mirror of
https://github.com/ae-utbm/sith.git
synced 2024-11-18 12:13:24 +00:00
d8867fc9ea
Résoud le soucis lié à dependabot. Le problème venait du fait que l'on faisait un poetry update et non un poetry Install. Un update écrit dans poetry.lock, alors qu'un Install lit ce fichier. C'est là toute la différence. Cette PR change donc les workflows. Laisser ce bot apporte beaucoup de sécurité, vu qu'il nous prévient des changement, et aussi des vulnérabilités au niveau des dépendances.
65 lines
1.7 KiB
YAML
65 lines
1.7 KiB
YAML
name: Deploy to production
|
|
concurrency: production
|
|
|
|
on:
|
|
push:
|
|
branches: [master]
|
|
workflow_dispatch:
|
|
|
|
jobs:
|
|
deployment:
|
|
runs-on: ubuntu-latest
|
|
environment: production
|
|
timeout-minutes: 30
|
|
|
|
steps:
|
|
- name: SSH Remote Commands
|
|
uses: appleboy/ssh-action@dce9d565de8d876c11d93fa4fe677c0285a66d78
|
|
with:
|
|
# Proxy
|
|
proxy_host : ${{secrets.PROXY_HOST}}
|
|
proxy_port : ${{secrets.PROXY_PORT}}
|
|
proxy_username : ${{secrets.PROXY_USER}}
|
|
proxy_passphrase: ${{secrets.PROXY_PASSPHRASE}}
|
|
proxy_key: ${{secrets.PROXY_KEY}}
|
|
|
|
# Serveur web
|
|
host: ${{secrets.HOST}}
|
|
port : ${{secrets.PORT}}
|
|
username : ${{secrets.USER}}
|
|
key: ${{secrets.KEY}}
|
|
|
|
script_stop: true
|
|
|
|
# See https://github.com/ae-utbm/sith3/wiki/GitHub-Actions#deployment-action
|
|
script: |
|
|
export PATH="$HOME/.poetry/bin:$PATH"
|
|
pushd ${{secrets.SITH_PATH}}
|
|
|
|
git pull
|
|
poetry install
|
|
poetry run ./manage.py migrate
|
|
echo "yes" | poetry run ./manage.py collectstatic
|
|
poetry run ./manage.py compilestatic
|
|
poetry run ./manage.py compilemessages
|
|
|
|
sudo systemctl restart uwsgi
|
|
|
|
sentry:
|
|
runs-on: ubuntu-latest
|
|
environment: production
|
|
timeout-minutes: 30
|
|
needs: deployment
|
|
steps:
|
|
- uses: actions/checkout@v3
|
|
|
|
- name: Sentry Release
|
|
uses: getsentry/action-release@v1.2.0
|
|
env:
|
|
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
|
|
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
|
|
SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
|
|
SENTRY_URL: ${{ secrets.SENTRY_URL }}
|
|
with:
|
|
environment: production
|