Use instance-level vars for non-sensitive deploy config
- DEPLOY_HOST / DEPLOY_USER / REGISTRY_USER now read from vars.*, set once at /admin/actions/variables and inherited by all repos - DEPLOY_SSH_KEY / REGISTRY_PASSWORD stay as secrets.* Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
This commit is contained in:
rlabadmin
@@ -44,7 +44,7 @@ jobs:
|
||||
run: |
|
||||
echo "${{ secrets.REGISTRY_PASSWORD }}" | \
|
||||
docker login ${{ env.REGISTRY }} \
|
||||
--username "${{ secrets.REGISTRY_USER }}" \
|
||||
--username "${{ vars.REGISTRY_USER }}" \
|
||||
--password-stdin
|
||||
|
||||
- name: Build image
|
||||
@@ -71,12 +71,12 @@ jobs:
|
||||
mkdir -p ~/.ssh
|
||||
echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/deploy_key
|
||||
chmod 600 ~/.ssh/deploy_key
|
||||
ssh-keyscan -H ${{ secrets.DEPLOY_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
|
||||
ssh-keyscan -H ${{ vars.DEPLOY_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
|
||||
|
||||
- name: Rolling deploy on Swarm
|
||||
run: |
|
||||
ssh -i ~/.ssh/deploy_key \
|
||||
${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }} \
|
||||
${{ vars.DEPLOY_USER }}@${{ vars.DEPLOY_HOST }} \
|
||||
"docker service update \
|
||||
--image ${{ env.REGISTRY }}/${{ env.IMAGE }}:${{ needs.build.outputs.image_tag }} \
|
||||
--with-registry-auth \
|
||||
|
||||
Reference in New Issue
Block a user