Skip to content

shipstuff/actions

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

7 Commits
 
 
 
 

Repository files navigation

Shipstuff Actions

Reusable GitHub Actions for Shipstuff repos.

digital-ocean-upload

Upload built artifacts to a Shipstuff DigitalOcean edge host over SSH. The source can be a static asset directory, release directory, or single binary file, so app repos can publish artifacts without making the edge run builds. The server-side public key should be installed by servertimeai as an app-scoped restricted deploy key that only allows rsync server mode through the dedicated app-deploy SSH listener.

- uses: shipstuff/actions/digital-ocean-upload@main
  with:
    ssh-private-key: ${{ secrets.EDGE_KEY }}
    edge-user: ${{ env.EDGE_USER }}
    source-path: ${{ env.SOURCE_PATH }}
    # Optional. Defaults to false.
    delete: "true"

Use the same secret name, EDGE_KEY, in every app repo. The secret value must be app-specific and match only that app's restricted edge deploy public key.

edge-host defaults to shipstuff.fun. edge-port defaults to 2230, the dedicated app-deploy SSH listener managed by servertimeai; it is intentionally separate from admin SSH on port 22. edge-path defaults to /var/www/html/<edge-user>/, which is the normal per-app web root created by the cloud playbook. Most app repos only need to pass EDGE_KEY, edge-user, and source-path.

Only override edge-host, edge-port, or edge-path when publishing to a non-standard edge, non-standard deploy listener, or non-standard app web root:

with:
  edge-host: staging.shipstuff.fun
  edge-port: "2230"
  edge-path: /var/www/html/custom-path/

delete

delete: "true" passes --delete to rsync, which removes remote files that no longer exist locally. Use it when the remote path is a fully generated artifact directory owned by this deploy, especially hashed frontend builds, so stale files do not accumulate or keep serving old code.

Leave delete as "false" for binary uploads, mixed publish directories, operator-managed files, user-generated content, or any destination that this deploy does not exclusively own. The action rejects delete: "true" for single-file uploads because --delete is meaningful for directory syncs, not one-off artifact uploads.

Backend activation markers

Production backend deploys should wait for the edge watcher to process the activation marker. Without this wait, CI can report success after uploading the marker even if the watcher later fails staging or production health checks.

- uses: shipstuff/actions/digital-ocean-upload@main
  with:
    ssh-private-key: ${{ secrets.EDGE_KEY }}
    edge-user: brushscore
    source-path: .deploy-marker
    edge-path: /home/brushscore/deploy-queue/
    delete: "false"
    wait-for-marker: "true"
    marker-name: ${{ github.sha }}.json

The wait uses the same restricted rsync-only key to list deploy-queue/processed/ and deploy-queue/failed/. It does not require shell access on the edge host. The action succeeds only when the marker appears in processed/; it fails if the marker appears in failed/ or if the wait times out.

About

Reusable Custom Shipstuff Specific Github Actions

Resources

Stars

0 stars

Watchers

0 watching

Forks

Releases

No releases published

Packages

 
 
 

Contributors