104 lines
3.2 KiB
YAML
104 lines
3.2 KiB
YAML
name: deploy-cloudflare
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
workflow_dispatch: {}
|
|
|
|
concurrency:
|
|
group: cloudflare-deploy-${{ forgejo.ref }}
|
|
cancel-in-progress: true
|
|
|
|
jobs:
|
|
deploy:
|
|
runs-on: codeberg-medium
|
|
steps:
|
|
- name: Checkout
|
|
uses: https://code.forgejo.org/actions/checkout@v4
|
|
with:
|
|
token: ${{ github.token }}
|
|
fetch-depth: 0
|
|
lfs: false
|
|
|
|
- name: Bootstrap runner deps
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
as_root() {
|
|
if [[ "$(id -u)" = "0" ]]; then
|
|
"$@"
|
|
elif command -v sudo >/dev/null 2>&1; then
|
|
sudo "$@"
|
|
else
|
|
echo "error: need root or sudo to install runner dependencies"
|
|
exit 2
|
|
fi
|
|
}
|
|
if command -v apt-get >/dev/null 2>&1; then
|
|
as_root apt-get update
|
|
as_root apt-get install -y curl ca-certificates nodejs npm age
|
|
elif command -v apk >/dev/null 2>&1; then
|
|
as_root apk add --no-cache curl ca-certificates nodejs npm age
|
|
fi
|
|
|
|
- name: Configure CI Age identity
|
|
env:
|
|
AGE_FORGE_SSH_KEY: ${{ secrets.AGE_FORGE_SSH_KEY }}
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
if [[ -z "${AGE_FORGE_SSH_KEY:-}" ]]; then
|
|
echo "error: missing Actions secret AGE_FORGE_SSH_KEY"
|
|
exit 2
|
|
fi
|
|
install -d -m 700 "$HOME/.ssh"
|
|
if [[ "${AGE_FORGE_SSH_KEY}" == "-----BEGIN OPENSSH PRIVATE KEY-----"* ]]; then
|
|
printf '%s\n' "${AGE_FORGE_SSH_KEY}" > "$HOME/.ssh/age_forge_ed25519"
|
|
else
|
|
printf '%s' "${AGE_FORGE_SSH_KEY}" | base64 -d > "$HOME/.ssh/age_forge_ed25519"
|
|
fi
|
|
chmod 600 "$HOME/.ssh/age_forge_ed25519"
|
|
|
|
- name: Decrypt CI secrets from repo
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
key_file="$HOME/.ssh/age_forge_ed25519"
|
|
secret_file="secrets/cloudflare-api-token.age"
|
|
if [[ ! -f "$secret_file" ]]; then
|
|
echo "error: missing ${secret_file}"
|
|
exit 2
|
|
fi
|
|
CLOUDFLARE_API_TOKEN="$(age -d -i "$key_file" "$secret_file")"
|
|
if [[ -z "${CLOUDFLARE_API_TOKEN}" ]]; then
|
|
echo "error: decrypted CLOUDFLARE_API_TOKEN is empty"
|
|
exit 2
|
|
fi
|
|
echo "::add-mask::${CLOUDFLARE_API_TOKEN}"
|
|
echo "CLOUDFLARE_API_TOKEN=${CLOUDFLARE_API_TOKEN}" >> "$GITHUB_ENV"
|
|
|
|
- name: Build site (Dioxus web)
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
if ! command -v cargo >/dev/null 2>&1; then
|
|
curl -fsSL https://sh.rustup.rs | sh -s -- -y --profile minimal
|
|
. "$HOME/.cargo/env"
|
|
elif [[ -f "$HOME/.cargo/env" ]]; then
|
|
. "$HOME/.cargo/env"
|
|
fi
|
|
rustup target add wasm32-unknown-unknown
|
|
if ! command -v trunk >/dev/null 2>&1; then
|
|
cargo install trunk --locked
|
|
fi
|
|
|
|
cd apps/tauri/ui
|
|
trunk build --release --public-url /
|
|
|
|
- name: Deploy worker
|
|
shell: bash
|
|
run: |
|
|
set -euo pipefail
|
|
cd ../../../deploy/cloudflare-worker
|
|
npm ci
|
|
npx wrangler deploy
|