46a84a9f9a
- Fuse deploy-caddy.yml and cloudflare.yml into deploy.yml - Add env.local.j2 template for production secrets - Vault: add all production secrets - Workflow: single deploy.yml playbook - MailerService: rewrite with S/MIME signing, email tracking, unsubscribe - ngrok-sync: run as root for .env.local write access - Fix domain references to ticket.e-cosplay.fr Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
25 lines
648 B
YAML
25 lines
648 B
YAML
name: Deploy to production
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
deploy:
|
|
runs_on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Install Ansible
|
|
run: apt-get update && apt-get install -y ansible
|
|
|
|
- name: Setup SSH key
|
|
run: |
|
|
mkdir -p ~/.ssh
|
|
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
|
|
chmod 600 ~/.ssh/id_ed25519
|
|
ssh-keyscan 34.90.187.4 >> ~/.ssh/known_hosts
|
|
|
|
- name: Deploy
|
|
run: ansible-playbook -i ansible/hosts.ini ansible/deploy.yml --vault-password-file <(echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}")
|