feat: Enable HTTPS for GitHub social authentication redirect #20
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Publish a GitHub Packages Container to Tutor and Deploy" | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| permissions: | |
| contents: read | |
| packages: write | |
| jobs: | |
| publish-image: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| platform: [linux/amd64, linux/arm64/v8] | |
| steps: | |
| # 1. Fazer o checkout do código | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| # 1.1. Setup BuildX com Multiplataforma | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| # 2. Fazer o build da imagem e push | |
| - name: Build and Push Docker image | |
| run: | | |
| echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
| if [ ${{ matrix.platform }} == "linux/amd64" ]; then | |
| docker buildx build --platform ${{ matrix.platform }} -t ghcr.io/${{ github.repository_owner }}/tutor-image:latest-amd64 --push . | |
| elif [ ${{ matrix.platform }} == "linux/arm64/v8" ]; then | |
| docker buildx build --platform ${{ matrix.platform }} -t ghcr.io/${{ github.repository_owner }}/tutor-image:latest-arm64-v8 --push . | |
| fi | |
| deploy: | |
| needs: publish-image | |
| runs-on: | |
| group: RaspberryPI | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: GH Private Key Setup | |
| run: | | |
| sudo touch /opt/tutor/private-key.pem | |
| touch private-key.pem | |
| sudo echo "${{ secrets.GH_PRIVATE_KEY }}" > private-key.pem | |
| sudo cp private-key.pem /opt/tutor/private-key.pem | |
| sudo chmod 600 private-key.pem | |
| - name: Create .env file | |
| env: | |
| GITHUB_OAUTH_SECRET: ${{ secrets.GH_OAUTH_SECRET }} | |
| GITHUB_OAUTH_CLIENT_ID: ${{ secrets.GH_OAUTH_CLIENT_ID }} | |
| SECRET_KEY: ${{ secrets.SECRET_KEY }} | |
| GH_APP_INSTALL_ID: "52171145" | |
| GH_APP_ID: "929272" | |
| GH_PRIVATE_KEY_FILE: "private-key.pem" | |
| DEBUG: False | |
| DATABASE: "postgres" | |
| POSTGRES_HOST: ${{ secrets.POSTGRES_HOST }} | |
| POSTGRES_USER: ${{ secrets.POSTGRES_USER }} | |
| POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }} | |
| POSTGRES_DB: ${{ secrets.POSTGRES_DB }} | |
| run: | | |
| echo "Creating .env file..." | |
| sudo rm -f /opt/tutor/.env | |
| sudo touch /opt/tutor/.env | |
| touch .env | |
| FILE=.env | |
| echo "GITHUB_OAUTH_SECRET=${GITHUB_OAUTH_SECRET}" > ${FILE} | |
| echo "GITHUB_OAUTH_CLIENT_ID=${GITHUB_OAUTH_CLIENT_ID}" >> ${FILE} | |
| echo "SECRET_KEY=${SECRET_KEY}" >> ${FILE} | |
| echo "GH_APP_INSTALL_ID=${GH_APP_INSTALL_ID}" >> ${FILE} | |
| echo "GH_APP_ID=${GH_APP_ID}" >> ${FILE} | |
| echo "GH_PRIVATE_KEY_FILE=${GH_PRIVATE_KEY_FILE}" >> ${FILE} | |
| echo "DEBUG=${DEBUG}" >> ${FILE} | |
| echo "DATABASE=${DATABASE}" >> ${FILE} | |
| echo "POSTGRES_HOST=${POSTGRES_HOST}" >> ${FILE} | |
| echo "POSTGRES_USER=${POSTGRES_USER}" >> ${FILE} | |
| echo "POSTGRES_PASSWORD=${POSTGRES_PASSWORD}" >> ${FILE} | |
| echo "POSTGRES_DB=${POSTGRES_DB}" >> ${FILE} | |
| echo "Send .env file to /opt/tutor/.env" | |
| sudo cp .env /opt/tutor/.env | |
| echo "Done!" | |
| - name: Send updated docker-compose-prod.yml file | |
| run: | | |
| echo "Sending updated docker-compose-prod.yml file..." | |
| sudo rm -f /opt/tutor/docker-compose-prod.yml | |
| sudo cp ./docker-compose-prod.yml /opt/tutor/docker-compose-prod.yml | |
| - name: Restart Tutor (ARM) | |
| run: | | |
| echo "Restarting Tutor..." | |
| sudo docker pull ghcr.io/codaqui/tutor-image:latest-arm64-v8 | |
| sudo docker compose -f /opt/tutor/docker-compose-prod.yml up -d --force-recreate --remove-orphans | |
| echo "Done!" |