-
Notifications
You must be signed in to change notification settings - Fork 0
118 lines (105 loc) · 5.05 KB
/
continuous-deployment.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
name: Continuous Deployment
on:
push:
branches:
- dev
- main
workflow_dispatch:
jobs:
run_pull:
name: Run Pull and Deploy
runs-on: ubuntu-latest
steps:
- name: Checking out code
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set deployment variables
run: |
if [ "${{ github.ref }}" = "refs/heads/dev" ]; then
echo "IMAGE=backend-dev" >> $GITHUB_ENV
echo "DEFAULT_PORT=${{ secrets.DEFAULT_PORT_DEV }}" >> $GITHUB_ENV
echo "SQL_DATABASE=${{ secrets.SQL_DATABASE_DEV }}" >> $GITHUB_ENV
echo "VAULT_PORT=${{ secrets.VAULT_PORT_DEV }}" >> $GITHUB_ENV
echo "UNSEAL_KEY_1=${{ secrets.UNSEAL_KEY_1_DEV }}" >> $GITHUB_ENV
echo "UNSEAL_KEY_2=${{ secrets.UNSEAL_KEY_2_DEV }}" >> $GITHUB_ENV
echo "UNSEAL_KEY_3=${{ secrets.UNSEAL_KEY_3_DEV }}" >> $GITHUB_ENV
echo "ROOT_VAULT_TOKEN=${{ secrets.ROOT_VAULT_TOKEN_DEV }}" >> $GITHUB_ENV
elif [ "${{ github.ref }}" = "refs/heads/main" ]; then
echo "IMAGE=backend-main" >> $GITHUB_ENV
echo "DEFAULT_PORT=${{ secrets.DEFAULT_PORT_MAIN }}" >> $GITHUB_ENV
echo "SQL_DATABASE=${{ secrets.SQL_DATABASE_MAIN }}" >> $GITHUB_ENV
echo "VAULT_PORT=${{ secrets.VAULT_PORT_MAIN }}" >> $GITHUB_ENV
echo "UNSEAL_KEY_1=${{ secrets.UNSEAL_KEY_1_MAIN }}" >> $GITHUB_ENV
echo "UNSEAL_KEY_2=${{ secrets.UNSEAL_KEY_2_MAIN }}" >> $GITHUB_ENV
echo "UNSEAL_KEY_3=${{ secrets.UNSEAL_KEY_3_MAIN }}" >> $GITHUB_ENV
echo "ROOT_VAULT_TOKEN=${{ secrets.ROOT_VAULT_TOKEN_MAIN }}" >> $GITHUB_ENV
else
echo "Invalid branch for deployment" && exit 1
fi
- name: Log in to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Get the short SHA hash of the commit
run: |
echo "SHORT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
- name: Build and push Docker image
run: |
docker build -t selecro/${{ env.IMAGE }}:${{ github.ref_name }}-${{ env.SHORT_SHA }} .
docker push selecro/${{ env.IMAGE }}:${{ github.ref_name }}-${{ env.SHORT_SHA }}
- name: Install OpenVPN
run: |
sudo apt-get update && sudo apt-get install openvpn -y
- name: Configure OpenVPN
run: |
echo "${{ secrets.OPENVPN_CONFIG }}" > ~/openvpn-config.ovpn
- name: Connect to OpenVPN
run: |
sudo openvpn --config ~/openvpn-config.ovpn &
- name: Wait for VPN Connection
run: |
sleep 20
- name: SSH into Your Server and Deploy
uses: appleboy/ssh-action@v1.0.0
with:
host: ${{ secrets.SERVER_IP }}
username: ${{ secrets.SERVER_USER }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
port: ${{ secrets.SSH_PORT }}
script: |
docker login || true && \
docker pull selecro/${{ env.IMAGE }}:${{ github.ref_name }}-${{ env.SHORT_SHA }} && \
docker ps -a | grep ${{ env.IMAGE }} && docker stop ${{ env.IMAGE }} || true && \
docker ps -a | grep ${{ env.IMAGE }} && docker rm ${{ env.IMAGE }} || true && \
docker run \
-e DEFAULT_HOST="${{ secrets.DEFAULT_HOST }}" \
-e DEFAULT_PORT="${{ env.DEFAULT_PORT }}" \
-e JWT_SECRET="${{ secrets.JWT_SECRET }}" \
-e JWT_SECRET_EMAIL="${{ secrets.JWT_SECRET_EMAIL }}" \
-e JWT_SECRET_SIGNUP="${{ secrets.JWT_SECRET_SIGNUP }}" \
-e SQL_HOST="${{ secrets.SQL_HOST }}" \
-e SQL_PORT="${{ secrets.SQL_PORT }}" \
-e SQL_USER="${{ secrets.SQL_USER }}" \
-e SQL_PASSWORD="${{ secrets.SQL_PASSWORD }}" \
-e SQL_DATABASE="${{ env.SQL_DATABASE }}" \
-e EMAIL_HOST="${{ secrets.EMAIL_HOST }}" \
-e EMAIL_PORT="${{ secrets.EMAIL_PORT }}" \
-e EMAIL_USER="${{ secrets.EMAIL_USER }}" \
-e EMAIL_PASSWORD="${{ secrets.EMAIL_PASSWORD }}" \
-e VAULT_URL="${{ secrets.VAULT_URL }}" \
-e VAULT_URL="${{ secrets.VAULT_URL }}" \
-e VAULT_PORT="${{ env.VAULT_PORT }}" \
-e UNSEAL_KEY_1="${{ env.UNSEAL_KEY_1 }}" \
-e UNSEAL_KEY_2="${{ env.UNSEAL_KEY_2 }}" \
-e UNSEAL_KEY_3="${{ env.UNSEAL_KEY_3 }}" \
-e ROOT_VAULT_TOKEN="${{ env.ROOT_VAULT_TOKEN }}" \
-e IMGUR_CLIENT_ID="${{ secrets.IMGUR_CLIENT_ID }}" \
-e INSTRUCTION_KEY_PREMIUM="${{ secrets.INSTRUCTION_KEY_PREMIUM }}" \
-e INSTRUCTION_KEY_PREMIUM_PERMISSIONS="${{ secrets.INSTRUCTION_KEY_PREMIUM_PERMISSIONS }}" \
--name ${{ env.IMAGE }} -dp ${{ env.DEFAULT_PORT }}:${{ env.DEFAULT_PORT }} \
selecro/${{ env.IMAGE }}:${{ github.ref_name }}-${{ env.SHORT_SHA }} && \
docker update --restart unless-stopped ${{ env.IMAGE }} && exit
- name: Cleanup
run: rm -rf ~/.ssh