This repository has been archived on 2025-11-04. You can view files and clone it, but you cannot make any changes to its state, such as pushing and creating new issues, pull requests or comments.
days-since/.github/workflows/ci-cd.yml

127 lines
4.4 KiB
YAML

name: CI / CD
on:
push:
branches: ["main"]
workflow_dispatch:
permissions:
contents: read
pages: write
id-token: write
jobs:
increment:
runs-on: ubuntu-latest
if: github.event_name == 'push' && github.ref == 'refs/heads/main' || (github.event_name == 'pull_request' && github.event.pull_request.merged == true && github.ref == 'refs/heads/main')
permissions:
contents: write
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Determine PR merge or direct push
id: pr-merge
run: |
if [[ "${{ github.event_name }}" == "push" && "${{ github.event.head_commit.message }}" == "Merge pull request"* ]]; then
echo "This is a PR merge commit."
echo "pr_merge=true" >> $GITHUB_OUTPUT
else
echo "This is a direct push to main."
echo "pr_merge=false" >> $GITHUB_OUTPUT
fi
- name: Determine version bump type
id: version-bump
run: |
pr_merge="${{ steps.check-pr-merge.outputs.pr_merge }}"
if [ "$pr_merge" == "true" ]; then
tags="${{ steps.get_pr_tags.outputs.tags }}"
bump_type="patch"
if [[ "$tags" =~ "major" ]]; then
bump_type="major"
elif [[ "$tags" =~ "minor" ]]; then
bump_type="minor"
fi
echo "PR merge detected. Bumping version as $bump_type."
else
bump_type="patch"
echo "Direct push to main detected. Bumping version as patch."
fi
echo "bump_type=$bump_type" >> $GITHUB_OUTPUT
- name: npm version bump
run: |
npm version ${{ steps.version-bump.outputs.bump_type }} ---no-commit-hooks --no-git-tag-version
- name: Commit changes
uses: stefanzweifel/git-auto-commit-action@v5.0.1
with:
commit_message: |
Incrementing project version
[skip ci]
build:
runs-on: ubuntu-latest
if: ${{ always() }}
needs: increment
env:
REMOTE_USER: ${{ secrets.REMOTE_USER }}
REMOTE_HOST: ${{ secrets.REMOTE_HOST }}
REMOTE_DIR: ${{ secrets.REMOTE_DIR }}
DATABASE_URL: ${{ secrets.DATABASE_URL }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
NEXT_PUBLIC_POSTHOG_KEY: ${{ secrets.NEXT_PUBLIC_POSTHOG_KEY }}
CLERK_SECRET_KEY: ${{ secrets.CLERK_SECRET_KEY }}
NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY: ${{ secrets.NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY }}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
ref: main
- name: Connect to tailscale
uses: tailscale/github-action@v2
with:
authkey: ${{ secrets.TAILSCALE_AUTH_KEY }}
- name: Setup Node.js environment
uses: actions/setup-node@v4.1.0
- name: Install pnpm
run: npm install -g pnpm
- name: Install dependencies and build
run: |
pnpm install
pnpm build
- name: Write environment variables
run: |
echo "DATABASE_URL=${DATABASE_URL}" > .env
echo "SENTRY_AUTH_TOKEN=${SENTRY_AUTH_TOKEN}" >> .env
echo "NEXT_PUBLIC_POSTHOG_KEY=${NEXT_PUBLIC_POSTHOG_KEY}" >> .env
echo "CLERK_SECRET_KEY=${CLERK_SECRET_KEY}" >> .env
echo "NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY=${NEXT_PUBLIC_CLERK_PUBLISHABLE_KEY}" >> .env
- name: Update server dependencies
run: |
ssh -o StrictHostKeyChecking=no $REMOTE_USER@$REMOTE_HOST << EOF
cd $REMOTE_DIR
git pull
nom develop ~/dotfiles#js-dev --command pnpm install --frozen-lockfile
EOF
- name: Deploy build files
run: |
rsync -avz --delete -e "ssh -o StrictHostKeyChecking=no" ./.next .env $REMOTE_USER@$REMOTE_HOST:$REMOTE_DIR
- name: Update production database
run: |
ssh -o StrictHostKeyChecking=no $REMOTE_USER@$REMOTE_HOST << EOF
cd $REMOTE_DIR
nom develop ~/dotfiles#js-dev --command pnpm db:push
EOF
- name: Reload PM2 configuration
env:
REMOTE_USER: ${{ secrets.REMOTE_USER }}
REMOTE_HOST: ${{ secrets.REMOTE_HOST }}
run: |
ssh -o StrictHostKeyChecking=no $REMOTE_USER@$REMOTE_HOST << EOF
cd $REMOTE_DIR
unset name
pm2 reload days-since --update-env
EOF