fix: harden private test deployment workflow

2026-03-28 23:10:48 +01:00
parent 2b9b46bd15
commit 06377eb335
4 changed files with 36 additions and 15 deletions
--- a/.github/workflows/deploy-prod.yml
+++ b/.github/workflows/deploy-prod.yml
@@ -12,6 +12,23 @@ jobs:
    runs-on: ubuntu-latest
    environment: production
    steps:
+      - name: Check out code
+        uses: actions/checkout@v5
+
+      - name: Upload release bundle
+        uses: appleboy/scp-action@v1.0.0
+        with:
+          host: ${{ secrets.PROD_DEPLOY_HOST }}
+          username: ${{ secrets.PROD_DEPLOY_USER }}
+          key: ${{ secrets.PROD_DEPLOY_SSH_KEY }}
+          port: ${{ secrets.PROD_DEPLOY_PORT || 22 }}
+          source: "."
+          target: ${{ secrets.PROD_DEPLOY_PATH }}
+          rm: false
+          overwrite: true
+          strip_components: 0
+          exclude: ".git,.github,.venv,__pycache__,node_modules,backend/media,backend/staticfiles"
+
      - name: Deploy over SSH
        uses: appleboy/ssh-action@v1.2.0
        with:
@@ -21,13 +38,6 @@ jobs:
          port: ${{ secrets.PROD_DEPLOY_PORT || 22 }}
          script: |
            set -e
-            REPO_URL="git@github.com:${{ github.repository }}.git"
            DEPLOY_DIR="${{ secrets.PROD_DEPLOY_PATH }}"
-            if [ ! -d "$DEPLOY_DIR/.git" ]; then
-              git clone "$REPO_URL" "$DEPLOY_DIR"
-            fi
            cd "$DEPLOY_DIR"
-            git fetch --all --prune
-            git checkout main || git checkout -b main origin/main
-            git reset --hard origin/main
            RUN_DJANGO_CHECK=1 ./scripts/deploy_stack.sh .env.prod docker-compose.prod.yml