yvg/pounce
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: Deploy without sudo mv (write env directly)

Browse Source
This commit is contained in:
Yves Gugger
2025-12-21 15:38:30 +01:00
parent 85c5c6e39d
commit f17206b2f4
1 changed files with 2 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
.gitea/workflows/deploy.yml
View File

@ -118,16 +118,13 @@ jobs:
rsync -az \ rsync -az \
-e "ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=yes" \ -e "ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=yes" \
./backend.env \ ./backend.env \
"${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}:/tmp/pounce-backend.env" "${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}:/data/pounce/env/backend.env"
- name: Deploy on server (pounce-deploy) - name: Deploy on server (pounce-deploy)
run: | run: |
ssh -i ~/.ssh/deploy_key "${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}" << 'DEPLOY_EOF' ssh -i ~/.ssh/deploy_key "${{ secrets.DEPLOY_USER }}@${{ secrets.DEPLOY_HOST }}" << 'DEPLOY_EOF'
set -euo pipefail set -euo pipefail
mkdir -p /data/pounce/env chmod 600 /data/pounce/env/backend.env
# Move env file into place (requires no password due to sudoers rule)
sudo mv /tmp/pounce-backend.env /data/pounce/env/backend.env
sudo chmod 600 /data/pounce/env/backend.env
sudo /usr/local/bin/pounce-deploy sudo /usr/local/bin/pounce-deploy
DEPLOY_EOF DEPLOY_EOF