Move project structure to de.splayfer.radio #24
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow will build a package using Maven and then publish it to GitHub packages when a release is created | |
| # For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#apache-maven-with-a-settings-path | |
| name: Build and Deploy to Staging server | |
| on: | |
| push: | |
| branches: [ master ] | |
| pull_request: | |
| branches: [ master ] | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| REMOTE_PATH: /opt/dockerfiles/radio | |
| GHCR_USER: splayfery | |
| TAGS: latest | |
| jobs: | |
| build-and-publish: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| attestations: write | |
| id-token: write | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Set up Coretto 21 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '21' | |
| distribution: 'corretto' | |
| server-id: github # Value of the distributionManagement/repository/id field of the pom.xml | |
| settings-path: ${{ github.workspace }} # location for the settings.xml file | |
| - name: Cache Gradle packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| - name: Build with Gradle | |
| run: ./gradlew build --parallel --no-daemon --configuration-cache | |
| - name: Set up QEMU (for ARM emulation) | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| install: true | |
| driver: docker-container | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Cleanup old latest images in GHCR | |
| uses: actions/delete-package-versions@v5 | |
| continue-on-error: true | |
| with: | |
| package-name: radio | |
| package-type: container | |
| min-versions-to-keep: 1 | |
| - name: Extract metadata (tags, labels) for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: ${{ env.TAGS }} | |
| - name: Build and push multi-arch Docker image | |
| id: push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| platforms: linux/amd64,linux/arm64 | |
| - name: Generate artifact attestation | |
| uses: actions/attest-build-provenance@v2 | |
| with: | |
| subject-name: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME}} | |
| subject-digest: ${{ steps.push.outputs.digest }} | |
| push-to-registry: true | |
| start-service: | |
| runs-on: ubuntu-latest | |
| needs: build-and-publish | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Install SSH Key | |
| uses: shimataro/ssh-key-action@v2 | |
| with: | |
| key: ${{ secrets.SSH_PRIVATE_KEY }} | |
| known_hosts: unnecessary | |
| - name: Adding Known Hosts | |
| run: ssh-keyscan -p ${{ secrets.PORT }} -H ${{ secrets.HOST }} >> ~/.ssh/known_hosts | |
| - name: Configure SSH | |
| run: | | |
| mkdir -p ~/.ssh/ | |
| echo "$SSH_KEY" > ~/.ssh/staging.key | |
| chmod 600 ~/.ssh/staging.key | |
| cat >>~/.ssh/config <<END | |
| Host staging | |
| HostName $SSH_HOST | |
| User $SSH_USER | |
| IdentityFile ~/.ssh/staging.key | |
| StrictHostKeyChecking no | |
| END | |
| env: | |
| SSH_USER: ${{ secrets.USERNAME }} | |
| SSH_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
| SSH_HOST: ${{ secrets.HOST }} | |
| - name: Set lowercase IMAGE_NAME | |
| run: echo "IMAGE_NAME=${GITHUB_REPOSITORY,,}" >> $GITHUB_ENV | |
| - name: Sync Docker Compose File | |
| run: rsync -avz docker-compose.yaml ${{ secrets.USERNAME }}@${{ secrets.HOST }}:${{ env.REMOTE_PATH }} | |
| - name: Deploy and Restart Container | |
| run: | | |
| ssh staging " | |
| echo '${{ secrets.GHCR_TOKEN }}' | docker login ghcr.io -u ${{ env.GHCR_USER }} --password-stdin && | |
| # Stop running container | |
| docker compose -f ${REMOTE_PATH}/docker-compose.yaml down || true && | |
| # Pull latest image | |
| docker pull ${REGISTRY}/${IMAGE_NAME}:${{ env.TAGS }} && | |
| # Remove unused old images | |
| docker image prune -af && | |
| # Start new container | |
| docker compose -f ${REMOTE_PATH}/docker-compose.yaml up -d | |
| " |