From 8f8d8f5dbb3cdc827504cc4ebff286c8aeb651aa Mon Sep 17 00:00:00 2001 From: Aikyn Sagyntai Date: Mon, 30 Mar 2026 01:25:01 +0500 Subject: [PATCH 1/4] deploy to prod --- .github/workflows/ci.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 922ac00..04439be 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -82,6 +82,8 @@ jobs: needs: build-and-push-images if: github.ref == 'refs/heads/prod' runs-on: ubuntu-latest + environment: + name: production env: SERVER_HOST: ${{ secrets.SERVER_IP }} SERVER_USER: ${{ secrets.SERVER_USER }} From 54d0e223db9da67a7c89d141880bcd613483b5e5 Mon Sep 17 00:00:00 2001 From: Aikyn Sagyntai Date: Mon, 30 Mar 2026 01:29:11 +0500 Subject: [PATCH 2/4] deploy to prod --- .github/workflows/ci.yml | 44 ++++++++++++++++++++++++++++++---------- 1 file changed, 33 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 04439be..e5dc512 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -96,10 +96,41 @@ jobs: steps: - uses: actions/checkout@v4 + - name: Normalize deploy settings + run: | + server_host="$(printf '%s' "${SERVER_HOST}" | tr -d '\r' | sed -E 's#^[[:space:]]*https?://##; s#/.*$##; s/[[:space:]]+$//')" + server_user="$(printf '%s' "${SERVER_USER}" | tr -d '\r' | sed -E 's/[[:space:]]+$//')" + server_port="$(printf '%s' "${SERVER_PORT}" | tr -d '\r' | sed -E 's/[[:space:]]+$//')" + deploy_path="$(printf '%s' "${DEPLOY_PATH}" | tr -d '\r' | sed -E 's/[[:space:]]+$//')" + + : "${server_user:=ubuntu}" + : "${server_port:=22}" + : "${deploy_path:=/opt/focus}" + + if [ -z "$server_host" ]; then + echo "SERVER_IP secret is empty or invalid" >&2 + exit 1 + fi + + if [ -z "$SSH_PRIVATE_KEY" ]; then + echo "SSH_PRIVATE_KEY secret is empty" >&2 + exit 1 + fi + + if [ -z "$GHCR_TOKEN" ]; then + echo "GHCR_TOKEN secret is empty" >&2 + exit 1 + fi + + { + echo "SERVER_HOST=$server_host" + echo "SERVER_USER=$server_user" + echo "SERVER_PORT=$server_port" + echo "DEPLOY_PATH=$deploy_path" + } >> "$GITHUB_ENV" + - name: Prepare SSH run: | - : "${SERVER_USER:=ubuntu}" - : "${SERVER_PORT:=22}" mkdir -p ~/.ssh printf '%s\n' "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa @@ -107,9 +138,6 @@ jobs: - name: Upload deployment files run: | - : "${SERVER_USER:=ubuntu}" - : "${SERVER_PORT:=22}" - : "${DEPLOY_PATH:=/opt/focus}" ssh -p "$SERVER_PORT" "$SERVER_USER@$SERVER_HOST" "mkdir -p '$DEPLOY_PATH'" scp -P "$SERVER_PORT" deploy/docker-compose.server.yml "$SERVER_USER@$SERVER_HOST:$DEPLOY_PATH/docker-compose.yml" @@ -150,16 +178,10 @@ jobs: - name: Upload env file run: | - : "${SERVER_USER:=ubuntu}" - : "${SERVER_PORT:=22}" - : "${DEPLOY_PATH:=/opt/focus}" scp -P "$SERVER_PORT" deploy.env "$SERVER_USER@$SERVER_HOST:$DEPLOY_PATH/.env" - name: Deploy on server run: | - : "${SERVER_USER:=ubuntu}" - : "${SERVER_PORT:=22}" - : "${DEPLOY_PATH:=/opt/focus}" ssh -p "$SERVER_PORT" "$SERVER_USER@$SERVER_HOST" < Date: Mon, 30 Mar 2026 01:32:37 +0500 Subject: [PATCH 3/4] deploy to prod --- .github/workflows/ci.yml | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e5dc512..0f35929 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -98,11 +98,29 @@ jobs: - name: Normalize deploy settings run: | - server_host="$(printf '%s' "${SERVER_HOST}" | tr -d '\r' | sed -E 's#^[[:space:]]*https?://##; s#/.*$##; s/[[:space:]]+$//')" + server_host="$(printf '%s' "${SERVER_HOST}" | tr -d '\r' | sed -E 's/^[[:space:]]+//; s/[[:space:]]+$//')" server_user="$(printf '%s' "${SERVER_USER}" | tr -d '\r' | sed -E 's/[[:space:]]+$//')" server_port="$(printf '%s' "${SERVER_PORT}" | tr -d '\r' | sed -E 's/[[:space:]]+$//')" deploy_path="$(printf '%s' "${DEPLOY_PATH}" | tr -d '\r' | sed -E 's/[[:space:]]+$//')" + server_host="${server_host#http://}" + server_host="${server_host#https://}" + server_host="${server_host%%/*}" + + if [[ "$server_host" == *"@"* ]]; then + if [ -z "$server_user" ]; then + server_user="${server_host%@*}" + fi + server_host="${server_host#*@}" + fi + + if printf '%s' "$server_host" | grep -Eq '^[^:/]+:[0-9]+$'; then + if [ -z "$server_port" ]; then + server_port="${server_host##*:}" + fi + server_host="${server_host%:*}" + fi + : "${server_user:=ubuntu}" : "${server_port:=22}" : "${deploy_path:=/opt/focus}" From 916dff893a4a027358fcb385db3121e95c203fff Mon Sep 17 00:00:00 2001 From: Aikyn Sagyntai Date: Mon, 30 Mar 2026 01:36:25 +0500 Subject: [PATCH 4/4] deploy to prod --- .github/workflows/ci.yml | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0f35929..179fcfb 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -152,7 +152,11 @@ jobs: mkdir -p ~/.ssh printf '%s\n' "$SSH_PRIVATE_KEY" > ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa - ssh-keyscan -p "$SERVER_PORT" -H "$SERVER_HOST" >> ~/.ssh/known_hosts + ssh-keyscan -T 10 -p "$SERVER_PORT" -H "$SERVER_HOST" >> ~/.ssh/known_hosts || { + echo "Could not read SSH host key from $SERVER_HOST:$SERVER_PORT" >&2 + echo "Check that SERVER_IP and SERVER_PORT point to the SSH service, not a web panel port." >&2 + exit 1 + } - name: Upload deployment files run: |