5449ab9d4d
Some checks failed
CI / sonarqube (push) Has been cancelled
- .gitea/workflows/deploy.yml: replace manual ssh key setup + raw ssh command with the appleboy/ssh-action@v1.0.0 action - host, user, key and deploy path are now read from Gitea secrets (SSH_HOST, SSH_USER, SSH_PRIVATE_KEY, DEPLOY_PATH) instead of being hard-coded in the workflow - ansible-playbook command and vault password file (process substitution fed by ANSIBLE_VAULT_PASSWORD) are kept identical, only the transport changes Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
21 lines
573 B
YAML
21 lines
573 B
YAML
name: Deploy to production
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
schedule:
|
|
- cron: '0 1,22 * * *'
|
|
|
|
jobs:
|
|
deploy:
|
|
runs_on: ubuntu-latest
|
|
steps:
|
|
- name: Deploy with SSH
|
|
uses: appleboy/ssh-action@v1.0.0
|
|
with:
|
|
host: ${{ secrets.SSH_HOST }}
|
|
username: ${{ secrets.SSH_USER }}
|
|
key: ${{ secrets.SSH_PRIVATE_KEY }}
|
|
port: 22
|
|
script: |
|
|
cd ${{ secrets.DEPLOY_PATH }} && ansible-playbook ansible/deploy.yml -i ansible/hosts.ini --vault-password-file <(echo '${{ secrets.ANSIBLE_VAULT_PASSWORD }}')
|