name: Deploy to Server (password auth) on: push: branches: [ main ] workflow_dispatch: jobs: deploy: runs-on: ubuntu-latest strategy: matrix: server: - "your.server1.com" - "your.server2.com" # добавьте остальные ip/домены steps: - name: Checkout code uses: actions/checkout@v4 - name: Build binary (если нужно) run: | # пример для Go, замените под свой язык GOOS=linux GOARCH=amd64 go build -o myapp ./cmd/myapp - name: Pack files we want to deploy run: | mkdir -p artifact cp myapp artifact/ 2>/dev/null || true cp -r config/ artifact/ 2>/dev/null || true cp systemd/*.service artifact/ 2>/dev/null || true tar czf artifact.tar.gz -C artifact . - name: Copy artifact to server uses: appleboy/scp-action@v0.1.7 with: host: ${{ matrix.server }} username: ${{ secrets.SSH_USERNAME }} password: ${{ secrets.SSH_PASSWORD }} port: 22 source: "artifact.tar.gz" target: "/tmp/myapp-deploy" strip_components: 0 - name: Deploy & restart service uses: appleboy/ssh-action@v1.0.3 with: host: ${{ matrix.server }} username: ${{ secrets.SSH_USERNAME }} password: ${{ secrets.SSH_PASSWORD }} port: 22 script: | set -euo pipefail cd /tmp/myapp-deploy sudo tar xzf artifact.tar.gz # Простейшая проверка бинарника (очень рекомендуется!) sudo ./myapp --version || { echo "Binary broken!"; exit 1; } sudo mkdir -p /opt/myapp sudo rm -rf /opt/myapp.old sudo mv /opt/myapp /opt/myapp.old 2>/dev/null || true sudo mv ./* /opt/myapp/ sudo cp /opt/myapp/*.service /etc/systemd/system/ 2>/dev/null || true sudo systemctl daemon-reload sudo systemctl enable myapp.service sudo systemctl restart myapp.service echo "Deployment completed on $(hostname)" rm -rf /tmp/myapp-deploy