Migrate subdomain deployments to their own GitHub environment (#590)

## Description: Migrate subdomain deployments to their own GitHub environment, so that subdomain deployments do not overwrite other subdomains. | Before | After | | --- | --- | | ![image](https://github.com/user-attachments/assets/53be73ab-a01b-4c01-be4f-6f99d358361d) | ![image](https://github.com/user-attachments/assets/a30d3673-859a-4dec-bea9-d77dd5fdc9ff) | ## Please complete the following: - [x] I have added screenshots for all UI updates - [x] I confirm I have thoroughly tested these changes and take full responsibility for any bugs introduced - [x] I understand that submitting code with bugs that could have been caught through manual testing blocks releases and new features for all contributors ## Please put your Discord username so you can be contacted if a bug or regression is found: fake.neo --------- Co-authored-by: Scott Anderson <662325+scottanderson@users.noreply.github.com>
2026-06-21 14:50:44 +00:00 · 2025-04-27 20:17:35 -04:00
parent 42b6a649ce
commit ff4e1a4e4f
2 changed files with 70 additions and 39 deletions
@@ -1,16 +1,18 @@
 name: 🚀 Deploy

 on:
+  # Allow contributors to schedule manual deployments.
+  # Permission to deploy can be restricted by requiring approval in environment configuration.
  workflow_dispatch:
    inputs:
-      target_environment:
-        description: "Deployment Environment"
+      target_domain:
+        description: "Deployment Domain"
        required: true
-        default: "staging"
+        default: "openfront.dev"
        type: choice
        options:
-          - prod
-          - staging
+          - openfront.io
+          - openfront.dev
      target_host:
        description: "Deployment Host"
        required: true
@@ -25,53 +27,86 @@ on:
        required: false
        default: ""
        type: string
+
+  #  Automatic deployment when pushing to main
  push:
    branches:
      - main

 jobs:
  deploy:
+    # Don't deploy on push if this is a fork
+    if: ${{ github.event_name == 'workflow_dispatch' || github.repository == 'openfrontio/OpenFrontIO' }}
    # Use different logic based on event type
-    name: Deploy to ${{ github.event_name == 'workflow_dispatch' && inputs.target_environment || 'staging' }}
+    name: Deploy to ${{ inputs.target_subdomain && format('{0}.{1}', inputs.target_subdomain, inputs.target_domain) || inputs.target_domain }}
    runs-on: ubuntu-latest
-    environment: ${{ github.event_name == 'workflow_dispatch' && inputs.target_environment || 'staging' }}
+    environment: ${{ inputs.target_subdomain && format('{0}.{1}', inputs.target_subdomain, inputs.target_domain) || inputs.target_domain }}

    steps:
      - uses: actions/checkout@v4
+      - name: Update deployment status
+        env:
+          FQDN: ${{ inputs.target_subdomain && format('{0}.{1}', inputs.target_subdomain, inputs.target_domain) || inputs.target_domain }}
+        run: |
+          cat <<EOF >> $GITHUB_STEP_SUMMARY
+          ### In progress :ship:
+
+          Deploying from $GITHUB_REF to $FQDN
+          EOF
      - name: Log in to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ vars.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
-      - run: |
+      - name: Create SSH private key
+        env:
+          SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
+        run: |
          mkdir -p ~/.ssh
-          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
+          echo "${SSH_PRIVATE_KEY}" > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa
-          ssh-keyscan -H ${{ secrets.SERVER_HOST_STAGING }} >> ~/.ssh/known_hosts
+      - name: Deploy
+        env:
+          ADMIN_TOKEN: ${{ secrets.ADMIN_TOKEN }}
+          CF_ACCOUNT_ID: ${{ secrets.CF_ACCOUNT_ID }}
+          CF_API_TOKEN: ${{ secrets.CF_API_TOKEN }}
+          DOCKER_REPO: ${{ vars.DOCKERHUB_REPO }}
+          DOCKER_USERNAME: ${{ vars.DOCKERHUB_USERNAME }}
+          DOMAIN: ${{ inputs.target_domain }}
+          ENV: ${{ github.event_name == 'workflow_dispatch' && inputs.target_environment || 'staging' }}
+          HOST: ${{ github.event_name == 'workflow_dispatch' && inputs.target_host || 'staging' }}
+          MON_PASSWORD: ${{ secrets.MON_PASSWORD }}
+          MON_USERNAME: ${{ secrets.MON_USERNAME }}
+          R2_ACCESS_KEY: ${{ secrets.R2_ACCESS_KEY }}
+          R2_BUCKET: ${{ secrets.R2_BUCKET }}
+          R2_SECRET_KEY: ${{ secrets.R2_SECRET_KEY }}
+          SERVER_HOST_EU: ${{ secrets.SERVER_HOST_EU }}
+          SERVER_HOST_STAGING: ${{ secrets.SERVER_HOST_STAGING }}
+          SERVER_HOST_US: ${{ secrets.SERVER_HOST_US }}
+          SSH_KEY: ~/.ssh/id_rsa
+          SUBDOMAIN: ${{ github.event_name == 'workflow_dispatch' && inputs.target_subdomain || 'main' }}
+          VERSION_TAG: latest
+        run: |
+          echo "::group::deploy.sh"
+          ./deploy.sh "$ENV" "$HOST" "$SUBDOMAIN"
+          echo "::endgroup::"
+      - name: Update deployment status ✅
+        if: success()
+        env:
+          FQDN: ${{ inputs.target_subdomain && format('{0}.{1}', inputs.target_subdomain, inputs.target_domain) || inputs.target_domain }}
+        run: |
+          cat <<EOF >> $GITHUB_STEP_SUMMARY
+          ### Success! :rocket:

-          # Determine environment based on trigger type
-          TARGET_ENV="${{ github.event_name == 'workflow_dispatch' && inputs.target_environment || 'staging' }}"
-          TARGET_HOST="${{ github.event_name == 'workflow_dispatch' && inputs.target_host || 'staging' }}"
-          TARGET_SUBDOMAIN="${{ github.event_name == 'workflow_dispatch' && inputs.target_subdomain || 'main' }}"
-
-          cat >.env.$TARGET_ENV <<EOF
-          ADMIN_TOKEN=${{ secrets.ADMIN_TOKEN }}
-          CF_ACCOUNT_ID=${{ secrets.CF_ACCOUNT_ID }}
-          CF_API_TOKEN=${{ secrets.CF_API_TOKEN }}
-          DOCKER_REPO=${{ vars.DOCKERHUB_REPO }}
-          DOCKER_USERNAME=${{ vars.DOCKERHUB_USERNAME }}
-          DOMAIN=${{ vars.DOMAIN }}
-          MON_PASSWORD=${{ secrets.MON_PASSWORD }}
-          MON_USERNAME=${{ secrets.MON_USERNAME }}
-          R2_ACCESS_KEY=${{ secrets.R2_ACCESS_KEY }}
-          R2_BUCKET=${{ secrets.R2_BUCKET }}
-          R2_SECRET_KEY=${{ secrets.R2_SECRET_KEY }}
-          SERVER_HOST_STAGING=${{ secrets.SERVER_HOST_STAGING }}
-          SERVER_HOST_US=${{ secrets.SERVER_HOST_US }}
-          SERVER_HOST_EU=${{ secrets.SERVER_HOST_EU }}
-          SSH_KEY=~/.ssh/id_rsa
-          VERSION_TAG="latest"
+          Deployed from $GITHUB_REF to $FQDN
          EOF
+      - name: Update deployment status ❌
+        if: failure()
+        env:
+          FQDN: ${{ inputs.target_subdomain && format('{0}.{1}', inputs.target_subdomain, inputs.target_domain) || inputs.target_domain }}
+        run: |
+          cat <<EOF >> $GITHUB_STEP_SUMMARY
+          ### Failure! :fire:

-          ./deploy.sh $TARGET_ENV $TARGET_HOST $TARGET_SUBDOMAIN
-          echo "Deployed to $TARGET_ENV environment on $TARGET_HOST host with subdomain $TARGET_SUBDOMAIN"
+          Unable to deploy from $GITHUB_REF to $FQDN
+          EOF