-
Notifications
You must be signed in to change notification settings - Fork 0
142 lines (127 loc) · 4.55 KB
/
build-and-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
name: Build and Deploy
on:
push:
branches: [main]
pull_request:
branches: [main]
# INFO: The following configuration block ensures that only one build runs per branch,
# which may be desirable for projects with a costly build process.
# Remove this block from the CI workflow to let each CI job run to completion.
concurrency:
group: build-${{ github.ref }}
cancel-in-progress: true
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install \
texlive \
texlive-latex-extra \
texlive-luatex \
imagemagick \
ghostscript
echo <<EOF | sudo tee /etc/ImageMagick-6/policy.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE policymap [
<!ELEMENT policymap (policy)*>
<!ATTLIST policymap xmlns CDATA #FIXED ''>
<!ELEMENT policy EMPTY>
<!ATTLIST policy xmlns CDATA #FIXED '' domain NMTOKEN #REQUIRED
name NMTOKEN #IMPLIED pattern CDATA #IMPLIED rights NMTOKEN #IMPLIED
stealth NMTOKEN #IMPLIED value CDATA #IMPLIED>
]>
<policymap>
<policy domain="Undefined" rights="none"/>
</policymap>
EOF
- uses: haskell-actions/setup@v2
id: setup
with:
ghc-version: 9.6
# Defaults, added for clarity:
cabal-version: 'latest'
cabal-update: true
- name: Configure the build
run: |
cabal configure --enable-tests --enable-benchmarks --disable-documentation
cabal build all --dry-run
# generates dist-newstyle/cache/plan.json for the cache key.
- name: Restore cached dependencies
uses: actions/cache/restore@v4
id: cache
env:
key: ${{ runner.os }}-ghc-${{ steps.setup.outputs.ghc-version }}-cabal-${{ steps.setup.outputs.cabal-version }}
with:
path: ${{ steps.setup.outputs.cabal-store }}
key: ${{ env.key }}-plan-${{ hashFiles('**/plan.json') }}
restore-keys: ${{ env.key }}-
- name: Install dependencies
# If we had an exact cache hit, the dependencies will be up to date.
if: steps.cache.outputs.cache-hit != 'true'
run: cabal build all --only-dependencies
# Cache dependencies already here, so that we do not have to rebuild them should the subsequent steps fail.
- name: Save cached dependencies
uses: actions/cache/save@v4
# If we had an exact cache hit, trying to save the cache would error because of key clash.
if: steps.cache.outputs.cache-hit != 'true'
with:
path: ${{ steps.setup.outputs.cabal-store }}
key: ${{ steps.cache.outputs.cache-primary-key }}
- name: Build website
run: |
cabal build all
cabal exec site build
- name: Tar files
run: tar -cJvf bundle.tar.xz -C _site .
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: bundle
path: ./bundle.tar.xz
deploy:
needs: build
runs-on: ubuntu-latest
env:
VPS_IP: ${{ secrets.VPS_IP }}
VPS_USERNAME: ${{ secrets.VPS_USERNAME }}
VPS_KEY: ${{ secrets.VPS_KEY }}
VPS_PORT: ${{ secrets.VPS_PORT}}
VPS_WWW_DIR: ${{ secrets.VPS_WWW_DIR }}
steps:
- name: Download build
uses: actions/download-artifact@v4
with:
name: bundle
- name: Copy files via SCP
uses: appleboy/scp-action@master
with:
host: ${{ env.VPS_IP }}
username: ${{ env.VPS_USERNAME }}
key: ${{ env.VPS_KEY }}
password: ""
passphrase: ""
port: ${{ env.VPS_PORT }}
source: ./bundle.tar.xz
target: "/home/${{ env.VPS_USERNAME }}"
- name: Deploy to VPS
uses: appleboy/[email protected]
with:
host: ${{ env.VPS_IP }}
username: ${{ env.VPS_USERNAME }}
key: ${{ env.VPS_KEY }}
password: ""
passphrase: ""
port: ${{ env.VPS_PORT }}
script: |
cd /home/${{ env.VPS_USERNAME }}
dir=$(mktemp -d /tmp/${{ env.VPS_USERNAME }}.XXXXXX)
trap 'sudo rm -rf $dir' EXIT
tar -xJf bundle.tar.xz -C $dir
sudo chown -R www:www $dir
# do not preserve time
sudo rsync --checksum --delete -rlpgoDvh $dir/ ${{ env.VPS_WWW_DIR }}/
rm bundle.tar.xz