name: Deploy on: push: branches: [main] jobs: deploy: runs-on: vps-host steps: - uses: actions/checkout@v4.2.2 - name: Supply chain checks (production dependencies) run: | set -euo pipefail cd api npm ci npm audit --omit=dev --audit-level=high cd ../web npm ci npm audit --omit=dev --audit-level=high - name: Build Web run: | cd web npm run build - name: Deploy with Docker Compose run: | set -euo pipefail # Deploy directory APP_DIR=/opt/skymoney mkdir -p $APP_DIR # Sync repo to server (excluding node_modules, dist, etc) rsync -a --delete \ --exclude=node_modules \ --exclude=dist \ --exclude=.git \ --exclude=.gitea \ --exclude=backups \ --exclude=forensics \ --exclude=exporting \ ./ $APP_DIR/ # Copy built web to shared volume mkdir -p /var/www/skymoney/dist cp -r web/dist/* /var/www/skymoney/dist/ cd $APP_DIR # Validate migration target before touching containers export EXPECTED_PROD_DB_HOST="${EXPECTED_PROD_DB_HOST:-postgres}" export EXPECTED_PROD_DB_NAME="${EXPECTED_PROD_DB_NAME:-skymoney}" chmod +x ./scripts/validate-prod-db-target.sh ./scripts/backup.sh bash ./scripts/validate-prod-db-target.sh # Build and start all services sudo docker-compose -p skymoney up -d --build # Wait for database to be ready sleep 10 # Mandatory pre-migration backup export EXPECTED_BACKUP_DB_HOST="${EXPECTED_BACKUP_DB_HOST:-127.0.0.1}" export EXPECTED_BACKUP_DB_NAME="${EXPECTED_BACKUP_DB_NAME:-skymoney}" BACKUP_ENFORCE_TARGET_CHECK=1 \ EXPECTED_BACKUP_DB_HOST="$EXPECTED_BACKUP_DB_HOST" \ EXPECTED_BACKUP_DB_NAME="$EXPECTED_BACKUP_DB_NAME" \ BACKUP_DIR=/opt/skymoney/backups \ bash ./scripts/backup.sh # Run Prisma migrations inside the API container sudo docker-compose -p skymoney exec -T api npx prisma migrate deploy - name: Reload Nginx run: sudo systemctl reload nginx