secondlayer/.github/workflows/deploy.yml at main · ryanwaits/secondlayer · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
name: Deploy

# Required secrets:
#   DEPLOY_HOST      — Hetzner server IP
#   DEPLOY_SSH_KEY   — SSH private key (ed25519)
#   SLACK_WEBHOOK_URL — Slack incoming webhook for deploy notifications
#
# One-time setup:
#   1. ssh-keygen -t ed25519 -f deploy_key -C "github-deploy"
#   2. ssh-copy-id -i deploy_key.pub root@<server-ip>
#   3. Add secrets in GitHub repo → Settings → Secrets

on:
  push:
    branches: [main]
    paths-ignore:
      - "*.md"
      - "docs/**"
      - "packages/docs/**"
      - "packages/clarity-docs/**"
      - "plans/**"
      - "LICENSE"
  workflow_dispatch:

concurrency:
  group: deploy
  cancel-in-progress: false

jobs:
  typecheck:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - uses: oven-sh/setup-bun@v2
        with:
          bun-version: "1.3.10"
      - run: bun install --frozen-lockfile
      - run: bun run build
      - run: bun run typecheck

  deploy:
    needs: typecheck
    runs-on: ubuntu-latest
    steps:
      - uses: appleboy/ssh-action@0ff4204d59e8e51228ff73bce53f80d53301dee2
        with:
          host: ${{ secrets.DEPLOY_HOST }}
          username: root
          key: ${{ secrets.DEPLOY_SSH_KEY }}
          script: export PATH="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:$HOME/.bun/bin" && bash /opt/secondlayer/docker/scripts/deploy.sh
          command_timeout: 5m

  notify:
    needs: [typecheck, deploy]
    if: always()
    runs-on: ubuntu-latest
    steps:
      - name: Slack notification
        uses: slackapi/slack-github-action@91efab103c0de0a537f72a35f6b8cda0ee76bf0a
        with:
          webhook: ${{ secrets.SLACK_WEBHOOK_URL }}
          webhook-type: incoming-webhook
          payload: |
            {
              "text": "${{ needs.deploy.result == 'success' && '✅' || '❌' }} Deploy ${{ needs.deploy.result }}: ${{ github.event.head_commit.message }}",
              "blocks": [
                {
                  "type": "section",
                  "text": {
                    "type": "mrkdwn",
                    "text": "${{ needs.deploy.result == 'success' && ':white_check_mark:' || ':x:' }} *Deploy ${{ needs.deploy.result }}*\n<${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}|View run> · `${{ github.sha }}`\n${{ github.event.head_commit.message }}"
                  }
                }
              ]
            }