This approach uses 1 GitHub Action but it needs more bash scripting
I chose approach 2 because git clone is superior to rsync.
This is my ci.yml
name: Deploy via SSH
on: [workflow_dispatch]
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
steps:
- name: Deploy via SSH
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.SSH_HOST }}
username: ${{ secrets.SSH_USERNAME }}
key: ${{ secrets.SSH_KEY }}
script: |
# git update to latest codebase on main branch
cd /path/to/project && git pull
# updating the .env file
cat <<EOF > ${{ secrets.ENVFILE_PATH }}
# start of envfile
DJANGO_SECRET_KEY=${{ secrets.ENVFILE_DJANGO_SECRET_KEY }}
# end of envfile
EOF
# see end result of envfile
ls -l ${{ secrets.ENVFILE_PATH }}
As for how to save the secrets to your GitHub repo for SSH access, please check this article
Note: the cloudflare was overzealous in hiding the repo and branch name which uses the @ symbol. So best to go read the SO answer to see the full response
Not sure you meant by "managing creds", I'm looking at storing codebase specific env variables for production on github secrets at the repo level.
Then somehow use github actions to deploy and re-create the .env file for production environments
UPDATE:
I wrote up of my current approach as a SO answer to my own question.
Reproduced below:
I realized I should have fleshed out the whole target scenario more explicitly in terms of hard requirements.
Must use:
Must see:
mainbranchI discover 2 general approaches.
Outline:
1. checkout action then rsync to update codebase
2. create-envfile then rsync
This approach uses mixture of GitHub Actions. Namely, checkout and create-envfile
This approach uses 1 GitHub Action but it needs more bash scripting
I chose approach 2 because
git cloneis superior to rsync.This is my
ci.ymlAs for how to save the secrets to your GitHub repo for SSH access, please check this article
Note: the cloudflare was overzealous in hiding the repo and branch name which uses the
@symbol. So best to go read the SO answer to see the full responseThank you for sharing KimSia :)