name: deploy-meshcentral on: push: branches: [ main, master ] jobs: deploy: runs-on: docker env: APP_NAME: ${{ vars.APP_NAME }} APP_DOMAIN: ${{ vars.APP_DOMAIN }} MESH_AGENTS_DOMAIN: ${{ vars.MESH_AGENTS_DOMAIN }} MESH_PORT: ${{ vars.MESH_PORT }} # Authentik OIDC configuration AUTHENTIK_ISSUER: ${{ vars.AUTHENTIK_ISSUER }} AUTHENTIK_ISSUER_INTERNAL: ${{ vars.AUTHENTIK_ISSUER_INTERNAL }} AUTHENTIK_CLIENT_ID: ${{ secrets.AUTHENTIK_CLIENT_ID }} AUTHENTIK_CLIENT_SECRET: ${{ secrets.AUTHENTIK_CLIENT_SECRET }} steps: - uses: actions/checkout@v3 - name: Info about deployment run: | echo "ℹ️ Deploying MeshCentral" echo " Domain: ${{ vars.APP_DOMAIN }}" echo " Container: ${{ vars.APP_NAME }}" echo " Network: principal" - name: Clean up existing stack run: docker compose --project-name $APP_NAME down || true - name: Create MeshCentral directories run: | # Crear directorios fijos en /srv/meshcentral mkdir -p /srv/meshcentral/data mkdir -p /srv/meshcentral/files mkdir -p /srv/meshcentral/backup mkdir -p /srv/meshcentral/config - name: Generate MeshCentral config.json run: | tee /srv/meshcentral/data/config.json > /dev/null <<'EOF' { "settings": { "cert": "${{ vars.APP_DOMAIN }}", "port": 80, "aliasPort": 443, "redirPort": 80, "AgentPong": 300, "TlsOffload": true, "SelfUpdate": false, "AllowFraming": false, "WebRTC": true, "ClickOnce": false, "AllowHighQualityDesktop": true, "DesktopAspectRatios": "1.33,1.5,1.6,1.7,1.778,2.0" }, "domains": { "": { "title": "MeshCentral - Nucleo Rio Frio", "title2": "Remote Management Platform", "newAccounts": false, "certUrl": "${{ vars.APP_DOMAIN }}", "geoLocation": true, "cookieIpCheck": false, "allowLoginToken": true, "allowFraming": false, "authStrategies": { "oidc": { "issuer": "${{ vars.AUTHENTIK_ISSUER }}", "clientid": "${{ secrets.AUTHENTIK_CLIENT_ID }}", "clientsecret": "${{ secrets.AUTHENTIK_CLIENT_SECRET }}", "newAccounts": true } }, "passwordRequirements": { "min": 8, "max": 128, "upper": 1, "lower": 1, "numeric": 1, "nonalpha": 1 }, "agentInviteCodes": false, "userNameIsEmail": false } } } EOF - name: Set correct permissions run: | chmod -R 750 /srv/meshcentral/data chmod -R 750 /srv/meshcentral/files chmod -R 750 /srv/meshcentral/backup chmod -R 750 /srv/meshcentral/config - name: Start MeshCentral stack run: docker compose --project-name $APP_NAME up -d --remove-orphans --wait - name: Wait for MeshCentral to be ready run: | echo "⏳ Waiting for MeshCentral to start..." sleep 10 docker logs ${APP_NAME} - name: Deployment complete run: | echo "✅ MeshCentral deployed successfully" echo " Access at: https://${{ vars.APP_DOMAIN }}"