This repository has been archived by the owner on Oct 29, 2024. It is now read-only.
deploy-matrix #63
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: deploy-matrix | |
on: | |
push: | |
paths: | |
- '.github/workflows/matrix.yml' | |
- 'matrix/**' | |
branches: [main] | |
workflow_dispatch: | |
jobs: | |
deploy: | |
runs-on: ubuntu-latest | |
environment: | |
name: Matrix | |
url: https://matrix.aosus.org | |
steps: | |
- name: checkout | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Tailscale | |
uses: tailscale/github-action@7a0b30ed3517c2244d1330e39467b95f067a33bd | |
with: | |
oauth-client-id: ${{ secrets.TAILSCALE_CLIENT_ID }} | |
oauth-secret: ${{ secrets.TAILSCALE_SECRET }} | |
tags: tag:deploy-ci | |
hostname: Github-actions | |
version: ${{ vars.TAILSCALE_VERSION }} | |
- name: Add secrets to homeserver.yml | |
env: | |
MATRIX_TURN_SHARED_SECRET: ${{ secrets.matrix_turn_shared_secret }} | |
MATRIX_REGISTRATION_SHARED_SECRET: ${{ secrets.matrix_registration_shared_secret }} | |
MATRIX_FORM_SECRET: ${{ secrets.matrix_form_secret }} | |
MATRIX_POSTGRES_PASSWORD: ${{ secrets.matrix_postgres_password }} | |
MATRIX_SMTP_PASS: ${{ secrets.matrix_smtp_pass }} | |
run: | | |
sed -i "s|(matrix_turn_shared_secret)|$MATRIX_TURN_SHARED_SECRET|g" $GITHUB_WORKSPACE/matrix/homeserver.yaml | |
sed -i "s|(matrix_registration_shared_secret)|$MATRIX_REGISTRATION_SHARED_SECRET|g" $GITHUB_WORKSPACE/matrix/homeserver.yaml | |
sed -i "s|(matrix_oidc_issuer)|$MATRIX_OIDC_ISSUER|g" $GITHUB_WORKSPACE/matrix/homeserver.yaml | |
sed -i "s|(matrix_oidc_client_id)|$MATRIX_OIDC_CLIENT_ID|g" $GITHUB_WORKSPACE/matrix/homeserver.yaml | |
sed -i "s|(matrix_oidc_client_secret)|$MATRIX_OIDC_CLIENT_SECRET|g" $GITHUB_WORKSPACE/matrix/homeserver.yaml | |
sed -i "s|(matrix_postgres_password)|$MATRIX_POSTGRES_PASSWORD|g" $GITHUB_WORKSPACE/matrix/homeserver.yaml | |
sed -i "s|(matrix_smtp_pass)|$MATRIX_SMTP_PASS|g" $GITHUB_WORKSPACE/matrix/homeserver.yaml | |
sed -i "s|(matrix_form_secret)|$MATRIX_FORM_SECRET|g" $GITHUB_WORKSPACE/matrix/homeserver.yaml | |
- name: Add secrets to eturnal.yml | |
env: | |
MATRIX_TURN_SHARED_SECRET: ${{ secrets.matrix_turn_shared_secret }} | |
run: | | |
sed -i "s|(matrix_turn_shared_secret)|$MATRIX_TURN_SHARED_SECRET|g" $GITHUB_WORKSPACE/matrix/eturnal.yml | |
- name: Add secrets to mautrix-telegram config files | |
env: | |
MATRIX_TELEGRAM_AS_TOKEN: ${{ secrets.matrix_telegram_as_token }} | |
MATRIX_TELEGRAM_HS_TOKEN: ${{ secrets.matrix_telegram_hs_token }} | |
MATRIX_TELEGRAM_SENDER_LOCALPART: ${{ secrets.matrix_telegram_sender_localpart }} | |
MATRIX_TELEGRAM_POSTGRES_PASSWORD: ${{ secrets.matrix_telegram_postgres_password }} | |
MATRIX_TELEGRAM_API_ID: ${{ secrets.matrix_telegram_api_id }} | |
MATRIX_TELEGRAM_API_HASH: ${{ secrets.matrix_telegram_api_hash }} | |
MATRIX_TELEGRAM_BOT_TOKEN: ${{ secrets.matrix_telegram_bot_token }} | |
run: | | |
sed -i "s|(matrix_telegram_as_token)|$MATRIX_TELEGRAM_AS_TOKEN|g" $GITHUB_WORKSPACE/matrix/mautrix-telegram/app-service-registration.yaml | |
sed -i "s|(matrix_telegram_hs_token)|$MATRIX_TELEGRAM_HS_TOKEN|g" $GITHUB_WORKSPACE/matrix/mautrix-telegram/app-service-registration.yaml | |
sed -i "s|(matrix_telegram_sender_localpart)|$MATRIX_TELEGRAM_SENDER_LOCALPART|g" $GITHUB_WORKSPACE/matrix/mautrix-telegram/app-service-registration.yaml | |
sed -i "s|(matrix_telegram_postgres_password)|$MATRIX_TELEGRAM_POSTGRES_PASSWORD|g" $GITHUB_WORKSPACE/matrix/mautrix-telegram/config.yaml | |
sed -i "s|(matrix_telegram_as_token)|$MATRIX_TELEGRAM_AS_TOKEN|g" $GITHUB_WORKSPACE/matrix/mautrix-telegram/config.yaml | |
sed -i "s|(matrix_telegram_hs_token)|$MATRIX_TELEGRAM_HS_TOKEN|g" $GITHUB_WORKSPACE/matrix/mautrix-telegram/config.yaml | |
sed -i "s|(matrix_telegram_api_id)|$MATRIX_TELEGRAM_API_ID|g" $GITHUB_WORKSPACE/matrix/mautrix-telegram/config.yaml | |
sed -i "s|(matrix_telegram_api_hash)|$MATRIX_TELEGRAM_API_HASH|g" $GITHUB_WORKSPACE/matrix/mautrix-telegram/config.yaml | |
sed -i "s|(matrix_telegram_bot_token)|$MATRIX_TELEGRAM_BOT_TOKEN|g" $GITHUB_WORKSPACE/matrix/mautrix-telegram/config.yaml | |
- name: Add secrets to mautrix-discord config files | |
env: | |
MATRIX_DISCORD_AS_TOKEN: ${{ secrets.matrix_discord_as_token }} | |
MATRIX_DISCORD_HS_TOKEN: ${{ secrets.matrix_discord_hs_token }} | |
MATRIX_DISCORD_SENDER_LOCALPART: ${{ secrets.matrix_discord_sender_localpart }} | |
MATRIX_DISCORD_POSTGRES_PASSWORD: ${{ secrets.matrix_discord_postgres_password }} | |
run: | | |
sed -i "s|(matrix_discord_as_token)|$MATRIX_DISCORD_AS_TOKEN|g" $GITHUB_WORKSPACE/matrix/mautrix-discord/app-service-registration.yaml | |
sed -i "s|(matrix_discord_hs_token)|$MATRIX_DISCORD_HS_TOKEN|g" $GITHUB_WORKSPACE/matrix/mautrix-discord/app-service-registration.yaml | |
sed -i "s|(matrix_discord_sender_localpart)|$MATRIX_DISCORD_SENDER_LOCALPART|g" $GITHUB_WORKSPACE/matrix/mautrix-discord/app-service-registration.yaml | |
sed -i "s|(matrix_discord_postgres_password)|$MATRIX_DISCORD_POSTGRES_PASSWORD|g" $GITHUB_WORKSPACE/matrix/mautrix-discord/config.yaml | |
sed -i "s|(matrix_discord_as_token)|$MATRIX_DISCORD_AS_TOKEN|g" $GITHUB_WORKSPACE/matrix/mautrix-discord/config.yaml | |
sed -i "s|(matrix_discord_hs_token)|$MATRIX_DISCORD_HS_TOKEN|g" $GITHUB_WORKSPACE/matrix/mautrix-discord/config.yaml | |
- name: Add secrets to compose | |
env: | |
POSTGRES_PASSWORD: ${{ secrets.matrix_postgres_password }} | |
MATRIX_TELEGRAM_POSTGRES_PASSWORD: ${{ secrets.matrix_telegram_postgres_password }} | |
MATRIX_DISCORD_POSTGRES_PASSWORD: ${{ secrets.matrix_discord_postgres_password }} | |
MATRIX_SLIDING_SYNC_POSTGRES_PASSWORD: ${{ secrets.MATRIX_SLIDING_SYNC_POSTGRES_PASSWORD }} | |
MATRIX_SLIDING_SYNC_POSTGRES_CONNECTION_STRING: ${{ secrets.MATRIX_SLIDING_SYNC_POSTGRES_CONNECTION_STRING }} | |
MATRIX_SLIDING_SYNC_SECRET: ${{ secrets.MATRIX_SLIDING_SYNC_SECRET }} | |
MATRIX_DISCORD_RESOLVER_ACCOUNT_TOKEN: ${{ secrets.matrix_discord_resolver_account_token }} | |
run: | | |
sed -i "s|(matrix_postgres_password)|$POSTGRES_PASSWORD|g" $GITHUB_WORKSPACE/matrix/docker-compose.yml | |
sed -i "s|(matrix_telegram_postgres_password)|$MATRIX_TELEGRAM_POSTGRES_PASSWORD|g" $GITHUB_WORKSPACE/matrix/docker-compose.yml | |
sed -i "s|(matrix_discord_postgres_password)|$MATRIX_DISCORD_POSTGRES_PASSWORD|g" $GITHUB_WORKSPACE/matrix/docker-compose.yml | |
sed -i "s|(MATRIX_SLIDING_SYNC_POSTGRES_PASSWORD)|$MATRIX_SLIDING_SYNC_POSTGRES_PASSWORD|g" $GITHUB_WORKSPACE/matrix/docker-compose.yml | |
sed -i "s|(MATRIX_SLIDING_SYNC_POSTGRES_CONNECTION_STRING)|$MATRIX_SLIDING_SYNC_POSTGRES_CONNECTION_STRING|g" $GITHUB_WORKSPACE/matrix/docker-compose.yml | |
sed -i "s|(MATRIX_SLIDING_SYNC_SECRET)|$MATRIX_SLIDING_SYNC_SECRET|g" $GITHUB_WORKSPACE/matrix/docker-compose.yml | |
sed -i "s|(matrix_discord_resolver_account_token)|$MATRIX_DISCORD_RESOLVER_ACCOUNT_TOKEN|g" $GITHUB_WORKSPACE/matrix/docker-compose.yml | |
- name: create file for secrets | |
env: | |
MATRIX_SIGNING_KEY: ${{ secrets.matrix_signing_key }} | |
run: | | |
echo "$MATRIX_SIGNING_KEY" > $GITHUB_WORKSPACE/matrix/signing.key | |
- name: Start Deployment | |
uses: FarisZR/[email protected] | |
with: | |
remote_docker_host: ${{ secrets.server_address }} | |
tailscale_ssh: true # no need for manual private and public keys | |
compose_file_path: matrix/docker-compose.yml | |
args: -p matrix up -d --remove-orphans | |
upload_directory: true | |
docker_compose_directory: matrix |