name: Deploy to production

on:
  workflow_dispatch:
  schedule:
    - cron: '0 1,22 * * *'

jobs:
  deploy:
    runs_on: ubuntu-latest
    steps:
      - name: Deploy with SSH
        uses: appleboy/ssh-action@v1.0.0
        env:
          VAULT_PASS: ${{ secrets.ANSIBLE_VAULT_PASSWORD }}
        with:
          host: ${{ secrets.SSH_HOST }}
          username: ${{ secrets.SSH_USER }}
          key: ${{ secrets.SSH_PRIVATE_KEY }}
          port: 22
          envs: VAULT_PASS
          script: |
            set -e
            cd ${{ secrets.DEPLOY_PATH }}
            VAULT_FILE="$(mktemp)"
            trap 'rm -f "$VAULT_FILE"' EXIT
            printf '%s' "$VAULT_PASS" > "$VAULT_FILE"
            chmod 600 "$VAULT_FILE"
            ansible-playbook ansible/deploy.yml -i ansible/hosts.ini --vault-password-file "$VAULT_FILE"