webaxones · May 3, 2025 05:59 · madrzejewski · May 2, 2025
diff --git a/deploy.yml b/deploy.yml
 # This GitHub workflow will build a WordPress Bedrock site and deploy it to a shared server (french one: O2Switch, but URLs can be adapted) using SSH
 # Actions secrets are used to store sensitive information:
 # - SSH_PRIVATE_KEY: The private key used to authenticate with the remote server
 # - REMOTE_HOST: The hostname of the remote server
 # - REMOTE_USER: The username used to authenticate with the remote server
 # - REMOTE_PROD_TARGET: The path on the remote server where the site will be deployed to
 # - REMOTE_PREPROD_TARGET: The path on the remote server where the site will be deployed to
 # - URL_ENCODED_PASSWORD: The password used to authenticate with the remote server, URL encoded (e.g. using https://www.urlencoder.org/)
 # Workflow triggers on pushes to the develop and master branches:
 # - On the develop branch, the site is deployed to the preprod target
 # - On the master branch, the site is deployed to the prod target
 name: Build and Deploy
 on:
  push:
    branches: [ develop, master ]
 jobs:
  build-deploy:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4

      # Install composer dependencies
      - id: build-php
        name: "Install dependencies"
        uses: shivammathur/setup-php@v2
        with:
          php-version: 8.0
      - run: composer install --prefer-dist --no-dev -o

      # Get the public IP of the runner
      - name: Public IP
        id: ip
        uses: haythem/[email protected]

        # Whitelist the public IP of the runner on the remote server by adding it to the SSH whitelist and wait 65 seconds for the IP to be whitelisted
      - shell: bash
        run: |
          curl -sX GET 'https://${{ secrets.REMOTE_USER }}:${{ secrets.URL_ENCODED_PASSWORD }}@${{ secrets.REMOTE_HOST }}:2083/frontend/o2switch/o2switch-ssh-whitelist/index.live.php' | fgrep 'index.live.php' | fgrep 'index.live.php?r=remove&address=' | cut -d '"' -f 2 | while read ipToRemove
          do 
            curl -sX GET 'https://${{ secrets.REMOTE_USER }}:${{ secrets.URL_ENCODED_PASSWORD }}@${{ secrets.REMOTE_HOST }}:2083/frontend/o2switch/o2switch-ssh-whitelist/'$ipToRemove > /dev/null 2>&1
          done
          curl -X POST \
            -d 'whitelist[address]=${{ steps.ip.outputs.ipv4 }}' \
            -d 'whitelist[port]=22' \
            'https://${{ secrets.REMOTE_USER }}:${{ secrets.URL_ENCODED_PASSWORD }}@${{ secrets.REMOTE_HOST }}:2083/frontend/o2switch/o2switch-ssh-whitelist/index.live.php?r=add'  > /dev/null 2>&1

          curl -sX GET 'https://${{ secrets.REMOTE_USER }}:${{ secrets.URL_ENCODED_PASSWORD }}@${{ secrets.REMOTE_HOST }}:2083/frontend/o2switch/o2switch-ssh-whitelist/index.live.php' | fgrep -q '${{ steps.ip.outputs.ipv4 }}' && echo "IP whitelisted"
          sleep 65

      # Deploy the develop branch to the preprod target
      - name: 'Deploy on develop branch'
        if: ${{ github.ref == 'refs/heads/develop' }}
        uses: easingthemes/ssh-deploy@main
        with:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
          ARGS: "-rlgoDzvc -i --delete-after"
          SOURCE: "./"
          REMOTE_HOST: ${{ secrets.REMOTE_HOST }}
          REMOTE_USER: ${{ secrets.REMOTE_USER }}
          TARGET: ${{ secrets.REMOTE_PREPROD_TARGET }}
          EXCLUDE: "/dist/, /node_modules/, ./auth.json"
          SCRIPT_BEFORE: |
            whoami
            ls -al
          SCRIPT_AFTER: |
            whoami
            ls -al
            echo $RSYNC_STDOUT

      # Deploy the master branch to the production target
      - name: 'Deploy on master branch'
        if: ${{ github.ref == 'refs/heads/master' }}
        uses: easingthemes/ssh-deploy@main
        with:
          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
          ARGS: "-rlgoDzvc -i --delete-after"
          SOURCE: "./"
          REMOTE_HOST: ${{ secrets.REMOTE_HOST }}
          REMOTE_USER: ${{ secrets.REMOTE_USER }}
          TARGET: ${{ secrets.REMOTE_PROD_TARGET }}
          EXCLUDE: "/dist/, /node_modules/, ./auth.json"
          SCRIPT_BEFORE: |
            whoami
            ls -al
          SCRIPT_AFTER: |
            whoami
            ls -al
            echo $RSYNC_STDOUT
	# This GitHub workflow will build a WordPress Bedrock site and deploy it to a shared server (french one: O2Switch, but URLs can be adapted) using SSH
	# Actions secrets are used to store sensitive information:
	# - SSH_PRIVATE_KEY: The private key used to authenticate with the remote server
	# - REMOTE_HOST: The hostname of the remote server
	# - REMOTE_USER: The username used to authenticate with the remote server
	# - REMOTE_PROD_TARGET: The path on the remote server where the site will be deployed to
	# - REMOTE_PREPROD_TARGET: The path on the remote server where the site will be deployed to
	# - URL_ENCODED_PASSWORD: The password used to authenticate with the remote server, URL encoded (e.g. using https://www.urlencoder.org/)
	# Workflow triggers on pushes to the develop and master branches:
	# - On the develop branch, the site is deployed to the preprod target
	# - On the master branch, the site is deployed to the prod target
	name: Build and Deploy
	on:
	push:
	branches: [ develop, master ]
	jobs:
	build-deploy:
	runs-on: ubuntu-latest
	steps:
	- uses: actions/checkout@v4

	# Install composer dependencies
	- id: build-php
	name: "Install dependencies"
	uses: shivammathur/setup-php@v2
	with:
	php-version: 8.0
	- run: composer install --prefer-dist --no-dev -o

	# Get the public IP of the runner
	- name: Public IP
	id: ip
	uses: haythem/[email protected]

	# Whitelist the public IP of the runner on the remote server by adding it to the SSH whitelist and wait 65 seconds for the IP to be whitelisted
	- shell: bash
	run: \|
	curl -sX GET 'https://${{ secrets.REMOTE_USER }}:${{ secrets.URL_ENCODED_PASSWORD }}@${{ secrets.REMOTE_HOST }}:2083/frontend/o2switch/o2switch-ssh-whitelist/index.live.php' \| fgrep 'index.live.php' \| fgrep 'index.live.php?r=remove&address=' \| cut -d '"' -f 2 \| while read ipToRemove
	do
	curl -sX GET 'https://${{ secrets.REMOTE_USER }}:${{ secrets.URL_ENCODED_PASSWORD }}@${{ secrets.REMOTE_HOST }}:2083/frontend/o2switch/o2switch-ssh-whitelist/'$ipToRemove > /dev/null 2>&1
	done
	curl -X POST \
	-d 'whitelist[address]=${{ steps.ip.outputs.ipv4 }}' \
	-d 'whitelist[port]=22' \
	'https://${{ secrets.REMOTE_USER }}:${{ secrets.URL_ENCODED_PASSWORD }}@${{ secrets.REMOTE_HOST }}:2083/frontend/o2switch/o2switch-ssh-whitelist/index.live.php?r=add' > /dev/null 2>&1

	curl -sX GET 'https://${{ secrets.REMOTE_USER }}:${{ secrets.URL_ENCODED_PASSWORD }}@${{ secrets.REMOTE_HOST }}:2083/frontend/o2switch/o2switch-ssh-whitelist/index.live.php' \| fgrep -q '${{ steps.ip.outputs.ipv4 }}' && echo "IP whitelisted"
	sleep 65

	# Deploy the develop branch to the preprod target
	- name: 'Deploy on develop branch'
	if: ${{ github.ref == 'refs/heads/develop' }}
	uses: easingthemes/ssh-deploy@main
	with:
	SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
	ARGS: "-rlgoDzvc -i --delete-after"
	SOURCE: "./"
	REMOTE_HOST: ${{ secrets.REMOTE_HOST }}
	REMOTE_USER: ${{ secrets.REMOTE_USER }}
	TARGET: ${{ secrets.REMOTE_PREPROD_TARGET }}
	EXCLUDE: "/dist/, /node_modules/, ./auth.json"
	SCRIPT_BEFORE: \|
	whoami
	ls -al
	SCRIPT_AFTER: \|
	whoami
	ls -al
	echo $RSYNC_STDOUT

	# Deploy the master branch to the production target
	- name: 'Deploy on master branch'
	if: ${{ github.ref == 'refs/heads/master' }}
	uses: easingthemes/ssh-deploy@main
	with:
	SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
	ARGS: "-rlgoDzvc -i --delete-after"
	SOURCE: "./"
	REMOTE_HOST: ${{ secrets.REMOTE_HOST }}
	REMOTE_USER: ${{ secrets.REMOTE_USER }}
	TARGET: ${{ secrets.REMOTE_PROD_TARGET }}
	EXCLUDE: "/dist/, /node_modules/, ./auth.json"
	SCRIPT_BEFORE: \|
	whoami
	ls -al
	SCRIPT_AFTER: \|
	whoami
	ls -al
	echo $RSYNC_STDOUT