From 6a0696f9c2f604a70bb308ce4c12b21083c5fa31 Mon Sep 17 00:00:00 2001 From: rbruhn Date: Sat, 16 May 2026 15:15:51 -0400 Subject: [PATCH 1/3] Fix Deployer workflow to use Composer binary --- .github/workflows/deploy.yml | 101 ++++++++++++++++++++++++----------- 1 file changed, 69 insertions(+), 32 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index fa2388e..a2137d6 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -19,15 +19,14 @@ name: Build and Deploy on: push: branches: - - main # Calculates version, deploys to production, then creates release - - development # Development environment + - main + - development permissions: id-token: write contents: read jobs: - # Calculate the next version number — deployment and release creation happen in subsequent jobs calculate-version: runs-on: ubuntu-latest if: "github.ref == 'refs/heads/main' && !contains(github.event.head_commit.message, '[skip deploy]') && !contains(github.event.head_commit.message, '[no deploy]')" @@ -116,7 +115,6 @@ jobs: echo "New version: $NEW_VERSION" echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT - # Production deployment (runs after version is calculated) build-and-deploy-production: needs: calculate-version runs-on: ubuntu-latest @@ -124,14 +122,17 @@ jobs: if: "github.ref == 'refs/heads/main' && !contains(github.event.head_commit.message, '[skip deploy]') && !contains(github.event.head_commit.message, '[no deploy]')" steps: - uses: actions/checkout@v6 + - name: Get Runner IP id: ip run: echo "ipv4=$(curl -s https://checkip.amazonaws.com)" >> "$GITHUB_OUTPUT" + - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v6 with: role-to-assume: arn:aws:iam::147899039648:role/GitHubActionsDeployRole aws-region: ${{ secrets.AWS_REGION }} + - name: Whitelist Runner IP in AWS Security Group run: | aws ec2 authorize-security-group-ingress \ @@ -140,11 +141,13 @@ jobs: --protocol tcp \ --port 22 \ --cidr ${{ steps.ip.outputs.ipv4 }}/32 + - name: Setup PHP uses: shivammathur/setup-php@v2 with: - php-version: '8.3' + php-version: '8.5' extensions: mbstring, xml, bcmath, ctype, json, tokenizer, pdo, pdo_mysql + - name: Cache Composer packages id: composer-cache uses: actions/cache@v5 @@ -153,23 +156,29 @@ jobs: key: ${{ runner.os }}-php-v3-${{ hashFiles('**/composer.lock') }} restore-keys: | ${{ runner.os }}-php-v3- + - name: Create storage directories run: | mkdir -p storage/framework/cache/data mkdir -p storage/framework/sessions mkdir -p storage/framework/views mkdir -p bootstrap/cache - - name: Install Composer dependencies (without scripts) - run: composer install --prefer-dist --no-progress --no-dev --optimize-autoloader --no-scripts + + - name: Install Composer dependencies for deployment runner + run: composer install --prefer-dist --no-progress --optimize-autoloader --no-scripts + - name: Setup Node.js uses: actions/setup-node@v6 with: - node-version: '24' + node-version: '20' cache: 'yarn' + - name: Install Yarn dependencies run: yarn install --frozen-lockfile --ignore-engines + - name: Build assets for Production run: npm run production + - name: Create deployment package run: | rm -rf deployment-package || true @@ -184,22 +193,28 @@ jobs: . "$TEMP_DIR/" cp -r public/css public/js public/fonts public/images public/svg public/mix-manifest.json "$TEMP_DIR/public/" || true mv "$TEMP_DIR" deployment-package + - name: Upload deployment artifact uses: actions/upload-artifact@v7 with: name: digitizationacademy-${{ github.sha }} path: deployment-package/ retention-days: 30 - - name: Deploy with Deployer - uses: deployphp/action@v1 + + - name: Setup SSH key + uses: webfactory/ssh-agent@v0.9.1 with: - private-key: ${{ secrets.DEPLOY_PRIVATE_KEY }} - dep: deploy production + ssh-private-key: ${{ secrets.DEPLOY_PRIVATE_KEY }} + + - name: Deploy with Deployer + run: vendor/bin/dep deploy production env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_SHA: ${{ github.sha }} GITHUB_REPO: ${{ github.repository }} API_TOKEN: ${{ secrets.API_TOKEN }} + OPCACHE_WEBHOOK_TOKEN: ${{ secrets.OPCACHE_WEBHOOK_TOKEN }} + - name: Revoke Runner IP from AWS Security Group if: always() run: | @@ -210,7 +225,6 @@ jobs: --port 22 \ --cidr ${{ steps.ip.outputs.ipv4 }}/32 - # Create release only after a successful production deployment create-release: needs: [calculate-version, build-and-deploy-production] runs-on: ubuntu-latest @@ -224,27 +238,33 @@ jobs: - name: Create Release run: | - NOTES_FILE="$(mktemp)" + if [ "${{ needs.calculate-version.outputs.current_version }}" = "0.0.0" ]; then + RELEASE_NOTES="## What's Changed + + 🎉 **First Release!** + + Auto-generated initial release from main branch. - cat > "$NOTES_FILE" <<'EOF' - ## What's Changed + **Latest commit:** + \`\`\` + $COMMIT_MESSAGE + \`\`\`" + else + RELEASE_NOTES="## What's Changed Auto-generated release from main branch. **Commits included:** - ``` - __COMMITS_HERE__ - ``` - - **Full Changelog**: https://github.com/${{ github.repository }}/compare/${{ needs.calculate-version.outputs.current_version }}...${{ needs.calculate-version.outputs.new_version }} - EOF + \`\`\` + $COMMIT_MESSAGE + \`\`\` - # Replace placeholder with the commit message safely (no shell expansion) - perl -0777 -pe 's/__COMMITS_HERE__/\Q$ENV{COMMIT_MESSAGE}\E/g' -i "$NOTES_FILE" + **Full Changelog**: https://github.com/${{ github.repository }}/compare/${{ needs.calculate-version.outputs.current_version }}...${{ needs.calculate-version.outputs.new_version }}" + fi gh release create "${{ needs.calculate-version.outputs.new_version }}" \ --title "Release ${{ needs.calculate-version.outputs.new_version }}" \ - --notes-file "$NOTES_FILE" + --notes "$RELEASE_NOTES" env: GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} COMMIT_MESSAGE: ${{ github.event.head_commit.message }} @@ -255,14 +275,17 @@ jobs: if: "github.ref == 'refs/heads/development' && !contains(github.event.head_commit.message, '[skip deploy]') && !contains(github.event.head_commit.message, '[no deploy]')" steps: - uses: actions/checkout@v6 + - name: Get Runner IP id: ip run: echo "ipv4=$(curl -s https://checkip.amazonaws.com)" >> "$GITHUB_OUTPUT" + - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v6 with: role-to-assume: arn:aws:iam::147899039648:role/GitHubActionsDeployRole aws-region: ${{ secrets.AWS_REGION }} + - name: Whitelist Runner IP in AWS Security Group run: | aws ec2 authorize-security-group-ingress \ @@ -271,11 +294,13 @@ jobs: --protocol tcp \ --port 22 \ --cidr ${{ steps.ip.outputs.ipv4 }}/32 + - name: Setup PHP uses: shivammathur/setup-php@v2 with: php-version: '8.5' extensions: mbstring, xml, bcmath, ctype, json, tokenizer, pdo, pdo_mysql + - name: Cache Composer packages id: composer-cache uses: actions/cache@v5 @@ -284,23 +309,29 @@ jobs: key: ${{ runner.os }}-php-v3-${{ hashFiles('**/composer.lock') }} restore-keys: | ${{ runner.os }}-php-v3- + - name: Create storage directories run: | mkdir -p storage/framework/cache/data mkdir -p storage/framework/sessions mkdir -p storage/framework/views mkdir -p bootstrap/cache - - name: Install Composer dependencies (without scripts) - run: composer install --prefer-dist --no-progress --no-dev --optimize-autoloader --no-scripts + + - name: Install Composer dependencies for deployment runner + run: composer install --prefer-dist --no-progress --optimize-autoloader --no-scripts + - name: Setup Node.js uses: actions/setup-node@v6 with: - node-version: '24' + node-version: '20' cache: 'yarn' + - name: Install Yarn dependencies run: yarn install --frozen-lockfile --ignore-engines + - name: Build assets for Development run: npm run production + - name: Create deployment package run: | rm -rf deployment-package || true @@ -315,22 +346,28 @@ jobs: . "$TEMP_DIR/" cp -r public/css public/js public/fonts public/images public/svg public/mix-manifest.json "$TEMP_DIR/public/" || true mv "$TEMP_DIR" deployment-package + - name: Upload deployment artifact uses: actions/upload-artifact@v7 with: name: digitizationacademy-${{ github.sha }} path: deployment-package/ retention-days: 30 - - name: Deploy with Deployer - uses: deployphp/action@v1 + + - name: Setup SSH key + uses: webfactory/ssh-agent@v0.9.1 with: - private-key: ${{ secrets.DEPLOY_PRIVATE_KEY }} - dep: deploy development + ssh-private-key: ${{ secrets.DEPLOY_PRIVATE_KEY }} + + - name: Deploy with Deployer + run: vendor/bin/dep deploy development env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_SHA: ${{ github.sha }} GITHUB_REPO: ${{ github.repository }} API_TOKEN: ${{ secrets.API_TOKEN }} + OPCACHE_WEBHOOK_TOKEN: ${{ secrets.OPCACHE_WEBHOOK_TOKEN }} + - name: Revoke Runner IP from AWS Security Group if: always() run: | From 194245c2d17b979457471f2e2b85e4f0f8d453dd Mon Sep 17 00:00:00 2001 From: rbruhn Date: Sat, 16 May 2026 15:32:19 -0400 Subject: [PATCH 2/3] Fix deploy workflow: add SSH host key configuration for production and development --- .github/workflows/deploy.yml | 10 ++++++++++ deploy.php | 2 +- 2 files changed, 11 insertions(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index a2137d6..19978f6 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -206,6 +206,11 @@ jobs: with: ssh-private-key: ${{ secrets.DEPLOY_PRIVATE_KEY }} + - name: Add production host key + run: | + mkdir -p ~/.ssh + ssh-keyscan -H 3.142.169.134 >> ~/.ssh/known_hosts + - name: Deploy with Deployer run: vendor/bin/dep deploy production env: @@ -359,6 +364,11 @@ jobs: with: ssh-private-key: ${{ secrets.DEPLOY_PRIVATE_KEY }} + - name: Add development host key + run: | + mkdir -p ~/.ssh + ssh-keyscan -H 3.138.217.206 >> ~/.ssh/known_hosts + - name: Deploy with Deployer run: vendor/bin/dep deploy development env: diff --git a/deploy.php b/deploy.php index 64c84e6..bb9b0e4 100644 --- a/deploy.php +++ b/deploy.php @@ -39,7 +39,7 @@ set('repository', 'https://github.com/AustinMastLab/DigitizationAcademy.git'); set('base_path', '/data/web'); set('remote_user', 'ubuntu'); -set('php_fpm_version', '8.3'); +set('php_fpm_version', '8.5'); set('ssh_multiplexing', true); set('writable_mode', 'chmod'); set('keep_releases', 3); // Keep only 3 recent releases From 8ed26c715b475fb430106ad798759679df13036b Mon Sep 17 00:00:00 2001 From: rbruhn Date: Sat, 16 May 2026 16:31:31 -0400 Subject: [PATCH 3/3] Update deploy workflow: bump `webfactory/ssh-agent` action to v0.10.0 --- .github/workflows/deploy.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 19978f6..1a913f0 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -202,7 +202,7 @@ jobs: retention-days: 30 - name: Setup SSH key - uses: webfactory/ssh-agent@v0.9.1 + uses: webfactory/ssh-agent@v0.10.0 with: ssh-private-key: ${{ secrets.DEPLOY_PRIVATE_KEY }} @@ -360,7 +360,7 @@ jobs: retention-days: 30 - name: Setup SSH key - uses: webfactory/ssh-agent@v0.9.1 + uses: webfactory/ssh-agent@v0.10.0 with: ssh-private-key: ${{ secrets.DEPLOY_PRIVATE_KEY }}