Transition deployment to Linux in createrelease.yml#42
Merged
StuartFerguson merged 1 commit intomainfrom Jul 4, 2025
Merged
Conversation
Updated the workflow to support Linux-based deployments for "Deploy to Staging" and "Deploy to Production" jobs. Key changes include: - Modified `runs-on` to specify Linux environments. - Adapted service removal steps from PowerShell to shell commands using `systemctl`. - Added .NET runtime installation for Linux servers. - Changed service installation to create a systemd service file. - Updated artifact download step to use a newer version of `actions/download-artifact`.
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
Comment on lines
+153
to
+229
| runs-on: [productionserver, linux] | ||
| needs: [buildlinux, deploystaging] | ||
| environment: production | ||
| name: "Deploy to Production" | ||
|
|
||
| steps: | ||
| - name: Download the artifact | ||
| uses: actions/download-artifact@v3 | ||
| uses: actions/download-artifact@v4.1.8 | ||
| with: | ||
| name: mobileconfiguration | ||
|
|
||
| - name: Remove existing Windows service | ||
| path: /tmp/mobileconfiguration # Download to a temporary directory | ||
|
|
||
| - name: Remove existing service (if applicable) | ||
| run: | | ||
| $serviceName = "Transaction Processing - Mobile Configuration" | ||
| # Check if the service exists | ||
| if (Get-Service -Name $serviceName -ErrorAction SilentlyContinue) { | ||
| Stop-Service -Name $serviceName | ||
| sc.exe delete $serviceName | ||
| } | ||
|
|
||
| SERVICE_NAME="mobileconfiguration" | ||
| if systemctl is-active --quiet "$SERVICE_NAME"; then | ||
| echo "Stopping existing service..." | ||
| sudo systemctl stop "$SERVICE_NAME" | ||
| fi | ||
| if systemctl is-enabled --quiet "$SERVICE_NAME"; then | ||
| echo "Disabling existing service..." | ||
| sudo systemctl disable "$SERVICE_NAME" | ||
| fi | ||
| if [ -f "/etc/systemd/system/${SERVICE_NAME}.service" ]; then | ||
| echo "Removing existing service unit file..." | ||
| sudo rm "/etc/systemd/system/${SERVICE_NAME}.service" | ||
| sudo systemctl daemon-reload | ||
| fi | ||
|
|
||
| - name: Unzip the files | ||
| run: | | ||
| Expand-Archive -Path mobileconfiguration.zip -DestinationPath "C:\txnproc\transactionprocessing\mobileconfiguration" -Force | ||
|
|
||
| - name: Install as a Windows service | ||
| sudo mkdir -p /opt/txnproc/transactionprocessing/mobileconfiguration | ||
| sudo unzip -o /tmp/mobileconfiguration/mobileconfiguration.zip -d /opt/txnproc/transactionprocessing/mobileconfiguration | ||
|
|
||
| # IMPORTANT: Add a step to ensure the .NET runtime is installed on the server | ||
| # This assumes it's not already there. If your base image already has it, you can skip this. | ||
| - name: Install .NET Runtime | ||
| run: | | ||
| # Example for Ubuntu. Adjust based on your .NET version (e.g., 8.0, 7.0) | ||
| # and if you need the SDK or just the runtime. | ||
| # This uses Microsoft's package repository for the latest versions. | ||
| wget https://packages.microsoft.com/config/ubuntu/$(lsb_release -rs)/packages-microsoft-prod.deb -O packages-microsoft-prod.deb | ||
| sudo dpkg -i packages-microsoft-prod.deb | ||
| rm packages-microsoft-prod.deb | ||
| sudo apt update | ||
| sudo apt install -y aspnetcore-runtime-9.0 | ||
|
|
||
| - name: Install and Start as a Linux service | ||
| run: | | ||
| $serviceName = "Transaction Processing - Mobile Configuration" | ||
| $servicePath = "C:\txnproc\transactionprocessing\mobileconfiguration\MobileConfiguration.exe" | ||
|
|
||
| New-Service -Name $serviceName -BinaryPathName $servicePath -Description "Transaction Processing - Mobile Configuration" -DisplayName "Transaction Processing - Mobile Configuration" -StartupType Automatic | ||
| Start-Service -Name $serviceName | ||
| SERVICE_NAME="mobileconfiguration" | ||
| # The WorkingDirectory is crucial for .NET apps to find appsettings.json and other files | ||
| WORKING_DIRECTORY="/opt/txnproc/transactionprocessing/mobileconfiguration" | ||
| DLL_NAME="MobileConfiguration.dll" # Your application's DLL | ||
| SERVICE_DESCRIPTION="Transaction Processing - Mobile Configuration" | ||
|
|
||
| # Create a systemd service file | ||
| echo "[Unit]" | sudo tee /etc/systemd/system/${SERVICE_NAME}.service | ||
| echo "Description=${SERVICE_DESCRIPTION}" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service | ||
| echo "After=network.target" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service | ||
| echo "" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service | ||
| echo "[Service]" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service | ||
| # IMPORTANT: Use 'dotnet' to run your DLL | ||
| echo "ExecStart=/usr/bin/dotnet ${WORKING_DIRECTORY}/${DLL_NAME}" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service | ||
| echo "WorkingDirectory=${WORKING_DIRECTORY}" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service | ||
| echo "Restart=always" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service | ||
| echo "User=youruser" # IMPORTANT: Change to a dedicated, less privileged user | ||
| echo "Group=yourgroup" # IMPORTANT: Change to a dedicated, less privileged group | ||
| echo "Environment=ASPNETCORE_ENVIRONMENT=Production" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service # Example | ||
| echo "" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service | ||
| echo "[Install]" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service | ||
| echo "WantedBy=multi-user.target" | sudo tee -a /etc/systemd/system/${SERVICE_NAME}.service | ||
|
|
||
| # Reload systemd, enable, and start the service | ||
| sudo systemctl daemon-reload | ||
| sudo systemctl enable "$SERVICE_NAME" | ||
| sudo systemctl start "$SERVICE_NAME" | ||
| sudo systemctl status "$SERVICE_NAME" --no-pager # For debugging/verification |
Check warning
Code scanning / CodeQL
Workflow does not contain permissions Medium
Show autofix suggestion
Hide autofix suggestion
Copilot Autofix
AI 10 months ago
To fix the issue, we need to add a permissions block to the workflow. This block should specify the minimum permissions required for the workflow to function correctly. Since the workflow involves downloading artifacts and deploying to servers, the contents: read permission is sufficient for most operations. If specific jobs require additional permissions (e.g., pull-requests: write), those can be added to the respective job blocks.
The permissions block can be added at the root level of the workflow to apply to all jobs or within individual job definitions for more granular control.
Suggested changeset
1
.github/workflows/createrelease.yml
| @@ -6,2 +6,5 @@ | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: |
Copilot is powered by AI and may make mistakes. Always verify output.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Updated the workflow to support Linux-based deployments for "Deploy to Staging" and "Deploy to Production" jobs. Key changes include:
runs-onto specify Linux environments.systemctl.actions/download-artifact.closes Create Linux Install workflow #41