feat: implement secure WireGuard-based automated deployment pipeline#10
Merged
Merged
Conversation
- Configure GitHub Actions to establish WireGuard VPN tunnel - Deploy to EC2 using private IP over VPN - Remove dependency on public SSH access - Improve security by avoiding open port 22 exposure
…test - Removed direct public SSH deployment steps - Added WireGuard VPN setup in deploy workflow - Added VPN status verification step - Added SSH connectivity test via private EC2 IP
- Added appleboy/scp-action step - Transfers controller-linux to /tmp on private VM - Prepares deployment stage for systemd integration
- Stops mini-heroku service before deployment - Creates timestamped backup of existing binary - Moves new controller binary into /opt directory - Applies correct ownership and permissions - Restarts systemd service
- Validates mini-heroku systemd service status - Fails workflow if service is not active - Prints last 50 journal logs for debugging - Improves deployment reliability
…binary - Converted test job to matrix-based execution - Runs controller and CLI tests in parallel - Reduces overall CI pipeline duration - Embedded short Git commit SHA into controller binary - Added UTC build timestamp via ldflags - Improves build traceability and deployment visibility
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR completes the CI/CD deployment automation using WireGuard VPN and private SSH.
Enhancements:
Deployment now runs fully automated over private network without public SSH exposure.