-
Notifications
You must be signed in to change notification settings - Fork 9
Expand file tree
/
Copy pathdeploy.sh
More file actions
executable file
·80 lines (62 loc) · 2.41 KB
/
deploy.sh
File metadata and controls
executable file
·80 lines (62 loc) · 2.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
#!/usr/bin/env bash
export PATH="$PATH:$COMPOSER_HOME/vendor/bin"
export PROJECT_ROOT="$(pwd)"
export HTDOCS="$HOME/htdocs"
export GITHUB_BRANCH=${GITHUB_REF##*heads/}
export CI_SCRIPT_OPTIONS="ci_script_options"
# Setup hosts file
hosts_file="$GITHUB_WORKSPACE/.github/hosts.yml"
rsync -av "$hosts_file" /hosts.yml
cat /hosts.yml
# Setup custom deploy.php if found
custom_deploy_php="$GITHUB_WORKSPACE/.github/deploy.php"
if [ -f "$custom_deploy_php" ]; then
rsync -av "$custom_deploy_php" /deploy.php
fi
# get hostname
hostname=$(cat "$hosts_file" | shyaml get-value "$GITHUB_BRANCH.hostname")
printf "[\e[0;34mNOTICE\e[0m] Setting up SSH access to server.\n"
SSH_DIR="$HOME/.ssh"
mkdir -p "$SSH_DIR"
chmod 700 "$SSH_DIR"
# Generate a key-pair
ssh-keygen -t rsa -b 4096 -C "GH-actions-ssh-deploy-key" -f "$HOME/.ssh/id_rsa" -N ""
# Get signed key from vault
vault write -field=signed_key ssh-client-signer/sign/my-role public_key=@$HOME/.ssh/id_rsa.pub > $HOME/.ssh/signed-cert.pub
# Setup known_hosts
known_hosts_file="${SSH_DIR}/known_hosts"
known_host_data="@cert-authority ${hostname} "
host_signer=$(vault read -field=public_key ssh-host-signer/config/ca)
known_host_data="${known_host_data}${host_signer}"
echo "$known_host_data" >> "$known_hosts_file"
# Create ssh config file. `~/.ssh/config` does not work.
cat > /etc/ssh/ssh_config <<EOL
Host $hostname
HostName $hostname
IdentityFile ${HOME}/.ssh/signed-cert.pub
IdentityFile ${HOME}/.ssh/id_rsa
UserKnownHostsFile $known_hosts_file
User root
EOL
mkdir -p "$HTDOCS"
cd "$HTDOCS"
export build_root="$(pwd)"
WP_VERSION=$(cat "$hosts_file" | shyaml get-value "$CI_SCRIPT_OPTIONS.wp-version" | tr '[:upper:]' '[:lower:]')
wp core download --version="$WP_VERSION" --allow-root
rm -r wp-content/
rsync -av "$GITHUB_WORKSPACE/" "$HTDOCS/wp-content/" > /dev/null
# Symlink uploads directory
cd "$HTDOCS/wp-content/"
rm -rf uploads
ln -s ../../../uploads uploads
# Setup mu-plugins if VIP
VIP=$(cat "$hosts_file" | shyaml get-value "$CI_SCRIPT_OPTIONS.vip" | tr '[:upper:]' '[:lower:]')
if [ "$VIP" = "true" ]; then
MU_PLUGINS_URL=${MU_PLUGINS_URL:-"https://github.com/Automattic/vip-mu-plugins-public"}
MU_PLUGINS_DIR="$HTDOCS/wp-content/mu-plugins"
echo "Cloning mu-plugins from: $MU_PLUGINS_URL"
git clone -q --recursive --depth=1 "$MU_PLUGINS_URL" "$MU_PLUGINS_DIR"
fi
cd "$GITHUB_WORKSPACE"
dep deploy "$GITHUB_BRANCH"
printf "[\e[0;34mNOTICE\e[0m] Deploy successful.\n"