From d7dee6f8b476ca66b47cf82e397e55a8545a9abd Mon Sep 17 00:00:00 2001 From: deco Date: Sun, 6 Jul 2025 23:26:00 +0300 Subject: [PATCH] Add .forgejo/workflows/deploy-scripts.yml --- .forgejo/workflows/deploy-scripts.yml | 113 ++++++++++++++++++++++++++ 1 file changed, 113 insertions(+) create mode 100644 .forgejo/workflows/deploy-scripts.yml diff --git a/.forgejo/workflows/deploy-scripts.yml b/.forgejo/workflows/deploy-scripts.yml new file mode 100644 index 0000000..6c85ec7 --- /dev/null +++ b/.forgejo/workflows/deploy-scripts.yml @@ -0,0 +1,113 @@ +name: Deploy Scripts to S3 + +on: + push: + branches: [ main ] + paths: + - 'scripts/**' + - '.forgejo/workflows/deploy-scripts.yml' + workflow_dispatch: + +permissions: + id-token: write + contents: write + pull-requests: write + +jobs: + deploy-scripts: + runs-on: self-hosted + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Configure AWS credentials using OIDC + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_ARN }} + aws-region: ${{ secrets.AWS_REGION }} + role-session-name: icewatch-deploy-scripts + + - name: Upload deployment script to S3 + run: | + # Upload the main deployment script + aws s3 cp scripts/deploy.sh s3://${{ secrets.S3_BUCKET_NAME }}/scripts/deploy.sh \ + --content-type "text/plain" \ + --cache-control "max-age=300" \ + --metadata-directive REPLACE \ + --metadata "version=$(git rev-parse --short HEAD),updated=$(date -u +%Y-%m-%dT%H:%M:%SZ)" + + # Upload systemd service file + aws s3 cp scripts/icewatch.service s3://${{ secrets.S3_BUCKET_NAME }}/scripts/icewatch.service \ + --content-type "text/plain" \ + --cache-control "max-age=3600" + + # Upload Caddyfile + aws s3 cp scripts/Caddyfile s3://${{ secrets.S3_BUCKET_NAME }}/scripts/Caddyfile \ + --content-type "text/plain" \ + --cache-control "max-age=3600" + + echo "✅ Scripts uploaded successfully!" + echo "📁 Deploy script URL: https://${{ secrets.S3_BUCKET_NAME }}.s3.amazonaws.com/scripts/deploy.sh" + + - name: Update README with current URLs + run: | + # Update README with current S3 URLs + sed -i "s|curl -sSL.*deploy.sh|curl -sSL https://${{ secrets.S3_BUCKET_NAME }}.s3.amazonaws.com/scripts/deploy.sh|g" README.md + + # Check if README was modified + if git diff --quiet README.md; then + echo "No README updates needed" + else + echo "README updated with new S3 URLs" + + # Get current branch name + CURRENT_BRANCH=$(git rev-parse --abbrev-ref HEAD) + echo "Current branch: $CURRENT_BRANCH" + + if [[ "$CURRENT_BRANCH" == "main" ]]; then + echo "On main branch - creating PR instead of direct commit" + + # Create a new branch for the update + BRANCH_NAME="update-readme-urls-$(date +%Y%m%d-%H%M%S)" + git checkout -b "$BRANCH_NAME" + + # Configure git and commit changes + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + git add README.md + git commit -m "Update deployment URLs + + - Updated S3 URLs in README.md + - Deploy script URL: https://${{ secrets.S3_BUCKET_NAME }}.s3.amazonaws.com/scripts/deploy.sh" + + # Push the new branch + git push origin "$BRANCH_NAME" + + # Create PR using GitHub CLI + gh pr create \ + --title "Update deployment URLs in README" \ + --body "🤖 **Automated update from deployment workflow** + + This PR updates the deployment URLs in README.md with the current S3 bucket URLs. + + **Changes:** + - Updated deploy script URL to: https://${{ secrets.S3_BUCKET_NAME }}.s3.amazonaws.com/scripts/deploy.sh + + **Generated by:** ${{ github.workflow }} workflow + **Commit:** ${{ github.sha }}" \ + --head "$BRANCH_NAME" \ + --base "main" + + echo "✅ PR created successfully!" + else + echo "Not on main branch - committing directly" + git config --local user.email "action@github.com" + git config --local user.name "GitHub Action" + git add README.md + git commit -m "Update deployment URLs [skip ci]" + git push + fi + fi + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file