github/ttl.sh
1
0
Fork 0
mirror of https://github.com/replicatedhq/ttl.sh.git synced 2026-02-14 16:59:51 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
Files
39a7890f46fcf8e9dac603faedec0da50ed2ffa0
ttl.sh/.github/workflows/deploy.yml
Marc Campbell 233df3c8cb Make workflow dry run only for testing 
- Build images but skip push
- Run Ansible with --check flag (no changes made)
- Renamed workflow to indicate dry run mode

This lets us verify credentials and workflow before enabling real deploys.

Signed-off-by: Marc Campbell <marc.e.campbell@gmail.com>
2026-02-02 20:43:42 +00:00

91 lines
3.4 KiB
YAML
Raw Blame History

name: Deploy ttl.sh (DRY RUN)
on:
push:
branches:
- main
workflow_dispatch: # Manual trigger for emergencies
concurrency:
group: deploy-production
cancel-in-progress: false # Don't cancel in-progress deploys
jobs:
build-and-push:
name: Build & Push Images
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Doppler CLI
uses: dopplerhq/cli-action@v3
- name: Authenticate to GCP Artifact Registry
run: |
# Get GCP credentials from Doppler and configure Docker
doppler secrets get GCS_KEY_ENCODED --plain | base64 -d > /tmp/gcp-key.json
gcloud auth activate-service-account --key-file=/tmp/gcp-key.json
gcloud auth configure-docker us-east4-docker.pkg.dev --quiet
rm /tmp/gcp-key.json
env:
DOPPLER_TOKEN: ${{ secrets.DOPPLER_TOKEN }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build images (dry run - no push)
run: |
docker compose build
echo "✅ Build succeeded - skipping push (dry run mode)"
env:
DOPPLER_TOKEN: ${{ secrets.DOPPLER_TOKEN }}
deploy:
name: Deploy to Production
runs-on: ubuntu-latest
needs: build-and-push
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Install Doppler CLI
uses: dopplerhq/cli-action@v3
- name: Install Ansible
run: |
sudo apt-get update
sudo apt-get install -y ansible
ansible-galaxy collection install community.general google.cloud community.docker
- name: Setup SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
ssh-keyscan -H 178.156.198.215 >> ~/.ssh/known_hosts
- name: Run Ansible deployment (dry run)
working-directory: ./ansible
env:
DOPPLER_TOKEN: ${{ secrets.DOPPLER_TOKEN }}
run: |
echo "🔍 Running Ansible in check mode (dry run - no changes will be made)"
ansible-playbook --check \
-e "cloudflare_api_token=$(doppler secrets get CF_API_TOKEN --plain)" \
-e "cloudflare_zone_id=$(doppler secrets get CF_ZONE_ID --plain)" \
-e "cloudflare_email=$(doppler secrets get LE_EMAIL --plain)" \
-e "le_email=$(doppler secrets get LE_EMAIL --plain)" \
-e "gcloud_sa_email=$(doppler secrets get GOOGLE_APPLICATION_CREDENTIALS_EMAIL --plain)" \
-e "gcloud_sa_key_json=$(doppler secrets get GCS_KEY_ENCODED --plain)" \
-e "gcloud_registry_host=$(doppler secrets get GOOGLE_CLOUD_ARTIFACT_REGISTRY_URI --plain)" \
-e "gcs_key_encoded=$(doppler secrets get GCS_KEY_ENCODED --plain)" \
-e "hook_token=$(doppler secrets get HOOK_TOKEN --plain)" \
-e "hook_uri=$(doppler secrets get HOOK_URI --plain)" \
-e "redis_password=$(doppler secrets get REDIS_PASSWORD --plain)" \
-e "rediscloud_url=$(doppler secrets get REDISCLOUD_URL --plain)" \
-e "replreg_host=$(doppler secrets get REPLREG_HOST --plain)" \
-e "replreg_secret=$(doppler secrets get REPLREG_SECRET --plain)" \
-e "registry_url=$(doppler secrets get REGISTRY_URL --plain)" \
playbooks/site.yml
Reference in New Issue View Git Blame Copy Permalink