Matthew Binning
095e0aadd8
Now the private content is stored as a git submodule. This means I can keep that repo's source private, but still use it in the build product. The build product (website) relies on HTTP basic authentication, so access control is maintained throughout the SDLC.
26 lines
No EOL
581 B
YAML
26 lines
No EOL
581 B
YAML
name: CD
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
inputs:
|
|
target:
|
|
description: "Deployment target"
|
|
required: true
|
|
type: choice
|
|
options:
|
|
- staging
|
|
- prod
|
|
|
|
jobs:
|
|
deploy:
|
|
runs-on: self-hosted
|
|
steps:
|
|
- name: Download artifact
|
|
uses: actions/download-artifact@v3
|
|
with:
|
|
name: blog-${{ github.sha }}
|
|
path: book/
|
|
- name: Deploy
|
|
run: |
|
|
nix shell nixpkgs#rsync --command rsync -av --delete book/ /srv/www/binning.net/
|
|
printf "✓ Local deployment complete!\n" |