e3de0da1bf
- Ansible cloudflare.yml: DNS, SSL, HSTS, Brotli, bot fight, SEO bots allow - Vault: add cloudflare_zone_id - Workflow: run cloudflare config before deploy - docker-compose-dev: add ngrok tunnel, vault, minio - Ngrok sync script: writes OUTSIDE_URL to .env.local - Fix Dockerfiles: remove mbstring/xml (built-in PHP 8.4), fix libfreetype-dev - Makefile: maintenance_on/off, clear_prod - Playbook: stop_prod, install_prod, start_prod, migrate, clear steps Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
28 lines
813 B
YAML
28 lines
813 B
YAML
name: Deploy to production
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
deploy:
|
|
runs_on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Install Ansible
|
|
run: apt-get update && apt-get install -y ansible
|
|
|
|
- name: Setup SSH key
|
|
run: |
|
|
mkdir -p ~/.ssh
|
|
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_ed25519
|
|
chmod 600 ~/.ssh/id_ed25519
|
|
ssh-keyscan 34.90.187.4 >> ~/.ssh/known_hosts
|
|
|
|
- name: Configure Cloudflare
|
|
run: ansible-playbook ansible/cloudflare.yml --vault-password-file <(echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}")
|
|
|
|
- name: Deploy
|
|
run: ansible-playbook -i ansible/hosts.ini ansible/deploy-caddy.yml --vault-password-file <(echo "${{ secrets.ANSIBLE_VAULT_PASSWORD }}")
|