--- name: Deploy to Proxmox on: workflow_dispatch: # Manual trigger only inputs: environment: description: 'Environment to deploy to' required: true default: 'production' type: choice options: - production - staging jobs: deploy: runs-on: ubuntu-latest steps: - name: Check out code uses: actions/checkout@v4 - name: Setup SSH env: SSH_KEY: ${{ secrets.PROXMOX_SSH_KEY }} SSH_HOST: ${{ secrets.PROXMOX_HOST }} run: | mkdir -p ~/.ssh echo "$SSH_KEY" > ~/.ssh/id_rsa chmod 600 ~/.ssh/id_rsa ssh-keyscan -H $SSH_HOST >> ~/.ssh/known_hosts - name: Deploy to Proxmox env: PROXMOX_HOST: ${{ secrets.PROXMOX_HOST }} PROXMOX_USER: ${{ secrets.PROXMOX_USER }} SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }} DB_PASSWORD: ${{ secrets.DB_PASSWORD }} run: | echo "🚀 Deploying to $PROXMOX_HOST..." ssh ${PROXMOX_USER}@${PROXMOX_HOST} << 'ENDSSH' set -e cd ~/pote echo "📥 Pulling latest code..." git pull origin main echo "📦 Installing dependencies..." source venv/bin/activate pip install -e . --quiet echo "🔄 Running migrations..." alembic upgrade head echo "✅ Deployment complete!" ENDSSH - name: Update secrets on server env: PROXMOX_HOST: ${{ secrets.PROXMOX_HOST }} PROXMOX_USER: ${{ secrets.PROXMOX_USER }} SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }} DB_PASSWORD: ${{ secrets.DB_PASSWORD }} run: | echo "🔐 Updating secrets in .env..." ssh ${PROXMOX_USER}@${PROXMOX_HOST} << ENDSSH cd ~/pote # Backup current .env cp .env .env.backup.\$(date +%Y%m%d_%H%M%S) # Update passwords in .env (only update the password lines) sed -i "s|SMTP_PASSWORD=.*|SMTP_PASSWORD=${SMTP_PASSWORD}|" .env sed -i "s|changeme123|${DB_PASSWORD}|" .env # Secure permissions chmod 600 .env echo "✅ Secrets updated!" ENDSSH - name: Health Check env: PROXMOX_HOST: ${{ secrets.PROXMOX_HOST }} PROXMOX_USER: ${{ secrets.PROXMOX_USER }} run: | echo "🔍 Running health check..." ssh ${PROXMOX_USER}@${PROXMOX_HOST} << 'ENDSSH' cd ~/pote source venv/bin/activate python scripts/health_check.py ENDSSH - name: Test Email if: inputs.environment == 'production' env: PROXMOX_HOST: ${{ secrets.PROXMOX_HOST }} PROXMOX_USER: ${{ secrets.PROXMOX_USER }} run: | echo "📧 Testing email configuration..." ssh ${PROXMOX_USER}@${PROXMOX_HOST} << 'ENDSSH' cd ~/pote source venv/bin/activate python scripts/send_daily_report.py --to test@levkin.ca --test-smtp || true ENDSSH - name: Deployment Summary if: always() run: | echo "## 🚀 Deployment Summary" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY echo "**Environment:** ${{ inputs.environment }}" >> $GITHUB_STEP_SUMMARY echo "**Target:** ${{ secrets.PROXMOX_HOST }}" >> $GITHUB_STEP_SUMMARY echo "**Status:** ${{ job.status }}" >> $GITHUB_STEP_SUMMARY echo "" >> $GITHUB_STEP_SUMMARY if [ "${{ job.status }}" == "success" ]; then echo "✅ Deployment completed successfully!" >> $GITHUB_STEP_SUMMARY else echo "❌ Deployment failed. Check logs above." >> $GITHUB_STEP_SUMMARY fi - name: Rollback on Failure if: failure() env: PROXMOX_HOST: ${{ secrets.PROXMOX_HOST }} PROXMOX_USER: ${{ secrets.PROXMOX_USER }} run: | echo "❌ Deployment failed. Restoring previous .env..." ssh ${PROXMOX_USER}@${PROXMOX_HOST} << 'ENDSSH' || true cd ~/pote # Restore backup if ls .env.backup.* 1> /dev/null 2>&1; then latest_backup=$(ls -t .env.backup.* | head -1) cp "$latest_backup" .env echo "✅ Restored from $latest_backup" fi ENDSSH