dev-tools/.github/workflows/deploy.yml at develop · GhDj/dev-tools · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
name: Deploy to Production

on:
  release:
    types: [published]
  workflow_dispatch:
    inputs:
      force_full:
        description: 'Force full deploy (rebuild and upload vendor + assets)'
        type: boolean
        default: false

jobs:
  deploy:
    runs-on: ubuntu-latest
    name: Deploy via SFTP

    env:
      # Required at build time only: composer install runs package:discover,
      # which boots the visitor-tracker package and trips its dashboard guard
      # if no auth method is configured. The runner has no .env, so set this
      # here to match prod posture (server's .env handles the actual setting).
      VISITOR_TRACKER_ALLOW_UNPROTECTED: true

    steps:
      - name: Checkout code
        uses: actions/checkout@v4
        with:
          fetch-depth: 0

      - name: Determine what changed since last release
        id: changes
        run: |
          set -euo pipefail

          if [[ "${{ github.event.inputs.force_full }}" == "true" ]]; then
            echo "Force full deploy requested via workflow_dispatch."
            echo "composer_changed=true" >> "$GITHUB_OUTPUT"
            echo "assets_changed=true" >> "$GITHUB_OUTPUT"
            exit 0
          fi

          # Baseline = previous release tag (skip current HEAD if it IS a tag).
          # Falls back to HEAD^ if there's no prior tag in history.
          BASE=$(git describe --tags --abbrev=0 HEAD^ 2>/dev/null || git rev-parse HEAD^)
          echo "Diff baseline: $BASE"

          CHANGED=$(git diff --name-only "$BASE" HEAD)
          echo "Changed files since $BASE:"
          echo "$CHANGED"

          # Vendor needs rebuild + upload only when composer dependencies change.
          if echo "$CHANGED" | grep -qE '^composer\.(json|lock)$'; then
            echo "composer_changed=true" >> "$GITHUB_OUTPUT"
          else
            echo "composer_changed=false" >> "$GITHUB_OUTPUT"
          fi

          # Compiled assets need rebuild + upload when their source or build
          # config changes. public/build/ filenames are content-hashed by Vite,
          # so leaving stale ones on the server is harmless.
          if echo "$CHANGED" | grep -qE '^(package(-lock)?\.json|vite\.config\.js|resources/(css|js)/)'; then
            echo "assets_changed=true" >> "$GITHUB_OUTPUT"
          else
            echo "assets_changed=false" >> "$GITHUB_OUTPUT"
          fi

      - name: Setup PHP
        if: steps.changes.outputs.composer_changed == 'true'
        uses: shivammathur/setup-php@v2
        with:
          php-version: 8.3
          extensions: mbstring, xml, ctype, json

      - name: Install production dependencies
        if: steps.changes.outputs.composer_changed == 'true'
        run: composer install --no-dev --optimize-autoloader --no-interaction

      - name: Setup Node.js
        if: steps.changes.outputs.assets_changed == 'true'
        uses: actions/setup-node@v4
        with:
          node-version: '20'
          cache: 'npm'

      - name: Install npm dependencies
        if: steps.changes.outputs.assets_changed == 'true'
        run: npm ci

      - name: Build assets
        if: steps.changes.outputs.assets_changed == 'true'
        run: npm run build

      - name: Prepare production files
        run: |
          # Remove dev/test files
          rm -rf tests
          rm -rf node_modules
          rm -f phpunit.xml
          rm -f .editorconfig
          rm -f vite.config.js
          rm -f package.json
          rm -f package-lock.json
          rm -f .phpunit.result.cache

          # Remove git files
          rm -rf .git
          rm -rf .github
          rm -f .gitignore
          rm -f .gitattributes

          # Remove documentation
          rm -f README.md
          rm -f CHANGELOG.md

          # Remove composer files (vendor already installed)
          rm -f composer.json
          rm -f composer.lock

          # Remove source assets (compiled assets are in public/build)
          rm -rf resources/css
          rm -rf resources/js

          # Remove other unnecessary files
          rm -f .env.example
          rm -f deploy.sh

          # Never ship a local sqlite — would overwrite production data
          rm -f database/*.sqlite database/*.sqlite-journal

          # Force the server to re-cache config/routes after deploy
          rm -f bootstrap/cache/config.php
          rm -f bootstrap/cache/routes-v7.php
          rm -f bootstrap/cache/services.php
          rm -f bootstrap/cache/packages.php

      - name: Deploy via SFTP
        uses: wlixcc/SFTP-Deploy-Action@v1.2.4
        with:
          server: ${{ secrets.SFTP_HOST }}
          username: ${{ secrets.SFTP_USERNAME }}
          password: ${{ secrets.SFTP_PASSWORD }}
          local_path: "./*"
          remote_path: ${{ secrets.SFTP_PATH }}
          sftp_only: true
          delete_remote_files: false