name: Deploy on: workflow_run: workflows: - Build types: - completed branches: - main - 'version/*' jobs: deploy: name: Deploy runs-on: ubuntu-latest if: ${{ github.event.workflow_run.conclusion == 'success' }} steps: - name: Download deploy artifacts uses: actions/download-artifact@v4 with: name: steamwar-jars path: deploy run-id: ${{ github.event.workflow_run.id }} github-token: ${{ secrets.GITHUB_TOKEN }} - name: Resolve deploy target id: target shell: bash env: SOURCE_BRANCH: ${{ github.event.workflow_run.head_branch }} run: | set -euo pipefail if [[ "$SOURCE_BRANCH" == "main" ]]; then echo "path=/jars/current" >> "$GITHUB_OUTPUT" elif [[ "$SOURCE_BRANCH" == version/* ]]; then version="${SOURCE_BRANCH#version/}" if [[ ! "$version" =~ ^[A-Za-z0-9._-]+$ ]]; then echo "Unsupported version branch name: ${SOURCE_BRANCH}" >&2 exit 1 fi echo "path=/jars/${version}" >> "$GITHUB_OUTPUT" else echo "Unsupported deployment branch: ${SOURCE_BRANCH}" >&2 exit 1 fi - name: Upload jars with scp shell: bash env: DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }} DEPLOY_USER: ${{ secrets.DEPLOY_USER }} DEPLOY_PORT: ${{ secrets.DEPLOY_PORT }} DEPLOY_SSH_KEY: ${{ secrets.DEPLOY_SSH_KEY }} DEPLOY_PATH: ${{ steps.target.outputs.path }} run: | set -euo pipefail : "${DEPLOY_HOST:?Missing DEPLOY_HOST secret}" : "${DEPLOY_USER:?Missing DEPLOY_USER secret}" : "${DEPLOY_SSH_KEY:?Missing DEPLOY_SSH_KEY secret}" port="${DEPLOY_PORT:-22}" mkdir -p ~/.ssh chmod 700 ~/.ssh echo "$DEPLOY_SSH_KEY" > ~/.ssh/deploy_key chmod 600 ~/.ssh/deploy_key ssh-keyscan -p "$port" "$DEPLOY_HOST" >> ~/.ssh/known_hosts ssh -i ~/.ssh/deploy_key -p "$port" "${DEPLOY_USER}@${DEPLOY_HOST}" "mkdir -p '$DEPLOY_PATH'" scp -i ~/.ssh/deploy_key -P "$port" deploy/* "${DEPLOY_USER}@${DEPLOY_HOST}:$DEPLOY_PATH/"