fly.io Deploy #40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Follow-up of fly-build, with access to secrets for making deployments. | |
# This workflow runs in the target repo context. It does not, and should never execute user-supplied code. | |
# See https://securitylab.github.com/research/github-actions-preventing-pwn-requests/ | |
name: fly.io Deploy | |
on: | |
workflow_run: | |
workflows: ["fly.io Build"] | |
types: | |
- completed | |
jobs: | |
deploy: | |
name: Deploy app to fly.io | |
runs-on: ubuntu-latest | |
if: | | |
github.event.workflow_run.event == 'pull_request' && | |
github.event.workflow_run.conclusion == 'success' | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up flyctl | |
uses: superfly/flyctl-actions/setup-flyctl@master | |
with: | |
version: 0.2.72 | |
- name: Download artifacts | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
var artifacts = await github.rest.actions.listWorkflowRunArtifacts({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
run_id: ${{ github.event.workflow_run.id }}, | |
}); | |
var matchArtifact = artifacts.data.artifacts.filter((artifact) => { | |
return artifact.name == "docker-image" | |
})[0]; | |
var download = await github.rest.actions.downloadArtifact({ | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
artifact_id: matchArtifact.id, | |
archive_format: 'zip', | |
}); | |
var fs = require('fs'); | |
fs.writeFileSync('${{github.workspace}}/docker-image.zip', Buffer.from(download.data)); | |
- name: Extract artifacts | |
id: extract_artifacts | |
run: | | |
unzip docker-image.zip | |
cat ./pr-info.txt >> $GITHUB_OUTPUT | |
- name: Load Docker image | |
run: docker load --input grist-core.tar | |
- name: Deploy to fly.io | |
id: fly_deploy | |
env: | |
FLY_API_TOKEN: ${{ secrets.FLY_API_TOKEN }} | |
BRANCH_NAME: ${{ steps.extract_artifacts.outputs.PR_SOURCE }} | |
run: | | |
node buildtools/fly-deploy.js deploy | |
flyctl config -c ./fly.toml env | awk '/APP_HOME_URL/{print "DEPLOY_URL=" $2}' >> $GITHUB_OUTPUT | |
flyctl config -c ./fly.toml env | awk '/FLY_DEPLOY_EXPIRATION/{print "EXPIRES=" $2}' >> $GITHUB_OUTPUT | |
- name: Comment on PR | |
uses: actions/github-script@v7 | |
with: | |
script: | | |
github.rest.issues.createComment({ | |
issue_number: ${{ steps.extract_artifacts.outputs.PR_NUMBER }}, | |
owner: context.repo.owner, | |
repo: context.repo.repo, | |
body: `Deployed commit \`${{ steps.extract_artifacts.outputs.PR_SHASUM }}\` as ${{ steps.fly_deploy.outputs.DEPLOY_URL }} (until ${{ steps.fly_deploy.outputs.EXPIRES }})` | |
}) |