Use instance-level vars for non-sensitive deploy config
- DEPLOY_HOST / DEPLOY_USER / REGISTRY_USER now read from vars.*, set once at /admin/actions/variables and inherited by all repos - DEPLOY_SSH_KEY / REGISTRY_PASSWORD stay as secrets.* Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
rlabadmin
@@ -44,7 +44,7 @@ jobs:
|
|||||||
run: |
|
run: |
|
||||||
echo "${{ secrets.REGISTRY_PASSWORD }}" | \
|
echo "${{ secrets.REGISTRY_PASSWORD }}" | \
|
||||||
docker login ${{ env.REGISTRY }} \
|
docker login ${{ env.REGISTRY }} \
|
||||||
--username "${{ secrets.REGISTRY_USER }}" \
|
--username "${{ vars.REGISTRY_USER }}" \
|
||||||
--password-stdin
|
--password-stdin
|
||||||
|
|
||||||
- name: Build image
|
- name: Build image
|
||||||
@@ -71,12 +71,12 @@ jobs:
|
|||||||
mkdir -p ~/.ssh
|
mkdir -p ~/.ssh
|
||||||
echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/deploy_key
|
echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/deploy_key
|
||||||
chmod 600 ~/.ssh/deploy_key
|
chmod 600 ~/.ssh/deploy_key
|
||||||
ssh-keyscan -H ${{ secrets.DEPLOY_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
|
ssh-keyscan -H ${{ vars.DEPLOY_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
|
||||||
|
|
||||||
- name: Rolling deploy on Swarm
|
- name: Rolling deploy on Swarm
|
||||||
run: |
|
run: |
|
||||||
ssh -i ~/.ssh/deploy_key \
|
ssh -i ~/.ssh/deploy_key \
|
||||||
${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }} \
|
${{ vars.DEPLOY_USER }}@${{ vars.DEPLOY_HOST }} \
|
||||||
"docker service update \
|
"docker service update \
|
||||||
--image ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ needs.build.outputs.image_tag }} \
|
--image ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ needs.build.outputs.image_tag }} \
|
||||||
--with-registry-auth \
|
--with-registry-auth \
|
||||||
|
|||||||
Reference in New Issue
Block a user