name: Deploy to my-vpn on: push: branches: - main jobs: deploy: runs-on: ubuntu-latest steps: # BLOCK 1: checkout + tests - name: Checkout uses: actions/checkout@v4 - name: Unit tests run: | go test ./... # BLOCK 2: deploy via SSH - name: Deploy env: VPN_HOST: ${{ secrets.VPN_HOST }} VPN_USER: ${{ secrets.VPN_USER }} VPN_SSH_KEY: ${{ secrets.TEST_KEY }} run: | set -euo pipefail mkdir -p ~/.ssh chmod 700 ~/.ssh printf '%s' "$VPN_SSH_KEY" > ~/.ssh/id_ci_runner chmod 600 ~/.ssh/id_ci_runner VPN_USER="$(printf '%s' "$VPN_USER" | tr -d '\r\n')" VPN_HOST="$(printf '%s' "$VPN_HOST" | tr -d '\r\n')" ssh -o BatchMode=yes -o ConnectTimeout=10 -o IdentitiesOnly=yes -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -i ~/.ssh/id_ci_runner "${VPN_USER}@${VPN_HOST}" \ "cd /srv/proxyfier && bash deploy/my-vpn/deploy.sh" # BLOCK 3: smoke check - name: Smoke check env: VPN_HOST: ${{ secrets.VPN_HOST }} VPN_USER: ${{ secrets.VPN_USER }} PROXY_USER: ${{ secrets.PROXY_USER }} PROXY_PASS: ${{ secrets.PROXY_PASS }} run: | set -euo pipefail VPN_HOST="$(printf '%s' "$VPN_HOST" | tr -d '\r\n')" PROXY_USER="$(printf '%s' "$PROXY_USER" | tr -d '\r\n')" PROXY_PASS="$(printf '%s' "$PROXY_PASS" | tr -d '\r\n')" for i in $(seq 1 10); do if curl -fsS -u "${PROXY_USER}:${PROXY_PASS}" "http://${VPN_HOST}:9000/creds?service=telegram" -o /tmp/resp.json; then break fi sleep 2 done python3 - <<'PY' import json, sys with open("/tmp/resp.json","r",encoding="utf-8") as f: data=json.load(f) required=["service","username","password","note","issued_at"] for key in required: if key not in data: print("missing", key) sys.exit(1) print("smoke ok") PY