58 lines
1.8 KiB
YAML
58 lines
1.8 KiB
YAML
name: Deploy Hugo site
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
|
|
jobs:
|
|
deploy:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Install Hugo
|
|
run: |
|
|
set -eu
|
|
HUGO_VERSION="0.145.0"
|
|
install -d "$HOME/.local/bin"
|
|
wget -q "https://github.com/gohugoio/hugo/releases/download/v${HUGO_VERSION}/hugo_extended_${HUGO_VERSION}_linux-amd64.tar.gz"
|
|
tar -xzf "hugo_extended_${HUGO_VERSION}_linux-amd64.tar.gz"
|
|
mv hugo "$HOME/.local/bin/hugo"
|
|
export PATH="$HOME/.local/bin:$PATH"
|
|
hugo version
|
|
|
|
- name: Build site
|
|
run: |
|
|
export PATH="$HOME/.local/bin:$PATH"
|
|
hugo --minify
|
|
|
|
- name: Deploy locally to Nginx root
|
|
run: |
|
|
set -eu
|
|
DEPLOY_TARGET="/deploy/portfolio"
|
|
|
|
# Defense in depth: only deploy from the expected repo/branch.
|
|
[ "${GITHUB_REPOSITORY:-}" = "ludovic/portfolio-website" ] || {
|
|
echo "Refusing deploy: unexpected repository '${GITHUB_REPOSITORY:-}'"
|
|
exit 1
|
|
}
|
|
[ "${GITHUB_REF:-}" = "refs/heads/main" ] || {
|
|
echo "Refusing deploy: unexpected ref '${GITHUB_REF:-}'"
|
|
exit 1
|
|
}
|
|
|
|
if [ ! -d "$DEPLOY_TARGET" ]; then
|
|
echo "Deploy target '$DEPLOY_TARGET' does not exist in runner container."
|
|
echo "Bind-mount host '/var/www/portfolio' to '$DEPLOY_TARGET' in the Gitea runner container."
|
|
ls -la /deploy || true
|
|
exit 1
|
|
fi
|
|
|
|
if [ ! -w "$DEPLOY_TARGET" ]; then
|
|
echo "Deploy target '$DEPLOY_TARGET' is not writable by runner user."
|
|
ls -ld "$DEPLOY_TARGET" || true
|
|
exit 1
|
|
fi
|
|
|
|
rsync -az --delete public/ "$DEPLOY_TARGET/" |