more action commands

Author: loftwah

.github/workflows/01.deploy_to_production.yml

@@ -0,0 +1,54 @@
+name: 01. Deploy to Production
+
+permissions:
+  id-token: write
+  contents: read
+  packages: write
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+  workflow_run:
+    workflows: ["CI"]
+    types:
+      - completed
+
+jobs:
+  deploy-production:
+    name: Deploy to production
+    if: github.event.workflow_run.conclusion == 'success' || github.event_name == 'workflow_dispatch'
+    concurrency:
+      group: production_environment
+      cancel-in-progress: true
+    runs-on: ubuntu-latest
+    environment:
+      name: production
+    timeout-minutes: 20
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          ref: ${{ github.event.workflow_run.head_branch }}
+
+      - uses: ./.github/workflows/setup
+        name: Setup
+        with:
+          ssh-private-key: ${{ secrets.DROPLET_SSH_PRIVATE_KEY }}
+
+      - name: Kamal Deploy
+        uses: ./.github/workflows/kamal-deploy
+        with:
+          kamal-host: ${{ secrets.KAMAL_HOST }}
+          kamal-registry-username: ${{ secrets.KAMAL_REGISTRY_USERNAME }}
+          kamal-registry-password: ${{ secrets.KAMAL_REGISTRY_PASSWORD }}
+          secret-key-base: ${{ secrets.SECRET_KEY_BASE }}
+          axiom-api-key: ${{ secrets.AXIOM_API_KEY }}
+          do-token: ${{ secrets.DO_TOKEN }}
+          spaces-region: ${{ secrets.SPACES_REGION }}
+          spaces-bucket-name: ${{ secrets.SPACES_BUCKET_NAME }}
+          spaces-bucket-content: ${{ secrets.SPACES_BUCKET_CONTENT }}
+          spaces-access-key-id: ${{ secrets.SPACES_ACCESS_KEY_ID }}
+          spaces-secret-access-key: ${{ secrets.SPACES_SECRET_ACCESS_KEY }}
+          rails-master-key: ${{ secrets.RAILS_MASTER_KEY }}
+          environment: production

.github/workflows/02.deploy_manually.yml

@@ -0,0 +1,53 @@
+name: 02. Deploy Manually
+
+permissions:
+  id-token: write
+  contents: read
+  packages: write
+
+on:
+  workflow_dispatch:
+    inputs:
+      environment:
+        description: 'Environment'
+        required: true
+        default: 'production'
+        type: choice
+        options:
+          - production
+
+jobs:
+  deploy-production:
+    name: Deploy to production
+    if: ${{ github.event.inputs.environment == 'production' }}
+    concurrency:
+      group: production_environment
+      cancel-in-progress: true
+    runs-on: ubuntu-latest
+    environment:
+      name: production
+    timeout-minutes: 20
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: ./.github/workflows/setup
+        name: Setup
+        with:
+          ssh-private-key: ${{ secrets.DROPLET_SSH_PRIVATE_KEY }}
+
+      - name: Kamal Deploy
+        uses: ./.github/workflows/kamal-deploy
+        with:
+          kamal-host: ${{ secrets.KAMAL_HOST }}
+          kamal-registry-username: ${{ secrets.KAMAL_REGISTRY_USERNAME }}
+          kamal-registry-password: ${{ secrets.KAMAL_REGISTRY_PASSWORD }}
+          secret-key-base: ${{ secrets.SECRET_KEY_BASE }}
+          axiom-api-key: ${{ secrets.AXIOM_API_KEY }}
+          do-token: ${{ secrets.DO_TOKEN }}
+          spaces-region: ${{ secrets.SPACES_REGION }}
+          spaces-bucket-name: ${{ secrets.SPACES_BUCKET_NAME }}
+          spaces-bucket-content: ${{ secrets.SPACES_BUCKET_CONTENT }}
+          spaces-access-key-id: ${{ secrets.SPACES_ACCESS_KEY_ID }}
+          spaces-secret-access-key: ${{ secrets.SPACES_SECRET_ACCESS_KEY }}
+          rails-master-key: ${{ secrets.RAILS_MASTER_KEY }}
+          environment: production

.github/workflows/03.kamal_run_command.yml

@@ -0,0 +1,59 @@
+name: 03. Kamal Run Command
+
+permissions:
+  id-token: write
+  contents: read
+  packages: write
+
+on:
+  workflow_dispatch:
+    inputs:
+      command:
+        description: 'Commands'
+        required: true
+        type: choice
+        options:
+          - proxy reboot --rolling -y
+          - upgrade --rolling -y
+      environment:
+        description: 'Environment'
+        required: true
+        type: choice
+        options:
+          - production
+
+jobs:
+  kamal_run_command:
+    name: Kamal run command
+    runs-on: ubuntu-latest
+    timeout-minutes: 20
+    concurrency:
+      group: ${{ github.event.inputs.environment }}_environment
+      cancel-in-progress: false
+    environment:
+      name: ${{ github.event.inputs.environment }}
+    steps:
+      - uses: actions/checkout@v4
+
+      - uses: ./.github/workflows/setup
+        name: Setup
+        with:
+          ssh-private-key: ${{ secrets.DROPLET_SSH_PRIVATE_KEY }}
+
+      - name: kamal ${{ github.event.inputs.command }} --destination=${{ github.event.inputs.environment }}
+        env:
+          KAMAL_HOST: ${{ secrets.KAMAL_HOST }}
+          KAMAL_REGISTRY_USERNAME: ${{ secrets.KAMAL_REGISTRY_USERNAME }}
+          KAMAL_REGISTRY_PASSWORD: ${{ secrets.KAMAL_REGISTRY_PASSWORD }}
+          SECRET_KEY_BASE: ${{ secrets.SECRET_KEY_BASE }}
+          AXIOM_API_KEY: ${{ secrets.AXIOM_API_KEY }}
+          DO_TOKEN: ${{ secrets.DO_TOKEN }}
+          SPACES_REGION: ${{ secrets.SPACES_REGION }}
+          SPACES_BUCKET_NAME: ${{ secrets.SPACES_BUCKET_NAME }}
+          SPACES_BUCKET_CONTENT: ${{ secrets.SPACES_BUCKET_CONTENT }}
+          SPACES_ACCESS_KEY_ID: ${{ secrets.SPACES_ACCESS_KEY_ID }}
+          SPACES_SECRET_ACCESS_KEY: ${{ secrets.SPACES_SECRET_ACCESS_KEY }}
+          RAILS_MASTER_KEY: ${{ secrets.RAILS_MASTER_KEY }}
+          DOCKER_BUILDKIT: 1
+        run: |
+          ./bin/kamal ${{ github.event.inputs.command }} --destination=${{ github.event.inputs.environment }}

.github/workflows/kamal-deploy/action.yml

@@ -0,0 +1,70 @@
+name: Kamal Deploy
+
+inputs:
+  environment:
+    description: 'Environment'
+    required: true
+  kamal-host:
+    description: 'Kamal Host'
+    required: true
+  kamal-registry-username:
+    description: 'Kamal Registry Username'
+    required: true
+  kamal-registry-password:
+    description: 'Kamal Registry Password'
+    required: true
+  secret-key-base:
+    description: 'Secret Key Base'
+    required: true
+  axiom-api-key:
+    description: 'Axiom API Key'
+    required: true
+  do-token:
+    description: 'Digital Ocean Token'
+    required: true
+  spaces-region:
+    description: 'Spaces Region'
+    required: true
+  spaces-bucket-name:
+    description: 'Spaces Bucket Name'
+    required: true
+  spaces-bucket-content:
+    description: 'Spaces Bucket Content'
+    required: true
+  spaces-access-key-id:
+    description: 'Spaces Access Key ID'
+    required: true
+  spaces-secret-access-key:
+    description: 'Spaces Secret Access Key'
+    required: true
+  rails-master-key:
+    description: 'Rails Master Key'
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - name: Kamal Deploy
+      shell: bash
+      env:
+        KAMAL_HOST: ${{ inputs.kamal-host }}
+        KAMAL_REGISTRY_USERNAME: ${{ inputs.kamal-registry-username }}
+        KAMAL_REGISTRY_PASSWORD: ${{ inputs.kamal-registry-password }}
+        SECRET_KEY_BASE: ${{ inputs.secret-key-base }}
+        AXIOM_API_KEY: ${{ inputs.axiom-api-key }}
+        DO_TOKEN: ${{ inputs.do-token }}
+        SPACES_REGION: ${{ inputs.spaces-region }}
+        SPACES_BUCKET_NAME: ${{ inputs.spaces-bucket-name }}
+        SPACES_BUCKET_CONTENT: ${{ inputs.spaces-bucket-content }}
+        SPACES_ACCESS_KEY_ID: ${{ inputs.spaces-access-key-id }}
+        SPACES_SECRET_ACCESS_KEY: ${{ inputs.spaces-secret-access-key }}
+        RAILS_MASTER_KEY: ${{ inputs.rails-master-key }}
+        DOCKER_BUILDKIT: 1
+      run: |
+        ./bin/kamal deploy --destination=${{ inputs.environment }}
+
+    - name: Kamal release on cancel
+      shell: bash
+      if: ${{ cancelled() }}
+      run: |
+        ./bin/kamal lock release --destination=${{ inputs.environment }}

.github/workflows/setup/action.yml

@@ -0,0 +1,29 @@
+name: Setup
+
+inputs:
+  ssh-private-key:
+    description: SSH Private Key
+    required: true
+
+runs:
+  using: composite
+  steps:
+    - uses: ruby/setup-ruby@v1
+      env:
+        BUNDLE_GEMFILE: ./Gemfile
+      with:
+        ruby-version: .ruby-version
+        bundler-cache: true
+
+    - uses: webfactory/ssh-agent@v0.9.0
+      with:
+        ssh-private-key: ${{ inputs.ssh-private-key }}
+
+    - name: Set up Docker Buildx
+      uses: docker/setup-buildx-action@v3
+
+    - name: Install kamal and create binstub
+      shell: bash
+      run: |
+        bundle install
+        bundle binstub kamal