Update deploy workflow for SSH configuration and Composer support

.github/workflows/deploy.yml

@@ -19,15 +19,14 @@ name: Build and Deploy
 on:
   push:
     branches:
-      - main        # Calculates version, deploys to production, then creates release
-      - development # Development environment
+      - main
+      - development
 
 permissions:
   id-token: write
   contents: read
 
 jobs:
-  # Calculate the next version number — deployment and release creation happen in subsequent jobs
   calculate-version:
     runs-on: ubuntu-latest
     if: "github.ref == 'refs/heads/main' && !contains(github.event.head_commit.message, '[skip deploy]') && !contains(github.event.head_commit.message, '[no deploy]')"
@@ -116,22 +115,24 @@ jobs:
           echo "New version: $NEW_VERSION"
           echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT
 
-  # Production deployment (runs after version is calculated)
   build-and-deploy-production:
     needs: calculate-version
     runs-on: ubuntu-latest
     environment: production
     if: "github.ref == 'refs/heads/main' && !contains(github.event.head_commit.message, '[skip deploy]') && !contains(github.event.head_commit.message, '[no deploy]')"
     steps:
       - uses: actions/checkout@v6
+
       - name: Get Runner IP
         id: ip
-        uses: haythem/public-ip@v1.3
+        run: echo "ipv4=$(curl -s https://checkip.amazonaws.com)" >> "$GITHUB_OUTPUT"
+
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v6
         with:
           role-to-assume: arn:aws:iam::147899039648:role/GitHubActionsDeployRole
           aws-region: ${{ secrets.AWS_REGION }}
+
       - name: Whitelist Runner IP in AWS Security Group
         run: |
           aws ec2 authorize-security-group-ingress \
@@ -140,11 +141,13 @@ jobs:
             --protocol tcp \
             --port 22 \
             --cidr ${{ steps.ip.outputs.ipv4 }}/32
+
       - name: Setup PHP
         uses: shivammathur/setup-php@v2
         with:
-          php-version: '8.3'
+          php-version: '8.5'
           extensions: mbstring, xml, bcmath, ctype, json, tokenizer, pdo, pdo_mysql
+
       - name: Cache Composer packages
         id: composer-cache
         uses: actions/cache@v5
@@ -153,23 +156,29 @@ jobs:
           key: ${{ runner.os }}-php-v3-${{ hashFiles('**/composer.lock') }}
           restore-keys: |
             ${{ runner.os }}-php-v3-
+
       - name: Create storage directories
         run: |
           mkdir -p storage/framework/cache/data
           mkdir -p storage/framework/sessions
           mkdir -p storage/framework/views
           mkdir -p bootstrap/cache
-      - name: Install Composer dependencies (without scripts)
-        run: composer install --prefer-dist --no-progress --no-dev --optimize-autoloader --no-scripts
+
+      - name: Install Composer dependencies for deployment runner
+        run: composer install --prefer-dist --no-progress --optimize-autoloader --no-scripts
+
       - name: Setup Node.js
         uses: actions/setup-node@v6
         with:
           node-version: '20'
           cache: 'yarn'
+
       - name: Install Yarn dependencies
         run: yarn install --frozen-lockfile --ignore-engines
+
       - name: Build assets for Production
         run: npm run production
+
       - name: Create deployment package
         run: |
           rm -rf deployment-package || true
@@ -184,22 +193,33 @@ jobs:
             . "$TEMP_DIR/"
           cp -r public/css public/js public/fonts public/images public/svg public/mix-manifest.json "$TEMP_DIR/public/" || true
           mv "$TEMP_DIR" deployment-package
+
       - name: Upload deployment artifact
         uses: actions/upload-artifact@v7
         with:
           name: digitizationacademy-${{ github.sha }}
           path: deployment-package/
           retention-days: 30
-      - name: Deploy with Deployer
-        uses: deployphp/action@v1
+
+      - name: Setup SSH key
+        uses: webfactory/ssh-agent@v0.10.0
         with:
-          private-key: ${{ secrets.DEPLOY_PRIVATE_KEY }}
-          dep: deploy production
+          ssh-private-key: ${{ secrets.DEPLOY_PRIVATE_KEY }}
+
+      - name: Add production host key
+        run: |
+          mkdir -p ~/.ssh
+          ssh-keyscan -H 3.142.169.134 >> ~/.ssh/known_hosts
+
+      - name: Deploy with Deployer
+        run: vendor/bin/dep deploy production
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GITHUB_SHA: ${{ github.sha }}
           GITHUB_REPO: ${{ github.repository }}
+          API_TOKEN: ${{ secrets.API_TOKEN }}
           OPCACHE_WEBHOOK_TOKEN: ${{ secrets.OPCACHE_WEBHOOK_TOKEN }}
+
       - name: Revoke Runner IP from AWS Security Group
         if: always()
         run: |
@@ -210,7 +230,6 @@ jobs:
             --port 22 \
             --cidr ${{ steps.ip.outputs.ipv4 }}/32
 
-  # Create release only after a successful production deployment
   create-release:
     needs: [calculate-version, build-and-deploy-production]
     runs-on: ubuntu-latest
@@ -261,14 +280,17 @@ jobs:
     if: "github.ref == 'refs/heads/development' && !contains(github.event.head_commit.message, '[skip deploy]') && !contains(github.event.head_commit.message, '[no deploy]')"
     steps:
       - uses: actions/checkout@v6
+
       - name: Get Runner IP
         id: ip
-        uses: haythem/public-ip@v1.3
+        run: echo "ipv4=$(curl -s https://checkip.amazonaws.com)" >> "$GITHUB_OUTPUT"
+
       - name: Configure AWS Credentials
         uses: aws-actions/configure-aws-credentials@v6
         with:
           role-to-assume: arn:aws:iam::147899039648:role/GitHubActionsDeployRole
           aws-region: ${{ secrets.AWS_REGION }}
+
       - name: Whitelist Runner IP in AWS Security Group
         run: |
           aws ec2 authorize-security-group-ingress \
@@ -277,11 +299,13 @@ jobs:
             --protocol tcp \
             --port 22 \
             --cidr ${{ steps.ip.outputs.ipv4 }}/32
+
       - name: Setup PHP
         uses: shivammathur/setup-php@v2
         with:
           php-version: '8.3'
           extensions: mbstring, xml, bcmath, ctype, json, tokenizer, pdo, pdo_mysql
+
       - name: Cache Composer packages
         id: composer-cache
         uses: actions/cache@v5
@@ -290,23 +314,29 @@ jobs:
           key: ${{ runner.os }}-php-v3-${{ hashFiles('**/composer.lock') }}
           restore-keys: |
             ${{ runner.os }}-php-v3-
+
       - name: Create storage directories
         run: |
           mkdir -p storage/framework/cache/data
           mkdir -p storage/framework/sessions
           mkdir -p storage/framework/views
           mkdir -p bootstrap/cache
-      - name: Install Composer dependencies (without scripts)
-        run: composer install --prefer-dist --no-progress --no-dev --optimize-autoloader --no-scripts
+
+      - name: Install Composer dependencies for deployment runner
+        run: composer install --prefer-dist --no-progress --optimize-autoloader --no-scripts
+
       - name: Setup Node.js
         uses: actions/setup-node@v6
         with:
           node-version: '20'
           cache: 'yarn'
+
       - name: Install Yarn dependencies
         run: yarn install --frozen-lockfile --ignore-engines
+
       - name: Build assets for Development
         run: npm run production
+
       - name: Create deployment package
         run: |
           rm -rf deployment-package || true
@@ -321,22 +351,33 @@ jobs:
             . "$TEMP_DIR/"
           cp -r public/css public/js public/fonts public/images public/svg public/mix-manifest.json "$TEMP_DIR/public/" || true
           mv "$TEMP_DIR" deployment-package
+
       - name: Upload deployment artifact
         uses: actions/upload-artifact@v7
         with:
           name: digitizationacademy-${{ github.sha }}
           path: deployment-package/
           retention-days: 30
-      - name: Deploy with Deployer
-        uses: deployphp/action@v1
+
+      - name: Setup SSH key
+        uses: webfactory/ssh-agent@v0.10.0
         with:
-          private-key: ${{ secrets.DEPLOY_PRIVATE_KEY }}
-          dep: deploy development
+          ssh-private-key: ${{ secrets.DEPLOY_PRIVATE_KEY }}
+
+      - name: Add development host key
+        run: |
+          mkdir -p ~/.ssh
+          ssh-keyscan -H 3.138.217.206 >> ~/.ssh/known_hosts
+
+      - name: Deploy with Deployer
+        run: vendor/bin/dep deploy development
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           GITHUB_SHA: ${{ github.sha }}
           GITHUB_REPO: ${{ github.repository }}
+          API_TOKEN: ${{ secrets.API_TOKEN }}
           OPCACHE_WEBHOOK_TOKEN: ${{ secrets.OPCACHE_WEBHOOK_TOKEN }}
+
       - name: Revoke Runner IP from AWS Security Group
         if: always()
         run: |

deploy.php

@@ -39,7 +39,7 @@
 set('repository', 'https://github.com/AustinMastLab/DigitizationAcademy.git');
 set('base_path', '/data/web');
 set('remote_user', 'ubuntu');
-set('php_fpm_version', '8.3');
+set('php_fpm_version', '8.5');
 set('ssh_multiplexing', true);
 set('writable_mode', 'chmod');
 set('keep_releases', 3);  // Keep only 3 recent releases