posts: update FreeBSD VNET jail post #65
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Deploy | |
| on: | |
| push: | |
| branches: [main] | |
| pull_request: | |
| branches: [main] | |
| # INFO: The following configuration block ensures that only one build runs per branch, | |
| # which may be desirable for projects with a costly build process. | |
| # Remove this block from the CI workflow to let each CI job run to completion. | |
| concurrency: | |
| group: build-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install \ | |
| texlive \ | |
| texlive-latex-extra \ | |
| texlive-luatex \ | |
| imagemagick \ | |
| ghostscript | |
| echo <<EOF | sudo tee /etc/ImageMagick-6/policy.xml | |
| <?xml version="1.0" encoding="UTF-8"?> | |
| <!DOCTYPE policymap [ | |
| <!ELEMENT policymap (policy)*> | |
| <!ATTLIST policymap xmlns CDATA #FIXED ''> | |
| <!ELEMENT policy EMPTY> | |
| <!ATTLIST policy xmlns CDATA #FIXED '' domain NMTOKEN #REQUIRED | |
| name NMTOKEN #IMPLIED pattern CDATA #IMPLIED rights NMTOKEN #IMPLIED | |
| stealth NMTOKEN #IMPLIED value CDATA #IMPLIED> | |
| ]> | |
| <policymap> | |
| <policy domain="Undefined" rights="none"/> | |
| </policymap> | |
| EOF | |
| - uses: haskell-actions/setup@v2 | |
| id: setup | |
| with: | |
| ghc-version: 9.6 | |
| # Defaults, added for clarity: | |
| cabal-version: 'latest' | |
| cabal-update: true | |
| - name: Configure the build | |
| run: | | |
| cabal configure --enable-tests --enable-benchmarks --disable-documentation | |
| cabal build all --dry-run | |
| # generates dist-newstyle/cache/plan.json for the cache key. | |
| - name: Restore cached dependencies | |
| uses: actions/cache/restore@v4 | |
| id: cache | |
| env: | |
| key: ${{ runner.os }}-ghc-${{ steps.setup.outputs.ghc-version }}-cabal-${{ steps.setup.outputs.cabal-version }} | |
| with: | |
| path: ${{ steps.setup.outputs.cabal-store }} | |
| key: ${{ env.key }}-plan-${{ hashFiles('**/plan.json') }} | |
| restore-keys: ${{ env.key }}- | |
| - name: Install dependencies | |
| # If we had an exact cache hit, the dependencies will be up to date. | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| run: cabal build all --only-dependencies | |
| # Cache dependencies already here, so that we do not have to rebuild them should the subsequent steps fail. | |
| - name: Save cached dependencies | |
| uses: actions/cache/save@v4 | |
| # If we had an exact cache hit, trying to save the cache would error because of key clash. | |
| if: steps.cache.outputs.cache-hit != 'true' | |
| with: | |
| path: ${{ steps.setup.outputs.cabal-store }} | |
| key: ${{ steps.cache.outputs.cache-primary-key }} | |
| - name: Build website | |
| run: | | |
| cabal build all | |
| cabal exec site build | |
| - name: Tar files | |
| run: tar -cJvf bundle.tar.xz -C _site . | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: bundle | |
| path: ./bundle.tar.xz | |
| deploy: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| env: | |
| VPS_IP: ${{ secrets.VPS_IP }} | |
| VPS_USERNAME: ${{ secrets.VPS_USERNAME }} | |
| VPS_KEY: ${{ secrets.VPS_KEY }} | |
| VPS_PORT: ${{ secrets.VPS_PORT}} | |
| VPS_WWW_DIR: ${{ secrets.VPS_WWW_DIR }} | |
| steps: | |
| - name: Download build | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: bundle | |
| - name: Copy files via SCP | |
| uses: appleboy/scp-action@master | |
| with: | |
| host: ${{ env.VPS_IP }} | |
| username: ${{ env.VPS_USERNAME }} | |
| key: ${{ env.VPS_KEY }} | |
| password: "" | |
| passphrase: "" | |
| port: ${{ env.VPS_PORT }} | |
| source: ./bundle.tar.xz | |
| target: "/home/${{ env.VPS_USERNAME }}" | |
| - name: Deploy to VPS | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ env.VPS_IP }} | |
| username: ${{ env.VPS_USERNAME }} | |
| key: ${{ env.VPS_KEY }} | |
| password: "" | |
| passphrase: "" | |
| port: ${{ env.VPS_PORT }} | |
| script: | | |
| cd /home/${{ env.VPS_USERNAME }} | |
| dir=$(mktemp -d /tmp/${{ env.VPS_USERNAME }}.XXXXXX) | |
| trap 'sudo rm -rf $dir' EXIT | |
| tar -xJf bundle.tar.xz -C $dir | |
| sudo chown -R www:www $dir | |
| # do not preserve time | |
| sudo rsync --checksum --delete -rlpgoDvh $dir/ ${{ env.VPS_WWW_DIR }}/ | |
| rm bundle.tar.xz |