wx_service/.github/workflows/deploy-prod.yml

name: deploy-prod-non-docker

on:
  push:
    branches:
      - main
  workflow_dispatch:

concurrency:
  group: wx-service-prod
  cancel-in-progress: true

jobs:
  deploy:
    runs-on: ubuntu-latest
    timeout-minutes: 20

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Go
        uses: actions/setup-go@v5
        with:
          go-version: '1.23.x'

      - name: Download modules
        run: go mod download

      - name: Build linux binary
        run: |
          mkdir -p tmp
          CGO_ENABLED=0 GOOS=linux GOARCH=amd64 go build -trimpath -ldflags "-s -w" -o tmp/wx_service ./cmd/api

      - name: Prepare SSH
        env:
          SSH_KEY: ${{ secrets.PROD_SSH_KEY }}
          HOST: ${{ secrets.PROD_HOST }}
          PORT: ${{ secrets.PROD_PORT }}
        run: |
          set -e
          if [ -z "$SSH_KEY" ] || [ -z "$HOST" ]; then
            echo "Missing required secrets: PROD_SSH_KEY / PROD_HOST"
            exit 1
          fi
          mkdir -p ~/.ssh
          chmod 700 ~/.ssh
          printf '%s\n' "$SSH_KEY" > ~/.ssh/id_ed25519
          chmod 600 ~/.ssh/id_ed25519
          ssh-keyscan -p "${PORT:-22}" "$HOST" >> ~/.ssh/known_hosts

      - name: Upload binary to server
        env:
          HOST: ${{ secrets.PROD_HOST }}
          PORT: ${{ secrets.PROD_PORT }}
          USER: ${{ secrets.PROD_USER }}
        run: |
          set -e
          REMOTE_BIN="/tmp/wx_service-${GITHUB_SHA}"
          SSH_OPTS="-o BatchMode=yes -o ConnectTimeout=15 -o ServerAliveInterval=10 -o ServerAliveCountMax=3"
          scp -O ${SSH_OPTS} -P "${PORT:-22}" tmp/wx_service "${USER:-root}@${HOST}:${REMOTE_BIN}"

      - name: Deploy on server
        env:
          HOST: ${{ secrets.PROD_HOST }}
          PORT: ${{ secrets.PROD_PORT }}
          USER: ${{ secrets.PROD_USER }}
        run: |
          set -e
          REMOTE_BIN="/tmp/wx_service-${GITHUB_SHA}"
          SSH_OPTS="-o BatchMode=yes -o ConnectTimeout=15 -o ServerAliveInterval=10 -o ServerAliveCountMax=3"
          ssh ${SSH_OPTS} -p "${PORT:-22}" "${USER:-root}@${HOST}" \
            "APP_DIR='/www/wwwroot/wx_service' \
             DIST_DIR='/www/wwwroot/wx_service/dist' \
             SOURCE_BIN='${REMOTE_BIN}' \
             RELEASE_ID='${GITHUB_SHA}' \
             SERVICE_NAME='wx_service' \
             RUN_USER='www' \
             RUN_GROUP='www' \
             PORT='8080' \
             SYNC_CODE='true' \
             DEPLOY_REF='${GITHUB_SHA}' \
             INSTALL_SERVICE='true' \
             bash -s" < scripts/ops/deploy_binary.sh