diff --git a/.gitea/workflows/deploy-stage.yaml b/.gitea/workflows/deploy-stage.yaml index 209708f..168087d 100644 --- a/.gitea/workflows/deploy-stage.yaml +++ b/.gitea/workflows/deploy-stage.yaml @@ -22,9 +22,6 @@ jobs: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - - name: Create nuget.config from secret - run: echo "${{ secrets.NUGET_CONFIG }}" > nuget.config - - name: Build and push Docker image run: | docker build --build-arg NUGET_USERNAME=${{ secrets.NUGET_USERNAME }} --build-arg NUGET_PASSWORD=${{ secrets.NUGET_PASSWORD }} -t ${{ secrets.DOCKER_USERNAME }}/mirea-backend:latest . @@ -41,13 +38,44 @@ jobs: SSH_HOST: ${{ secrets.SSH_HOST }} SSH_USER: ${{ secrets.SSH_USER }} DOCKER_IMAGE: ${{ secrets.DOCKER_USERNAME }}/mirea-backend:latest + PATH_TO_SAVE: /data + SECURITY_SIGNING_TOKEN: ${{ secrets.SECURITY_SIGNING_TOKEN }} + SECURITY_ENCRYPTION_TOKEN: ${{ secrets.SECURITY_ENCRYPTION_TOKEN }} + SECURITY_LIFE_TIME_RT: ${{ secrets.SECURITY_LIFE_TIME_RT }} + SECURITY_LIFE_TIME_JWT: ${{ secrets.SECURITY_LIFE_TIME_JWT }} + SECURITY_LIFE_TIME_1_FA: ${{ secrets.SECURITY_LIFE_TIME_1_FA }} + SECURITY_JWT_ISSUER: ${{ secrets.SECURITY_JWT_ISSUER }} + SECURITY_JWT_AUDIENCE: ${{ secrets.SECURITY_JWT_AUDIENCE }} + SECURITY_HASH_ITERATION: ${{ secrets.SECURITY_HASH_ITERATION }} + SECURITY_HASH_MEMORY: ${{ secrets.SECURITY_HASH_MEMORY }} + SECURITY_HASH_PARALLELISM: ${{ secrets.SECURITY_HASH_PARALLELISM }} + SECURITY_HASH_SIZE: ${{ secrets.SECURITY_HASH_SIZE }} + SECURITY_HASH_TOKEN: ${{ secrets.SECURITY_HASH_TOKEN }} + SECURITY_SALT_SIZE: ${{ secrets.SECURITY_SALT_SIZE }} run: | ssh-keyscan $SSH_HOST >> ~/.ssh/known_hosts ssh $SSH_USER@$SSH_HOST " docker pull $DOCKER_IMAGE && docker stop mirea-backend || true && docker rm mirea-backend || true && - docker run -d --name mirea-backend -p 8085:8080 $DOCKER_IMAGE + docker run -d --name mirea-backend -p 8085:8080 \ + -restart=on-failure \ + -v mirea-data:/data \ + -e PATH_TO_SAVE=$PATH_TO_SAVE \ + -e SECURITY_SIGNING_TOKEN=$SECURITY_SIGNING_TOKEN \ + -e SECURITY_ENCRYPTION_TOKEN=$SECURITY_ENCRYPTION_TOKEN \ + -e SECURITY_LIFE_TIME_RT=$SECURITY_LIFE_TIME_RT \ + -e SECURITY_LIFE_TIME_JWT=$SECURITY_LIFE_TIME_JWT \ + -e SECURITY_LIFE_TIME_1_FA=$SECURITY_LIFE_TIME_1_FA \ + -e SECURITY_JWT_ISSUER=$SECURITY_JWT_ISSUER \ + -e SECURITY_JWT_AUDIENCE=$SECURITY_JWT_AUDIENCE \ + -e SECURITY_HASH_ITERATION=$SECURITY_HASH_ITERATION \ + -e SECURITY_HASH_MEMORY=$SECURITY_HASH_MEMORY \ + -e SECURITY_HASH_PARALLELISM=$SECURITY_HASH_PARALLELISM \ + -e SECURITY_HASH_SIZE=$SECURITY_HASH_SIZE \ + -e SECURITY_HASH_TOKEN=$SECURITY_HASH_TOKEN \ + -e SECURITY_SALT_SIZE=$SECURITY_SALT_SIZE \ + $DOCKER_IMAGE " - name: Remove all keys from ssh-agent