name: Build & Deploy .NET to 192.168.1.100 on: push: branches: [ "main" ] # ggf. anpassen (z. B. "master" oder Release-Branch) workflow_dispatch: # manueller Start env: DOTNET_VERSION: '10.0.x' # oder 7.0.x – je nach Projekt PROJECT_PATH: 'BlazorApp3/BlazorApp3.csproj' RUNTIME: 'linux-x64' PUBLISH_DIR: 'artifacts/publish' jobs: build-and-deploy: runs-on: ubuntu-latest steps: - name: Host override setzen run: | echo "192.168.1.200 gitea.pldpro.at" >> /etc/hosts - name: Checkout uses: actions/checkout@v4 - name: Setup .NET uses: actions/setup-dotnet@v4 with: dotnet-version: ${{ env.DOTNET_VERSION }} - name: Restore run: dotnet restore "${{ env.PROJECT_PATH }}" - name: Build run: dotnet build "${{ env.PROJECT_PATH }}" -c Release --no-restore # --- Publish: self-contained (empfohlen) --- - name: Publish (self-contained) run: | dotnet publish "${{ env.PROJECT_PATH }}" \ -c Release \ -r "${{ env.RUNTIME }}" \ --self-contained true \ -o "${{ env.PUBLISH_DIR }}" - name: Prepare SSH key & known_hosts env: SSH_HOST: ${{ secrets.SSH_HOST }} SSH_PORT: ${{ secrets.SSH_PORT }} SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} run: | install -m 700 -d ~/.ssh echo "${SSH_PRIVATE_KEY}" > ~/.ssh/id_deploy chmod 600 ~/.ssh/id_deploy # Host-Key hinzufügen (sicherer als StrictHostKeyChecking=no) PORT="${SSH_PORT:-22}" ssh-keyscan -p "${PORT}" -H "${SSH_HOST}" >> ~/.ssh/known_hosts - name: Remove previous installed version env: SSH_USER: ${{ secrets.SSH_USER }} SSH_HOST: ${{ secrets.SSH_HOST }} SSH_PORT: ${{ secrets.SSH_PORT }} REMOTE_DIR: ${{ secrets.REMOTE_DIR }} run: | ssh -i ~/.ssh/id_deploy -p "${SSH_PORT:-22}" "${SSH_USER}@${SSH_HOST}" "rm -rf '${REMOTE_DIR}'" - name: Create remote directory env: SSH_USER: ${{ secrets.SSH_USER }} SSH_HOST: ${{ secrets.SSH_HOST }} SSH_PORT: ${{ secrets.SSH_PORT }} REMOTE_DIR: ${{ secrets.REMOTE_DIR }} run: | ssh -i ~/.ssh/id_deploy -p "${SSH_PORT:-22}" "${SSH_USER}@${SSH_HOST}" "mkdir -p '${REMOTE_DIR}' - name: Deploy via SCP env: SSH_USER: ${{ secrets.SSH_USER }} SSH_HOST: ${{ secrets.SSH_HOST }} SSH_PORT: ${{ secrets.SSH_PORT }} REMOTE_DIR: ${{ secrets.REMOTE_DIR }} run: | scp -i ~/.ssh/id_deploy -P "${SSH_PORT:-22}" -r "${{ env.PUBLISH_DIR }}/"* "${SSH_USER}@${SSH_HOST}:${REMOTE_DIR}/" - name: Debug remote env & sudo rights env: SSH_USER: ${{ secrets.SSH_USER }} SSH_HOST: ${{ secrets.SSH_HOST }} SSH_PORT: ${{ secrets.SSH_PORT }} run: | set -euxo pipefail ssh -tt -i ~/.ssh/id_deploy -p "${SSH_PORT:-22}" "${SSH_USER}@${SSH_HOST}" " set -euxo pipefail echo '== whoami/host ==' whoami; hostname echo '== paths ==' command -v sudo || true command -v systemctl || true echo '== sudo -l (effektive Rechte) ==' /usr/bin/sudo -n -l || true echo '== try daemon-reload (should be NOPASSWD) ==' /usr/bin/sudo -n /usr/bin/systemctl daemon-reload && echo OK || echo FAIL " # -------- Option A: Neustart per systemd (empfohlen) -------- # Benötigt: secrets.SERVICE_NAME (z. B. "myapp.service") - name: Restart service (systemd) if: ${{ secrets.SERVICE_NAME != '' }} env: SSH_USER: ${{ secrets.SSH_USER }} SSH_HOST: ${{ secrets.SSH_HOST }} SSH_PORT: ${{ secrets.SSH_PORT }} SERVICE_NAME: ${{ secrets.SERVICE_NAME }} # z. B. 'myapp.service' run: | set -euo pipefail ssh -tt -i ~/.ssh/id_deploy -p "${SSH_PORT:-22}" "${SSH_USER}@${SSH_HOST}" " set -euo pipefail /usr/bin/sudo -n /usr/bin/systemctl daemon-reload && \ /usr/bin/sudo -n /usr/bin/systemctl restart '${SERVICE_NAME}' && \ /usr/bin/sudo -n /usr/bin/systemctl status --no-pager '${SERVICE_NAME}' " EOF