Replace string substitutions with erb env vars

mythz · mythz · commit b1e64593100b · 2025-11-18T20:46:02.000+08:00
diff --git a/.github/workflows/build-container.yml b/.github/workflows/build-container.yml
@@ -15,8 +15,6 @@ on:
 # Only update envs here if you need to change them for this workflow
 env:
   DOCKER_BUILDKIT: 1
-  KAMAL_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
-  KAMAL_REGISTRY_USERNAME: ${{ github.actor }}
   KAMAL_DEPLOY_HOST: ${{ secrets.KAMAL_DEPLOY_HOST }}
 
 jobs:
@@ -95,8 +93,8 @@ jobs:
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
-          username: ${{ env.KAMAL_REGISTRY_USERNAME }}
-          password: ${{ env.KAMAL_REGISTRY_PASSWORD }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Setup .NET
         uses: actions/setup-dotnet@v5
diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml
@@ -14,8 +14,6 @@ on:
 
 env:
   DOCKER_BUILDKIT: 1
-  KAMAL_REGISTRY_PASSWORD: ${{ secrets.GITHUB_TOKEN }}
-  KAMAL_REGISTRY_USERNAME: ${{ github.actor }}
   SERVICESTACK_LICENSE: ${{ secrets.SERVICESTACK_LICENSE }}
 
 jobs:
@@ -38,25 +36,13 @@ jobs:
             echo "HAS_MIGRATIONS=false" >> $GITHUB_ENV
           fi
 
-      # This step is for the deployment of the templates only, safe to delete
-      - name: Modify deploy.yml
-        env:
-          KAMAL_DEPLOY_IP: ${{ secrets.KAMAL_DEPLOY_IP }}
-        if: env.KAMAL_DEPLOY_IP != null
-        run: |
-          SERVICE_NAME=$(echo "${{ env.repository_name_lower }}" | tr '.' '-')
-          sed -i "s/service: my-app/service: $SERVICE_NAME/g" config/deploy.yml
-          sed -i "s#image: my-user/myapp#image: ${{ env.image_repository_name }}#g" config/deploy.yml
-          sed -i "s/192.168.0.1/${{ secrets.KAMAL_DEPLOY_IP }}/g" config/deploy.yml
-          sed -i "s/host: my-app.example.com/host: ${{ secrets.KAMAL_DEPLOY_HOST }}/g" config/deploy.yml
-          sed -i "s/TechStacks/${{ env.repository_name }}/g" config/deploy.yml
 
       - name: Login to GitHub Container Registry
         uses: docker/login-action@v3
         with:
           registry: ghcr.io
-          username: ${{ env.KAMAL_REGISTRY_USERNAME }}
-          password: ${{ env.KAMAL_REGISTRY_PASSWORD }}
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Set up SSH key
         uses: webfactory/ssh-agent@v0.9.0
@@ -115,7 +101,7 @@ jobs:
       - name: Deploy with Kamal
         run: |
           kamal lock release -v
-          kamal server exec --no-interactive 'echo "${{ env.KAMAL_REGISTRY_PASSWORD }}" | docker login ghcr.io -u ${{ env.KAMAL_REGISTRY_USERNAME }} --password-stdin'
+          kamal server exec --no-interactive 'echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin'
           kamal server exec --no-interactive 'docker pull ghcr.io/${{ env.image_repository_name }}:latest'
           kamal deploy -P --version latest
 
diff --git a/config/deploy.yml b/config/deploy.yml
@@ -1,30 +1,42 @@
-# Name of your application. Used to uniquely configure containers.
-service: techstacks-io
+# Kamal deploy config for this repository. Uses environment variables:
+# - GITHUB_REPOSITORY (e.g. acme/example.org)   - included in GitHub Actions
+# - GITHUB_ACTOR (e.g. acme)                    - included in GitHub Actions
+# - GITHUB_TOKEN ($GITHUB_TOKEN)                - included in GitHub Actions
+# - KAMAL_DEPLOY_IP (e.g. 100.100.100.100)      - from GitHub Action Secret
+# - KAMAL_DEPLOY_HOST (e.g. example.org)        - from GitHub Action Secret
+# - POSTGRES_PASSWORD (e.g. random-password)    - from GitHub Action Secret
 
-# Name of the container image.
-image: ghcr.io/netcoreapps/techstacks.io
+# Using Environment variables allows re-use of this config for multiple apps.
+# Alternatively, they can be replaced with hard-coded values for 
+
+# Name of your application. Used to uniquely configure containers. (e.g. example-org)
+service: <%= ENV['GITHUB_REPOSITORY'].to_s.split('/').last.tr('.', '-') %>
+
+# Name of the container image. (e.g. ghcr.io/acne/example.org)
+image: ghcr.io/<%= ENV['GITHUB_REPOSITORY'].to_s.downcase %>
 
 # Required for use of ASP.NET Core with Kamal-Proxy.
 env:
   clear:
     ASPNETCORE_FORWARDEDHEADERS_ENABLED: true
+  # secrets from ./kamal/secrets
   secret:
     - SERVICESTACK_LICENSE
 
 # Deploy to these servers.
 servers:
-  # IP address of server, optionally use env variable.
+  # IP address of server to deploy to. (e.g. 100.100.100.100)
   web:
-    - 192.168.0.1
-#   - <%= ENV['KAMAL_DEPLOY_IP'] %>
-    - network: techstacks-io-network
+    hosts:
+     - <%= ENV['KAMAL_DEPLOY_IP'] %>
 
 # Enable SSL auto certification via Let's Encrypt (and allow for multiple apps on one server).
 # If using something like Cloudflare, it is recommended to set encryption mode
 # in Cloudflare's SSL/TLS setting to "Full" to enable end-to-end encryption.
 proxy:
   ssl: true
-  host: techstacks.io
+  # Hostname to proxy. (e.g. example.org)
+  host: <%= ENV['KAMAL_DEPLOY_HOST'] %>
   # kamal-proxy connects to your container over port 80, use `app_port` to specify a different port.
   app_port: 8080
 
@@ -33,32 +45,35 @@ registry:
   # Specify the registry server, if you're not using Docker Hub
   server: ghcr.io
   username:
-    - KAMAL_REGISTRY_USERNAME
+    - <%= ENV['GITHUB_ACTOR'] %>
 
   # Always use an access token rather than real password (pulled from .kamal/secrets).
   password:
-    - KAMAL_REGISTRY_PASSWORD
+    - <%= ENV['GITHUB_TOKEN'] %>
 
 # Configure builder setup.
 builder:
   arch: amd64
 
 volumes:
-  - "/opt/docker/techstacks.io/App_Data:/app/App_Data"
+  - "/opt/docker/<%= ENV['KAMAL_DEPLOY_HOST'] %>/App_Data:/app/App_Data"
 
 accessories:
   postgres:
     image: postgres
-    host: 192.168.0.1
-    network: techstacks-io-network
+    # IP address of server to deploy accessory to. (e.g. 100.100.100.100)
+    host: <%= ENV['KAMAL_DEPLOY_IP'] %>
+    port: "5433:5432"
     env:
       clear:
-        POSTGRES_USER: techstacks
-        POSTGRES_DB: techstacks
+        # Database username and database name (e.g. example/example)
+        POSTGRES_USER: <%= ENV['GITHUB_REPOSITORY'].to_s.split('/').last.tr('.', '-').split('-').first %>
+        POSTGRES_DB: <%= ENV['GITHUB_REPOSITORY'].to_s.split('/').last.tr('.', '-').split('-').first %>
         # Optional: only listens inside container
         PGDATA: /var/lib/postgresql/data
+      # secrets from ./kamal/secrets
       secret:
         - POSTGRES_PASSWORD
     directories:
-      - /opt/docker/techstacks.io/postgres:/var/lib/postgresql/data
-      - /opt/docker/techstacks.io/initdb.d:/docker-entrypoint-initdb.d
+      - /opt/docker/<%= ENV['KAMAL_DEPLOY_HOST'] %>/postgres:/var/lib/postgresql/data
+      - /opt/docker/<%= ENV['KAMAL_DEPLOY_HOST'] %>/initdb.d:/docker-entrypoint-initdb.d
