Deploy Laravel with Deployer in Github Actions

command.sh

# Create user deployer with root account
adduser deployer

# Append (-a) a secondary group (-G) "www-data" to user "deployer"
usermod -a -G www-data deployer

# See groups assigned to user "deployer"
groups deployer

# Add ACL permission in /var/www

# check setfacl exists
which setfacl

# If doesn't exist:
sudo apt-get install -y acl

# Inspect current ACL's
getfacl /var/www

# Set current and default ACL's for /var/www
sudo setfacl -Rm g:www-data:rwx,d:g:www-data:rwx /var/www

deploy.php

<?php

namespace Deployer;

// Include the Laravel & rsync recipes
require 'recipe/laravel.php';
require 'recipe/rsync.php';

set('application', 'dep-demo');
set('ssh_multiplexing', true); // Speed up deployment

set('rsync_src', function () {
    return __DIR__; // If your project isn't in the root, you'll need to change this.
});

// Configuring the rsync exclusions.
// You'll want to exclude anything that you don't want on the production server.
add('rsync', [
    'exclude' => [
        '.git',
        '/.env',
        '/vendor/',
        '/node_modules/',
        '.github',
        'deploy.php',
    ],
]);

// Set up a deployer task to copy secrets from directory env to /var/www/nama-laravel-project in server.
task('deploy:secrets', function () {
    run('cp $HOME/env/nama-laravel-project/production/.env {{deploy_path}}/shared');
});


// Hosts
host('production.app.com') // Name of the server
    ->hostname('123.456.781.901') // Hostname or IP address
    ->stage('production') // Deployment stage (production, staging, etc)
    ->user('deployer') // SSH user
    ->set('deploy_path', '/var/www/nama-laravel-project') // Deploy path
    ->set('http_user', 'www-data');

after('deploy:failed', 'deploy:unlock'); // Unlock after failed deploy

desc('Deploy the application');
task('deploy', [
    'deploy:info',
    'deploy:prepare',
    'deploy:lock',
    'deploy:release',
    'rsync', // Deploy code & built assets
    'deploy:secrets', // Deploy secrets
    'deploy:shared',
    'deploy:vendors',
    'deploy:writable',
    'artisan:storage:link', // |
    'artisan:view:cache',   // |
    'artisan:config:cache', // | Laravel specific steps
    'artisan:optimize',     // |
    'artisan:migrate',      // | Run artisan migrate if you need it, if not then just comment it!
    'deploy:symlink',
    'deploy:unlock',
    'cleanup',
]);

nginx.conf

server {
	listen 80;
  listen [::]:80;

  server_name example.com www.example.com;

  root /var/www/example.com/current/public;
  index index.php index.html;

  # serve static files directly
	location ~* \.(jpg|jpeg|gif|css|png|js|ico|html)$ {
		access_log off;
		expires max;
		log_not_found off;
	}

	# removes trailing slashes (prevents SEO duplicate content issues)
	if (!-d $request_filename)
	{
		rewrite ^/(.+)/$ /$1 permanent;
	}

	# enforce NO www
	if ($host ~* ^www\.(.*))
	{
		set $host_without_www $1;
		rewrite ^/(.*)$ $scheme://$host_without_www/$1 permanent;
	}

	# unless the request is for a valid file (image, js, css, etc.), send to bootstrap
	if (!-e $request_filename)
	{
		rewrite ^/(.*)$ /index.php?/$1 last;
		break;
	}

	location / {
		try_files $uri $uri/ /index.php?$query_string;
	}

	# pass the PHP scripts to FastCGI server listening on 127.0.0.1:9000
  location ~ \.php$ {
      include snippets/fastcgi-php.conf;
      # With php7.0-fpm:
      fastcgi_pass unix:/run/php/php7.4-fpm.sock;
      # Please read this link: 
      # https://github.com/lorisleiva/laravel-deployer/blob/919ea8386308d86837f434b69f40529854d15082/docs/troubleshooting.md#my-changes-dont-show-up-after-a-deployment
      # This link is the reason why I put the script below
      fastcgi_param SCRIPT_FILENAME $realpath_root$fastcgi_script_name;
      fastcgi_param DOCUMENT_ROOT $realpath_root;
  }

    location ~ /\.ht {
		deny all;
	}
}