name: Build and deploy updated apps on: push: branches: [ main ] pull_request: jobs: build: name: Build & deploy runs-on: ubuntu-latest steps: - name: Checkout uses: https://github.com/actions/checkout@v4 with: fetch-depth: 0 # whole history and tags, can refine this later persist-credentials: false # don’t leave the HTTPS token in origin ssh-key: ${{ secrets.GIT_SSH_KEY }} - name: Setup node uses: https://github.com/actions/setup-node@v4 with: node-version: 22 - name: Setup pnpm uses: https://github.com/pnpm/action-setup@v3 with: version: 9 run_install: false cache: true - name: Install run: pnpm install --frozen-lockfile - name: Build affected apps run: | pnpm turbo run build \ --filter="{./apps/*}...[deployed...HEAD^1]" \ --concurrency=1 - name: Gather output run: | mkdir -p deploy for public in apps/*/.output/public; do if [ -d "$public" ]; then # Derive the app name (e.g. "marketing" for apps/marketing) app=$(basename "$(dirname "$(dirname "$public")")") echo "→ Collecting $app" # Copy its public output into deploy// mkdir -p "deploy/$app" cp -r "$public/." "deploy/$app/" fi done echo "All sites collected under deploy/:" ls -R deploy - name: Start ssh agent uses: webfactory/ssh-agent@v0.9.0 with: ssh-private-key: | ${{ secrets.HOST_SSH_KEY }} ${{ secrets.GIT_SSH_KEY }} - name: Rsync to web server env: HOST: ${{ secrets.HOST_NAME }} USER: ${{ secrets.HOST_USER }} run: | for pub in build/*; do site=$(basename "$pub" .public) echo "Deploying $site to $USER@$HOST:/www/$site" ssh -o StrictHostKeyChecking=no "$USER@$HOST" "mkdir -p /www/$site" rsync -az --delete "$pub/" "$USER@$HOST:/www/$site/" done - name: Update deployment tag run: | # todo this could cause a race condition git config user.name "CI" git config user.email "ci@dominikmilacher.com" git tag -f last-deploy HEAD git push origin last-deploy --force