Update postgres:14.13-alpine Docker digest to 32c5452 #108
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: deploy-matrix | |
| on: | |
| push: | |
| paths: | |
| - '.github/workflows/matrix.yml' | |
| - 'matrix/**' | |
| branches: [main] | |
| workflow_dispatch: | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: Matrix | |
| url: https://matrix.aosus.org | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Tailscale | |
| uses: tailscale/github-action@7a0b30ed3517c2244d1330e39467b95f067a33bd | |
| with: | |
| oauth-client-id: ${{ secrets.TAILSCALE_CLIENT_ID }} | |
| oauth-secret: ${{ secrets.TAILSCALE_SECRET }} | |
| tags: tag:deploy-ci | |
| hostname: Github-actions | |
| version: ${{ vars.TAILSCALE_VERSION }} | |
| - name: Add secrets to homeserver.yml | |
| env: | |
| MATRIX_TURN_SHARED_SECRET: ${{ secrets.matrix_turn_shared_secret }} | |
| MATRIX_REGISTRATION_SHARED_SECRET: ${{ secrets.matrix_registration_shared_secret }} | |
| MATRIX_FORM_SECRET: ${{ secrets.matrix_form_secret }} | |
| MATRIX_POSTGRES_PASSWORD: ${{ secrets.matrix_postgres_password }} | |
| MATRIX_SMTP_PASS: ${{ secrets.matrix_smtp_pass }} | |
| run: | | |
| sed -i "s|(matrix_turn_shared_secret)|$MATRIX_TURN_SHARED_SECRET|g" $GITHUB_WORKSPACE/matrix/homeserver.yaml | |
| sed -i "s|(matrix_registration_shared_secret)|$MATRIX_REGISTRATION_SHARED_SECRET|g" $GITHUB_WORKSPACE/matrix/homeserver.yaml | |
| sed -i "s|(matrix_oidc_issuer)|$MATRIX_OIDC_ISSUER|g" $GITHUB_WORKSPACE/matrix/homeserver.yaml | |
| sed -i "s|(matrix_oidc_client_id)|$MATRIX_OIDC_CLIENT_ID|g" $GITHUB_WORKSPACE/matrix/homeserver.yaml | |
| sed -i "s|(matrix_oidc_client_secret)|$MATRIX_OIDC_CLIENT_SECRET|g" $GITHUB_WORKSPACE/matrix/homeserver.yaml | |
| sed -i "s|(matrix_postgres_password)|$MATRIX_POSTGRES_PASSWORD|g" $GITHUB_WORKSPACE/matrix/homeserver.yaml | |
| sed -i "s|(matrix_smtp_pass)|$MATRIX_SMTP_PASS|g" $GITHUB_WORKSPACE/matrix/homeserver.yaml | |
| sed -i "s|(matrix_form_secret)|$MATRIX_FORM_SECRET|g" $GITHUB_WORKSPACE/matrix/homeserver.yaml | |
| - name: Add secrets to eturnal.yml | |
| env: | |
| MATRIX_TURN_SHARED_SECRET: ${{ secrets.matrix_turn_shared_secret }} | |
| run: | | |
| sed -i "s|(matrix_turn_shared_secret)|$MATRIX_TURN_SHARED_SECRET|g" $GITHUB_WORKSPACE/matrix/eturnal.yml | |
| - name: Add secrets to mautrix-telegram config files | |
| env: | |
| MATRIX_TELEGRAM_AS_TOKEN: ${{ secrets.matrix_telegram_as_token }} | |
| MATRIX_TELEGRAM_HS_TOKEN: ${{ secrets.matrix_telegram_hs_token }} | |
| MATRIX_TELEGRAM_SENDER_LOCALPART: ${{ secrets.matrix_telegram_sender_localpart }} | |
| MATRIX_TELEGRAM_POSTGRES_PASSWORD: ${{ secrets.matrix_telegram_postgres_password }} | |
| MATRIX_TELEGRAM_API_ID: ${{ secrets.matrix_telegram_api_id }} | |
| MATRIX_TELEGRAM_API_HASH: ${{ secrets.matrix_telegram_api_hash }} | |
| MATRIX_TELEGRAM_BOT_TOKEN: ${{ secrets.matrix_telegram_bot_token }} | |
| run: | | |
| sed -i "s|(matrix_telegram_as_token)|$MATRIX_TELEGRAM_AS_TOKEN|g" $GITHUB_WORKSPACE/matrix/mautrix-telegram/app-service-registration.yaml | |
| sed -i "s|(matrix_telegram_hs_token)|$MATRIX_TELEGRAM_HS_TOKEN|g" $GITHUB_WORKSPACE/matrix/mautrix-telegram/app-service-registration.yaml | |
| sed -i "s|(matrix_telegram_sender_localpart)|$MATRIX_TELEGRAM_SENDER_LOCALPART|g" $GITHUB_WORKSPACE/matrix/mautrix-telegram/app-service-registration.yaml | |
| sed -i "s|(matrix_telegram_postgres_password)|$MATRIX_TELEGRAM_POSTGRES_PASSWORD|g" $GITHUB_WORKSPACE/matrix/mautrix-telegram/config.yaml | |
| sed -i "s|(matrix_telegram_as_token)|$MATRIX_TELEGRAM_AS_TOKEN|g" $GITHUB_WORKSPACE/matrix/mautrix-telegram/config.yaml | |
| sed -i "s|(matrix_telegram_hs_token)|$MATRIX_TELEGRAM_HS_TOKEN|g" $GITHUB_WORKSPACE/matrix/mautrix-telegram/config.yaml | |
| sed -i "s|(matrix_telegram_api_id)|$MATRIX_TELEGRAM_API_ID|g" $GITHUB_WORKSPACE/matrix/mautrix-telegram/config.yaml | |
| sed -i "s|(matrix_telegram_api_hash)|$MATRIX_TELEGRAM_API_HASH|g" $GITHUB_WORKSPACE/matrix/mautrix-telegram/config.yaml | |
| sed -i "s|(matrix_telegram_bot_token)|$MATRIX_TELEGRAM_BOT_TOKEN|g" $GITHUB_WORKSPACE/matrix/mautrix-telegram/config.yaml | |
| - name: Add secrets to mautrix-discord config files | |
| env: | |
| MATRIX_DISCORD_AS_TOKEN: ${{ secrets.matrix_discord_as_token }} | |
| MATRIX_DISCORD_HS_TOKEN: ${{ secrets.matrix_discord_hs_token }} | |
| MATRIX_DISCORD_SENDER_LOCALPART: ${{ secrets.matrix_discord_sender_localpart }} | |
| MATRIX_DISCORD_POSTGRES_PASSWORD: ${{ secrets.matrix_discord_postgres_password }} | |
| run: | | |
| sed -i "s|(matrix_discord_as_token)|$MATRIX_DISCORD_AS_TOKEN|g" $GITHUB_WORKSPACE/matrix/mautrix-discord/app-service-registration.yaml | |
| sed -i "s|(matrix_discord_hs_token)|$MATRIX_DISCORD_HS_TOKEN|g" $GITHUB_WORKSPACE/matrix/mautrix-discord/app-service-registration.yaml | |
| sed -i "s|(matrix_discord_sender_localpart)|$MATRIX_DISCORD_SENDER_LOCALPART|g" $GITHUB_WORKSPACE/matrix/mautrix-discord/app-service-registration.yaml | |
| sed -i "s|(matrix_discord_postgres_password)|$MATRIX_DISCORD_POSTGRES_PASSWORD|g" $GITHUB_WORKSPACE/matrix/mautrix-discord/config.yaml | |
| sed -i "s|(matrix_discord_as_token)|$MATRIX_DISCORD_AS_TOKEN|g" $GITHUB_WORKSPACE/matrix/mautrix-discord/config.yaml | |
| sed -i "s|(matrix_discord_hs_token)|$MATRIX_DISCORD_HS_TOKEN|g" $GITHUB_WORKSPACE/matrix/mautrix-discord/config.yaml | |
| - name: Add secrets to compose | |
| env: | |
| POSTGRES_PASSWORD: ${{ secrets.matrix_postgres_password }} | |
| MATRIX_TELEGRAM_POSTGRES_PASSWORD: ${{ secrets.matrix_telegram_postgres_password }} | |
| MATRIX_DISCORD_POSTGRES_PASSWORD: ${{ secrets.matrix_discord_postgres_password }} | |
| MATRIX_SLIDING_SYNC_POSTGRES_PASSWORD: ${{ secrets.MATRIX_SLIDING_SYNC_POSTGRES_PASSWORD }} | |
| MATRIX_SLIDING_SYNC_POSTGRES_CONNECTION_STRING: ${{ secrets.MATRIX_SLIDING_SYNC_POSTGRES_CONNECTION_STRING }} | |
| MATRIX_SLIDING_SYNC_SECRET: ${{ secrets.MATRIX_SLIDING_SYNC_SECRET }} | |
| MATRIX_DISCORD_RESOLVER_ACCOUNT_TOKEN: ${{ secrets.matrix_discord_resolver_account_token }} | |
| run: | | |
| sed -i "s|(matrix_postgres_password)|$POSTGRES_PASSWORD|g" $GITHUB_WORKSPACE/matrix/docker-compose.yml | |
| sed -i "s|(matrix_telegram_postgres_password)|$MATRIX_TELEGRAM_POSTGRES_PASSWORD|g" $GITHUB_WORKSPACE/matrix/docker-compose.yml | |
| sed -i "s|(matrix_discord_postgres_password)|$MATRIX_DISCORD_POSTGRES_PASSWORD|g" $GITHUB_WORKSPACE/matrix/docker-compose.yml | |
| sed -i "s|(MATRIX_SLIDING_SYNC_POSTGRES_PASSWORD)|$MATRIX_SLIDING_SYNC_POSTGRES_PASSWORD|g" $GITHUB_WORKSPACE/matrix/docker-compose.yml | |
| sed -i "s|(MATRIX_SLIDING_SYNC_POSTGRES_CONNECTION_STRING)|$MATRIX_SLIDING_SYNC_POSTGRES_CONNECTION_STRING|g" $GITHUB_WORKSPACE/matrix/docker-compose.yml | |
| sed -i "s|(MATRIX_SLIDING_SYNC_SECRET)|$MATRIX_SLIDING_SYNC_SECRET|g" $GITHUB_WORKSPACE/matrix/docker-compose.yml | |
| sed -i "s|(matrix_discord_resolver_account_token)|$MATRIX_DISCORD_RESOLVER_ACCOUNT_TOKEN|g" $GITHUB_WORKSPACE/matrix/docker-compose.yml | |
| - name: create file for secrets | |
| env: | |
| MATRIX_SIGNING_KEY: ${{ secrets.matrix_signing_key }} | |
| run: | | |
| echo "$MATRIX_SIGNING_KEY" > $GITHUB_WORKSPACE/matrix/signing.key | |
| - name: Start Deployment | |
| uses: FarisZR/docker-compose-gitops-action@v1.0.1 | |
| with: | |
| remote_docker_host: ${{ secrets.server_address }} | |
| tailscale_ssh: true # no need for manual private and public keys | |
| compose_file_path: matrix/docker-compose.yml | |
| args: -p matrix up -d --remove-orphans | |
| upload_directory: true | |
| docker_compose_directory: matrix |