name: deploy-authentik on: push: branches: [ main ] jobs: #───────────────── deploy ───────────────── deploy: runs-on: docker env: PG_PASS: ${{ secrets.PG_PASS }} PG_USER: ${{ vars.PG_USER }} PG_DB: ${{ vars.PG_DB }} AUTHENTIK_SECRET_KEY: ${{ secrets.AUTHENTIK_SECRET_KEY }} AUTHENTIK_ERROR_REPORTING__ENABLED: ${{ vars.AUTHENTIK_ERROR_REPORTING__ENABLED }} AUTHENTIK_IMAGE: ${{ vars.AUTHENTIK_IMAGE }} AUTHENTIK_TAG: ${{ vars.AUTHENTIK_TAG }} COMPOSE_PORT_HTTP: ${{ vars.COMPOSE_PORT_HTTP }} COMPOSE_PORT_HTTPS: ${{ vars.COMPOSE_PORT_HTTPS }} steps: - uses: actions/checkout@v3 - name: Create .env file from secrets run: | cat > .env << EOF PG_PASS=${{ secrets.PG_PASS }} PG_USER=${{ vars.PG_USER }} PG_DB=${{ vars.PG_DB }} AUTHENTIK_SECRET_KEY=${{ secrets.AUTHENTIK_SECRET_KEY }} AUTHENTIK_ERROR_REPORTING__ENABLED=${{ vars.AUTHENTIK_ERROR_REPORTING__ENABLED }} AUTHENTIK_IMAGE=${{ vars.AUTHENTIK_IMAGE }} AUTHENTIK_TAG=${{ vars.AUTHENTIK_TAG }} COMPOSE_PORT_HTTP=${{ vars.COMPOSE_PORT_HTTP }} COMPOSE_PORT_HTTPS=${{ vars.COMPOSE_PORT_HTTPS }} EOF - name: Ensure deployment directory exists run: | mkdir -p /srv/authentikNucleo - name: Copy deployment files to server location run: | # Copy docker-compose and related files cp -f docker-compose.yml /srv/authentikNucleo/ cp -f .env /srv/authentikNucleo/ # Copy media folder with custom theme files cp -rf media /srv/authentikNucleo/ # Copy custom-templates if exists if [ -d "custom-templates" ]; then cp -rf custom-templates /srv/authentikNucleo/ fi # Copy certs if exists if [ -d "certs" ]; then cp -rf certs /srv/authentikNucleo/ fi - name: Ensure external docker network exists run: | docker network inspect principal >/dev/null 2>&1 || docker network create principal - name: Stop existing Authentik stack run: | cd /srv/authentikNucleo docker compose -f docker-compose.yml --project-name authentiknucleo down || true - name: Pull latest images run: | cd /srv/authentikNucleo docker compose -f docker-compose.yml pull - name: Start Authentik stack run: | cd /srv/authentikNucleo docker compose -f docker-compose.yml --project-name authentiknucleo up -d --remove-orphans - name: Wait for services to be healthy run: | cd /srv/authentikNucleo echo "Waiting for PostgreSQL..." timeout 60 bash -c 'until docker compose -f docker-compose.yml --project-name authentiknucleo exec -T postgresql pg_isready -U authentik; do sleep 2; done' || echo "PostgreSQL health check timed out" echo "Waiting for Redis..." timeout 60 bash -c 'until docker compose -f docker-compose.yml --project-name authentiknucleo exec -T redis redis-cli ping | grep PONG; do sleep 2; done' || echo "Redis health check timed out" - name: Show service status run: | cd /srv/authentikNucleo docker compose -f docker-compose.yml --project-name authentiknucleo ps - name: Show recent logs run: | cd /srv/authentikNucleo docker compose -f docker-compose.yml --project-name authentiknucleo logs --tail=50 - name: Inspect published ports run: | cd /srv/authentikNucleo echo "=== Server container ports ===" CID=$(docker compose -f docker-compose.yml --project-name authentiknucleo ps -q server) echo "Container: $CID" docker inspect "$CID" --format '{{json .NetworkSettings.Ports}}' || true docker port "$CID" || true - name: Verify media files were copied run: | echo "=== Media files in deployment directory ===" ls -lah /srv/authentikNucleo/media/ - name: Test HTTP endpoint run: | echo "Testing HTTP endpoint..." sleep 10 curl -f http://localhost:9100 || echo "HTTP endpoint not ready yet"