Skip to content
Latchkey

Deploy master workflow (vas3k/infomate.club)

The Deploy master workflow from vas3k/infomate.club, explained and optimized by Latchkey.

C

CI health: C - fair

Point runs-on at Latchkey and get run de-duplication, job timeouts, self-healing for flaky steps, and up to 58% lower cost, applied automatically.

Grade your own workflow free or run it on Latchkey →
Source: vas3k/infomate.club.github/workflows/deploy.ymlLicense Apache-2.0View source

What it does

This is the Deploy master workflow from the vas3k/infomate.club repository, a real project running GitHub Actions. It is shown here with attribution under its Apache-2.0 license.

Below, Latchkey shows a faster, safer version produced by its optimization engine.

The workflow

workflow (.yml)
name: Deploy master

on:
  workflow_dispatch:
  push:
    branches:
      - master

jobs:
  build:
    name: Build image
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@master
      - run: docker login ghcr.io -u $GITHUB_ACTOR -p ${{ secrets.GHCR_TOKEN }}
      - run: docker build -t ghcr.io/$GITHUB_ACTOR/infomate:latest -t ghcr.io/$GITHUB_ACTOR/infomate:$GITHUB_SHA .
      - run: docker image push ghcr.io/$GITHUB_ACTOR/infomate:$GITHUB_SHA
      - run: docker image push ghcr.io/$GITHUB_ACTOR/infomate:latest

  deploy:
    name: Deploy
    runs-on: ubuntu-latest
    needs: build
    env:
      SSH_KEY_PATH: /tmp/ssh_key
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Make envfile
        run: export | grep "secret_" | sed "s/declare -x secret_//" > .env
        env:
          secret_SECRET_KEY: ${{ secrets.SECRET_KEY }}
          secret_APP_HOST: ${{ secrets.APP_HOST }}
          secret_MEDIA_UPLOAD_CODE: ${{ secrets.MEDIA_UPLOAD_CODE }}
          secret_SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
      - run: echo "GITHUB_SHA=$GITHUB_SHA" >> .env
      - run: echo "${{ secrets.PRODUCTION_SSH_KEY }}" > ${{ env.SSH_KEY_PATH }} && chmod 600 ${{ env.SSH_KEY_PATH }}
      - run: scp -o StrictHostKeyChecking=no -i ${{ env.SSH_KEY_PATH }} -r $(pwd)/* ${{ secrets.PRODUCTION_SSH_USERNAME }}@${{ secrets.PRODUCTION_SSH_HOST }}:/home/vas3k/infomate.club
      - run: scp -o StrictHostKeyChecking=no -i ${{ env.SSH_KEY_PATH }} .env ${{ secrets.PRODUCTION_SSH_USERNAME }}@${{ secrets.PRODUCTION_SSH_HOST }}:/home/vas3k/infomate.club/.env
      - run: scp -o StrictHostKeyChecking=no -i ${{ env.SSH_KEY_PATH }} docker-compose.production.yml ${{ secrets.PRODUCTION_SSH_USERNAME }}@${{ secrets.PRODUCTION_SSH_HOST }}:/home/vas3k/infomate.club/docker-compose.production.yml
      - run: ssh -i ${{ env.SSH_KEY_PATH }} ${{ secrets.PRODUCTION_SSH_USERNAME }}@${{ secrets.PRODUCTION_SSH_HOST }} "cd /home/vas3k/infomate.club && docker login ghcr.io -u $GITHUB_ACTOR -p ${{ secrets.GHCR_TOKEN }} && docker pull ghcr.io/$GITHUB_ACTOR/infomate:$GITHUB_SHA && docker-compose -f docker-compose.production.yml --env-file=.env up -d && docker system prune --all --force"

The same workflow, on Latchkey

Removes redundant runs and caps runaway jobs. Added and changed lines are highlighted.

name: Deploy master
 
on:
  workflow_dispatch:
  push:
    branches:
      - master
 
concurrency:
  group: ${{ github.workflow }}-${{ github.ref }}
  cancel-in-progress: true
 
jobs:
  build:
    timeout-minutes: 30
    name: Build image
    runs-on: latchkey-small
    steps:
      - uses: actions/checkout@master
      - run: docker login ghcr.io -u $GITHUB_ACTOR -p ${{ secrets.GHCR_TOKEN }}
      - run: docker build -t ghcr.io/$GITHUB_ACTOR/infomate:latest -t ghcr.io/$GITHUB_ACTOR/infomate:$GITHUB_SHA .
      - run: docker image push ghcr.io/$GITHUB_ACTOR/infomate:$GITHUB_SHA
      - run: docker image push ghcr.io/$GITHUB_ACTOR/infomate:latest
 
  deploy:
    timeout-minutes: 30
    name: Deploy
    runs-on: latchkey-small
    needs: build
    env:
      SSH_KEY_PATH: /tmp/ssh_key
    steps:
      - name: Checkout
        uses: actions/checkout@v2
      - name: Make envfile
        run: export | grep "secret_" | sed "s/declare -x secret_//" > .env
        env:
          secret_SECRET_KEY: ${{ secrets.SECRET_KEY }}
          secret_APP_HOST: ${{ secrets.APP_HOST }}
          secret_MEDIA_UPLOAD_CODE: ${{ secrets.MEDIA_UPLOAD_CODE }}
          secret_SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
      - run: echo "GITHUB_SHA=$GITHUB_SHA" >> .env
      - run: echo "${{ secrets.PRODUCTION_SSH_KEY }}" > ${{ env.SSH_KEY_PATH }} && chmod 600 ${{ env.SSH_KEY_PATH }}
      - run: scp -o StrictHostKeyChecking=no -i ${{ env.SSH_KEY_PATH }} -r $(pwd)/* ${{ secrets.PRODUCTION_SSH_USERNAME }}@${{ secrets.PRODUCTION_SSH_HOST }}:/home/vas3k/infomate.club
      - run: scp -o StrictHostKeyChecking=no -i ${{ env.SSH_KEY_PATH }} .env ${{ secrets.PRODUCTION_SSH_USERNAME }}@${{ secrets.PRODUCTION_SSH_HOST }}:/home/vas3k/infomate.club/.env
      - run: scp -o StrictHostKeyChecking=no -i ${{ env.SSH_KEY_PATH }} docker-compose.production.yml ${{ secrets.PRODUCTION_SSH_USERNAME }}@${{ secrets.PRODUCTION_SSH_HOST }}:/home/vas3k/infomate.club/docker-compose.production.yml
      - run: ssh -i ${{ env.SSH_KEY_PATH }} ${{ secrets.PRODUCTION_SSH_USERNAME }}@${{ secrets.PRODUCTION_SSH_HOST }} "cd /home/vas3k/infomate.club && docker login ghcr.io -u $GITHUB_ACTOR -p ${{ secrets.GHCR_TOKEN }} && docker pull ghcr.io/$GITHUB_ACTOR/infomate:$GITHUB_SHA && docker-compose -f docker-compose.production.yml --env-file=.env up -d && docker system prune --all --force"
 

What changed

What Latchkey heals here

This workflow has steps that commonly fail on transient issues (network, registries, flaky browsers). On Latchkey managed runners they are detected, retried, and self-healed instead of failing your build:

This workflow runs 2 jobs per trigger. On Latchkey the same minutes cost up to 58% less than GitHub-hosted, with zero queue time.

Actions used in this workflow