GitHub Deploy Runbook
Purpose
This runbook defines how GitHub becomes the canonical deployment source for Earthbond while the app continues to run on the existing server.
The intended steady state is:
- Earthbond lives in its own GitHub repository
- WIICCO site assets remain separate from the deployment runtime
- the local server runs from a clone of the Earthbond repository
- the deployment branch is the only branch used for server rebuilds
The deploy branch is:
main
The repository is:
git@github.com:robby1312/earthbond.git
Model
- changes are committed locally
- automated backup pushes to
origin/main - GitHub Actions listens to pushes on
main - GitHub Actions opens an SSH session to the server
- the server fetches
origin/main - the server rebuilds and restarts the stack
- post-deploy healthcheck validates the result
Local Working Rule
This deployment model should be operated from the main branch locally.
That is now the enforced backup rule as well. The GitHub backup job is not intended to push ad hoc work from unrelated local branches.
Files
Required GitHub Secrets
EARTHBOND_DEPLOY_HOSTEARTHBOND_DEPLOY_USEREARTHBOND_DEPLOY_SSH_KEYEARTHBOND_DEPLOY_PORTEARTHBOND_DEPLOY_REPO_DIR
Local Server Clone
For a clean server deployment checkout, use:
This creates or updates a local clone that tracks the Earthbond deployment branch directly from GitHub.
Server Behavior
The server-side deploy script:
- fetches
origin/main - checks out local branch
mainif needed - hard-resets the working tree to
origin/main - runs:
docker compose up -d --build
- runs:
Important Boundary
This is a deployment-control workflow.
It does not make the app hosted by GitHub.
The app still runs on your server. GitHub becomes:
- the canonical source branch
- the trigger point for deployment
- the audit trail for deployed source
Risk
The deploy script performs:
git reset --hard origin/main
That is correct only if the server repo is treated as a deployment checkout and not as a place for ad hoc uncommitted edits.