@ -407,7 +422,10 @@ jobs:
|
|||||||
env:
|
env:
|
||||||
VPS_HOST: ${{ secrets.VPS_IP }}
|
VPS_HOST: ${{ secrets.VPS_IP }}
|
||||||
run: |
|
run: |
|
||||||
VPS_HOST="${VPS_HOST:-$DEPLOY_SSH_HOST}"
|
if [ -z "$VPS_HOST" ]; then
|
||||||
|
echo "::error::VPS_IP secret is required"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
SSH_OPTIONS="-i $HOME/.ssh/id_rsa -o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=$HOME/.ssh/known_hosts"
|
SSH_OPTIONS="-i $HOME/.ssh/id_rsa -o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=$HOME/.ssh/known_hosts"
|
||||||
ssh $SSH_OPTIONS "${{ secrets.VPS_USER }}@$VPS_HOST" \
|
ssh $SSH_OPTIONS "${{ secrets.VPS_USER }}@$VPS_HOST" \
|
||||||
"mkdir -p '$DEPLOY_ROOT/scripts' '$DEPLOY_ROOT/docker/pgmanage' '$DEPLOY_ROOT/docker/registry/auth' '$DEPLOY_ROOT/dynamic'"
|
"mkdir -p '$DEPLOY_ROOT/scripts' '$DEPLOY_ROOT/docker/pgmanage' '$DEPLOY_ROOT/docker/registry/auth' '$DEPLOY_ROOT/dynamic'"
|
||||||
@@ -430,7 +448,10 @@ jobs:
|
|||||||
env:
|
env:
|
||||||
VPS_HOST: ${{ secrets.VPS_IP }}
|
VPS_HOST: ${{ secrets.VPS_IP }}
|
||||||
run: |
|
run: |
|
||||||
VPS_HOST="${VPS_HOST:-$DEPLOY_SSH_HOST}"
|
if [ -z "$VPS_HOST" ]; then
|
||||||
|
echo "::error::VPS_IP secret is required"
|
||||||
|
exit 1
|
||||||
|
fi
|
||||||
SSH_OPTIONS="-i $HOME/.ssh/id_rsa -o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=$HOME/.ssh/known_hosts"
|
SSH_OPTIONS="-i $HOME/.ssh/id_rsa -o BatchMode=yes -o IdentitiesOnly=yes -o StrictHostKeyChecking=accept-new -o UserKnownHostsFile=$HOME/.ssh/known_hosts"
|
||||||
REGISTRY_PASSWORD_B64="$(printf '%s' "${{ secrets.REGISTRY_PASSWORD }}" | base64 | tr -d '\n')"
|
REGISTRY_PASSWORD_B64="$(printf '%s' "${{ secrets.REGISTRY_PASSWORD }}" | base64 | tr -d '\n')"
|
||||||
ssh $SSH_OPTIONS "${{ secrets.VPS_USER }}@$VPS_HOST" "
|
ssh $SSH_OPTIONS "${{ secrets.VPS_USER }}@$VPS_HOST" "
|
||||||
|
|||||||
@@ -219,6 +219,8 @@ VPS_USER=<ssh-user>
|
|||||||
VPS_SSH_KEY=<deployment-private-key>
|
VPS_SSH_KEY=<deployment-private-key>
|
||||||
```
|
```
|
||||||
|
|
||||||
|
`VPS_IP` is required. The workflow does not fall back to a hard-coded SSH host, so a missing secret fails before any SSH attempt.
|
||||||
|
|
||||||
`VPS_SSH_KEY` must be an unencrypted private key that OpenSSH can read in a non-interactive job. The workflow also accepts `VPS_SSH_KEY_B64` when you prefer storing a base64-encoded private key as a single line.
|
`VPS_SSH_KEY` must be an unencrypted private key that OpenSSH can read in a non-interactive job. The workflow also accepts `VPS_SSH_KEY_B64` when you prefer storing a base64-encoded private key as a single line.
|
||||||
|
|
||||||
Supported private key formats:
|
Supported private key formats:
|
||||||
|
|||||||
Reference in New Issue
Block a user