THE PRIVATE KEEEEEEEYYY

- Update .vars to properly export deployment configuration variables
- Modify deploy.sh to conditionally source .vars only in interactive mode
- Remove include directive from makefile to prevent automatic variable loading
- Enhance deployment script reliability by ensuring proper environment setup

.gitea/workflows/deploy.yaml

@@ -1,11 +1,13 @@
 ---
 name: Deploy website on production server when committing on main
-concurrency: 1
+concurrency:
+  group: deploy-website
+  cancel-in-progress: false
 
 on:
   push:
-    branches:
+    tags:        
-      - main
+      - '*'
 
 defaults:
   run:
@@ -15,14 +17,25 @@ jobs:
   test:
     runs-on: ubuntu-latest
     steps:
-      - run: echo "${{ secrets.SSH_PRIVATE_KEY }}" > /private.key
-      - run: chmod 600 /private.key
-      - run: sudo apt install hugo
-      - uses: actions/checkout@v4
-      - run: APP_VERSION=latest make
       - run: |
-          SSH_PRIVATE_KEY=/private.key
+          export HUGO_VERSION=$(curl --silent -I https://github.com/gohugoio/hugo/releases/latest | grep location | sed 's|.*tag/||' | tr -d '\r')
-          SSH_USERNAME=${{ secrets.SSH_USERNAME }}
+          export HUGO_VERSION_SHORT=$(echo ${HUGO_VERSION} | sed 's/v//')
-          DEPLOYMENT_HOST=${{ secrets.DEPLOYMENT_HOST }}
+          wget https://github.com/gohugoio/hugo/releases/download/${HUGO_VERSION}/hugo_${HUGO_VERSION_SHORT}_linux-amd64.deb
-          DEPLOYMENT_PATH=${{ secrets.DEPLOYMENT_PATH }}
+          dpkg -i hugo_*.deb
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+      - run: |
+          mkdir -p ~/.ssh/
+          echo "$SSH_PRIVATE_KEY" > ~/.ssh/id_ed25519
+          chmod 600 ~/.ssh/id_ed25519
+          echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
+          make
           make deploy
+        env:
+          SSH_USERNAME: ${{ vars.SSH_USERNAME }}
+          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+          SSH_KNOWN_HOSTS: ${{ vars.SSH_KNOWN_HOSTS }}
+          DEPLOYMENT_HOST: ${{ vars.DEPLOYMENT_HOST }}
+          DEPLOYMENT_PATH: ${{ vars.DEPLOYMENT_PATH }}
+          APP_VERSION: ${{ env.GITEA_REF_NAME }}

deploy.sh

@@ -5,7 +5,6 @@ set -e
 # FLOW
 ###
 #
-# if the private key variable is set, prepend "-i" to it
 # if the username variable is set, append the at sign to it
 # if either the deployment host or deployment path variables are not set, return an error
 # tarball the built website and scp it to the deployment host
@@ -13,9 +12,8 @@ set -e
 # then remove everything in the data path, untar the tarball and reload the server
 # finally remove the tarball, both from the remote host and locally (cleanup)
 
-# Check if the private key variable is set
+if [ -t 0 ]; then # Interactive: prompt user
-if [ ! -z "${SSH_PRIVATE_KEY}" ]; then
+  source .vars
-    SSH_PRIVATE_KEY="-i ${SSH_PRIVATE_KEY}"
 fi
 
 # Check if the username variable is set
@@ -29,14 +27,16 @@ if [ -z "${DEPLOYMENT_HOST}" ] || [ -z "${DEPLOYMENT_PATH}" ]; then
     exit 1
 fi
 
+# Compress the built website and scp it to the remote host
 tar -czf httpdocs.tgz -C public .
-scp -o StrictHostKeyChecking=no ${SSH_PRIVATE_KEY} httpdocs.tgz ${SSH_USERNAME}${DEPLOYMENT_HOST}:/tmp/httpdocs.tgz
+scp httpdocs.tgz ${SSH_USERNAME}${DEPLOYMENT_HOST}:/tmp/httpdocs.tgz
-ssh -o StrictHostKeyChecking=no ${SSH_PRIVATE_KEY} ${SSH_USERNAME}${DEPLOYMENT_HOST} "DEPLOYMENT_PATH=$DEPLOYMENT_PATH bash" << 'EOF'
+
+# SSH to the remote host, cd to the deployment path, and deploy the website (delete and overwrite everything)
+ssh ${SSH_USERNAME}${DEPLOYMENT_HOST} "DEPLOYMENT_PATH=$DEPLOYMENT_PATH bash" << 'EOF'
   cd ${DEPLOYMENT_PATH}
   DATAPATH=$(cat .env | grep "NGINX_DATA" | sed "s/NGINX_DATA=//g")
   rm -rf ${DATAPATH}/{*,.*}
   tar xf /tmp/httpdocs.tgz -C ${DATAPATH}
-  docker compose restart
   rm -f /tmp/httpdocs.tgz
 EOF
 rm -f httpdocs.tgz

makefile

@@ -1,16 +1,15 @@
 #!make
-include .vars
 
 default: build
 
 prep:
-	git submodule foreach --recursive bash -c "git checkout $$(git remote show origin | grep HEAD | sed 's/.*\: //'); git pull"
+	git submodule foreach --recursive bash -c "git checkout \$$(git remote show origin | grep HEAD | sed 's/.*\: //'); git pull"
 
 build: prep
-	./version.sh
+	/usr/bin/env bash version.sh
 
 deploy:
-	./deploy.sh
+	/usr/bin/env bash deploy.sh
 
 run: prep
 	hugo server

version.sh

@@ -3,6 +3,7 @@ set -e
 
 # Check if version is already provided
 if [ -z "${APP_VERSION}" ]; then
+  if [ -t 0 ]; then # Interactive: prompt user
     # Get version from user
     read -p "Version [latest]: " VERSIONINPUT
     # If version was not provided, use the latest commit short hash as version
@@ -11,6 +12,9 @@ if [ -z "${APP_VERSION}" ]; then
     else
       APP_VERSION=${VERSIONINPUT}
     fi
+  else # Non-interactive (CI): default to "latest"
+    APP_VERSION="latest"
+  fi
 fi
 
 # Get project commit id and URL