giersig.eu/indiekit-server
1
0
Fork 0
Code Issues Actions Packages Projects Releases Activity
Files
53b40a5edc077c8ac0cfa9806fff61345b973ced
indiekit-server/.github/workflows/deploy.yml
svemagie ae936b2e1a fix(deploy): explicitly re-run all patches after npm ci 
Adds an explicit patch loop in the deploy step to ensure all
scripts/patch-*.mjs run even if npm ci postinstall was skipped.
This guarantees changelog categorization and other patches are
always applied on the server regardless of npm install mode.
2026-03-10 17:33:41 +01:00

87 lines
4.0 KiB
YAML
Raw Blame History

name: Deploy Indiekit Blog
on:
push:
branches:
- main
jobs:
deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up Node.js
uses: actions/setup-node@v3
with:
node-version: '18'
- name: Install dependencies
run: npm ci --legacy-peer-deps
- name: Build (if needed)
run: |
# Add build steps if your project requires them
echo "No build step required"
- name: Deploy to FreeBSD host and jail
uses: appleboy/ssh-action@v0.1.10
with:
host: ${{ secrets.FREEBSD_HOST }}
username: ${{ secrets.FREEBSD_DEPLOY_USER }}
key: ${{ secrets.FREEBSD_DEPLOY_SSH_KEY }}
port: 222
script: |
set -eu
restart_log=/tmp/indiekit-restart.log
# Update code and dependencies as indiekit user inside the jail.
sudo bastille cmd node sh -lc 'su -l indiekit -c "cd /usr/local/indiekit && git fetch origin && git reset --hard origin/main && npm ci --legacy-peer-deps && install -m 755 start.example.sh start.sh"'
# sharp/libvips are managed manually on the server.
# Verify and re-apply patches in case postinstall was skipped (e.g. npm ci --ignore-scripts).
sudo bastille cmd node sh -lc 'su -l indiekit -c "cd /usr/local/indiekit && for patch in scripts/patch-*.mjs; do node \"\$patch\"; done"'
# Ensure env file exists and contains auth secrets required by start.sh.
sudo bastille cmd node sh -lc 'su -l indiekit -c "cd /usr/local/indiekit && test -f .env"'
sudo bastille cmd node sh -lc 'su -l indiekit -c "cd /usr/local/indiekit && if ! grep -Eq \"^SECRET=.*\" .env; then echo \"Missing SECRET in /usr/local/indiekit/.env\"; exit 1; fi; if ! (grep -Eq \"^PASSWORD_SECRET=.*\" .env || grep -Eq \"^INDIEKIT_ALLOW_PASSWORD_SETUP=1\" .env); then echo \"Missing PASSWORD_SECRET (or set INDIEKIT_ALLOW_PASSWORD_SETUP=1 for one-time recovery) in /usr/local/indiekit/.env\"; exit 1; fi"'
# Validate startup prerequisites before touching the running service.
sudo bastille cmd node sh -lc 'su -l indiekit -c "cd /usr/local/indiekit && NODE_ENV=production node scripts/preflight-production-security.mjs"'
sudo bastille cmd node sh -lc 'su -l indiekit -c "cd /usr/local/indiekit && NODE_ENV=production node scripts/preflight-mongo-connection.mjs"'
# Restart asynchronously to avoid hanging SSH sessions when rc scripts keep stdout open.
sudo bastille cmd node sh -lc "nohup service indiekit restart >${restart_log} 2>&1 </dev/null &"
# Give the process time to boot and pass preflight checks.
attempts=0
max_attempts=30
while [ "$attempts" -lt "$max_attempts" ]; do
if sudo bastille cmd node sh -lc 'service indiekit onestatus >/dev/null 2>&1'; then
echo "Indiekit restart triggered and service is running."
exit 0
fi
attempts=$((attempts + 1))
sleep 2
done
echo "Indiekit process not found after restart."
sudo bastille cmd node sh -lc "tail -n 120 ${restart_log} || true"
sudo bastille cmd node sh -lc 'service indiekit onestatus || true'
sudo bastille cmd node sh -lc 'su -l indiekit -c "cd /usr/local/indiekit && NODE_ENV=production node scripts/preflight-production-security.mjs" || true'
sudo bastille cmd node sh -lc 'su -l indiekit -c "cd /usr/local/indiekit && NODE_ENV=production node scripts/preflight-mongo-connection.mjs" || true'
exit 1
# Optionally reload nginx on web jail
# - name: Reload nginx
# uses: appleboy/ssh-action@v0.1.10
# with:
# host: ${{ secrets.FREEBSD_WEB_HOST }}
# username: ${{ secrets.FREEBSD_WEB_USER }}
# key: ${{ secrets.FREEBSD_WEB_SSH_KEY }}
# port: ${{ secrets.FREEBSD_WEB_PORT }}
# script: sudo service nginx reload
Reference in New Issue View Git Blame Copy Permalink