name: Build & Deploy unom website run-name: ${{ gitea.actor }} is deploying unom/website on: push: branches: [main] workflow_dispatch: jobs: build: runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4.2.2 - name: Set up Docker Buildx env: BUILDER: builder-unom-website run: | cat > /tmp/buildkitd.toml <<'EOF' [registry."docker.io"] mirrors = ["192.168.1.52:5000"] [registry."192.168.1.52:5000"] http = true insecure = true EOF docker buildx rm "$BUILDER" 2>/dev/null || true docker buildx create --name "$BUILDER" --use --bootstrap \ --driver docker-container \ --config /tmp/buildkitd.toml - name: Log in to Gitea registry env: REGISTRY_USER: ${{ secrets.REGISTRY_USER }} REGISTRY_TOKEN: ${{ secrets.REGISTRY_TOKEN }} run: | printf '%s' "$REGISTRY_TOKEN" | docker login git.unom.io -u "$REGISTRY_USER" --password-stdin - name: Build & push env: BUILDER: builder-unom-website IMAGE: git.unom.io/${{ gitea.repository }} SHA: ${{ gitea.sha }} run: | docker buildx build \ --builder "$BUILDER" \ --push \ --file ./Dockerfile \ --tag "$IMAGE:latest" \ --tag "$IMAGE:$SHA" \ --cache-from "type=registry,ref=$IMAGE:cache" \ --cache-to "type=registry,ref=$IMAGE:cache,mode=min" \ . - name: Tear down builder if: always() env: BUILDER: builder-unom-website run: | docker buildx rm "$BUILDER" 2>/dev/null || true deploy: runs-on: ubuntu-24.04 needs: build steps: - name: Pull and start web uses: appleboy/ssh-action@v1.2.5 with: host: ${{ secrets.DEPLOY_HOST }} username: ${{ secrets.DEPLOY_USER }} port: ${{ secrets.DEPLOY_PORT }} key: ${{ secrets.DEPLOY_SSH_KEY }} script: | docker login git.unom.io -u ${{ secrets.REGISTRY_USER }} -p ${{ secrets.REGISTRY_TOKEN }} cd ~/unom-website git fetch origin main git reset --hard origin/main docker compose -f compose.production.yml pull web docker compose -f compose.production.yml up -d --no-build web