toph/ci-actions
1
0
Fork 0
Code Issues 1 Pull requests Projects Releases Packages Wiki Activity Actions
ci-actions/deploy-static-site/action.yaml
Christopher Mühl 55652569b2
feat: add deploy-static-site action, site-lib, images; remove deploy-oci-site 
Content now served from S3 at runtime via shared static-server image.
- deploy-static-site: reads creds from Nomad vars, builds site, pushes
  tarball to S3, generates per-domain Nomad job JSON, deploys
- generate-job.py: emits Nomad job JSON for a static site deployment
- site-lib/flake.nix: mkSite helper, packages.default + devShells only
- images/flake.nix: shared static-server OCI image (sws + awscli2 + tools)
- images CI: builds and pushes static-server on images/flake.nix changes
- deploy-oci-site: removed (superseded by deploy-static-site)

Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
2026-02-18 11:27:27 +01:00

98 lines
3.3 KiB
YAML
Raw Blame History

name: Deploy Static Site
description: Build site with Nix, push tarball to S3, deploy via Nomad with shared static-server image
inputs:
domain:
description: 'Domain the site is served at (e.g. toph.so)'
required: true
nomad-addr:
description: 'Nomad API address'
required: false
default: 'http://172.17.0.1:4646'
server-image:
description: 'OCI image for the static server'
required: false
default: 'registry.toph.so/static-server:latest'
datacenter:
description: 'Nomad datacenter'
required: false
default: 'contabo'
smoke-test:
description: 'Run a smoke test against the domain after deploy'
required: false
default: 'true'
runs:
using: composite
steps:
- name: Install tools
shell: bash
run: nix profile install nixpkgs#nomad nixpkgs#awscli2 nixpkgs#jq
- name: Read Nomad vars
shell: bash
run: |
S3_VARS=$(nomad var get -out json static-sites/s3)
echo "AWS_ACCESS_KEY_ID=$(echo "$S3_VARS" | jq -r '.Items.access_key')" >> $GITHUB_ENV
echo "AWS_SECRET_ACCESS_KEY=$(echo "$S3_VARS" | jq -r '.Items.secret_key')" >> $GITHUB_ENV
echo "AWS_ENDPOINT_URL=$(echo "$S3_VARS" | jq -r '.Items.endpoint')" >> $GITHUB_ENV
echo "S3_BUCKET=$(echo "$S3_VARS" | jq -r '.Items.bucket')" >> $GITHUB_ENV
NIX_VARS=$(nomad var get -out json static-sites/nix)
echo "NIX_SIGNING_KEY=$(echo "$NIX_VARS" | jq -r '.Items.signing_key')" >> $GITHUB_ENV
env:
NOMAD_ADDR: ${{ inputs.nomad-addr }}
NOMAD_TOKEN: ${{ env.NOMAD_TOKEN }}
- name: Build site
shell: bash
run: nix build .#default --out-link result-site
- name: Sign and push Nix closure to S3 cache
shell: bash
run: |
echo "${NIX_SIGNING_KEY}" > /tmp/nix-key
nix store sign -k /tmp/nix-key --recursive ./result-site
nix copy \
--to "s3://${S3_BUCKET}?endpoint=${AWS_ENDPOINT_URL}&access-key-id=${AWS_ACCESS_KEY_ID}&secret-access-key=${AWS_SECRET_ACCESS_KEY}" \
./result-site
rm /tmp/nix-key
- name: Upload site tarball to S3
shell: bash
run: |
SITE_HASH=$(git rev-parse --short=12 HEAD)
echo "SITE_HASH=${SITE_HASH}" >> $GITHUB_ENV
tar czf /tmp/site.tar.gz -C result-site .
aws s3 cp /tmp/site.tar.gz "s3://${S3_BUCKET}/sites/${{ inputs.domain }}/${SITE_HASH}.tar.gz"
- name: Deploy Nomad job
shell: bash
run: |
python3 "${{ github.action_path }}/generate-job.py" | nomad job run -json -
env:
NOMAD_ADDR: ${{ inputs.nomad-addr }}
NOMAD_TOKEN: ${{ env.NOMAD_TOKEN }}
DOMAIN: ${{ inputs.domain }}
SERVER_IMAGE: ${{ inputs.server-image }}
DATACENTER: ${{ inputs.datacenter }}
- name: Smoke test
if: inputs.smoke-test == 'true'
shell: bash
run: |
echo "Waiting for deployment..."
for i in $(seq 1 12); do
if curl -sf --max-time 5 "https://${{ inputs.domain }}/" > /dev/null; then
echo "OK — https://${{ inputs.domain }}/ is up"
exit 0
fi
echo "Attempt ${i}/12 — retrying in 5s..."
sleep 5
done
echo "Smoke test failed: https://${{ inputs.domain }}/ did not respond"
exit 1
Reference in a new issue View git blame Copy permalink