first #28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI and CD | |
on: | |
push: | |
pull_request: | |
defaults: | |
run: | |
working-directory: ./infrastructure | |
env: | |
TF_VAR_project_name: tarhche | |
TF_VAR_instance_name: backend | |
PROXY_IMAGE_NAME: proxy | |
EC2_SSH_ADDRESS: ${{ secrets.EC2_SSH_ADDRESS }} | |
EC2_SSH_ENDPOINT: ${{ secrets.EC2_SSH_USER }}@${{ secrets.EC2_SSH_ADDRESS }} | |
jobs: | |
ci: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Terraform validate and apply | |
uses: ./.github/actions/terraform | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
validate: true | |
apply: true | |
- name: Build image | |
uses: ./.github/actions/docker-build | |
with: | |
context: ./proxy | |
dockerfile: ./proxy/Dockerfile | |
image-name: ${{ env.PROXY_IMAGE_NAME }} | |
push: false | |
container-registry: ghcr.io | |
cd: | |
runs-on: ubuntu-latest | |
if: ${{ format('refs/heads/{0}', github.event.repository.default_branch) == github.ref }} | |
needs: | |
- ci | |
permissions: | |
contents: read | |
packages: write | |
attestations: write | |
id-token: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Terraform validate and apply | |
uses: ./.github/actions/terraform | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
validate: true | |
apply: true | |
- name: Build and push proxy image | |
uses: ./.github/actions/docker-build | |
with: | |
context: ./proxy | |
dockerfile: ./proxy/Dockerfile | |
image-name: ${{ env.PROXY_IMAGE_NAME }} | |
push: true | |
container-registry: ghcr.io | |
container-registry-username: ${{ github.actor }} | |
container-registry-password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Deploy services | |
run: | | |
# Setup ssh key | |
echo '${{ secrets.EC2_SSH_PRIVATE_KEY }}' > ~/ec2-key.pem | |
chmod 400 ~/ec2-key.pem | |
mkdir -p ~/.ssh | |
ssh-keyscan -H $EC2_SSH_ADDRESS >> ~/.ssh/known_hosts | |
# Ensure remote directory exists | |
ssh -q -i ~/ec2-key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null $EC2_SSH_ENDPOINT > /dev/null 2>&1 << 'EOF' | |
export VOLUME_PATH='${{ secrets.VOLUME_PATH }}' | |
sudo mkdir -p /opt/deployment | |
sudo chown ${{ secrets.EC2_SSH_USER }}:${{ secrets.EC2_SSH_USER }} /opt/deployment | |
# create volumes directories | |
sudo mkdir -p $VOLUME_PATH/mongodb/db | |
sudo mkdir -p $VOLUME_PATH/mongodb/configdb | |
sudo mkdir -p $VOLUME_PATH/nats | |
EOF | |
# Copy files | |
scp -q -i ~/ec2-key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -r ./* $EC2_SSH_ENDPOINT:/opt/deployment/ > /dev/null 2>&1 | |
# Connect and deploy services | |
ssh -q -i ~/ec2-key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null $EC2_SSH_ENDPOINT > /dev/null 2>&1 << 'EOF' | |
export VOLUME_PATH='${{ secrets.VOLUME_PATH }}' | |
export MONGO_USERNAME='${{ secrets.MONGO_USERNAME }}' | |
export MONGO_PASSWORD='${{ secrets.MONGO_PASSWORD }}' | |
export DASHBOARD_MONGO_USERNAME='${{ secrets.DASHBOARD_MONGO_USERNAME }}' | |
export DASHBOARD_MONGO_PASSWORD='${{ secrets.DASHBOARD_MONGO_PASSWORD }}' | |
export DASHBOARD_MONGO_MONGODB_URL='mongodb://${{ secrets.MONGO_USERNAME }}:${{ secrets.MONGO_PASSWORD }}@mongodb:27017' | |
export PROXY_IMAGE='${{ secrets.PROXY_IMAGE }}' | |
export PORTAINER_ADMIN_PASSWORD='${{ secrets.PORTAINER_ADMIN_PASSWORD }}' | |
# Run Docker Compose | |
cd /opt/deployment/ | |
docker compose -f compose.mongodb.yaml --project-name mongodb up --pull always --detach | |
docker compose -f compose.mongodb_dashboard.yaml --project-name mongodb_dashboard up --pull always --detach | |
docker compose -f compose.nats.yaml --project-name nats up --pull always --detach | |
docker compose -f compose.docker.yaml --project-name docker up --pull always --detach | |
docker compose -f compose.docker_dashboard.yaml --project-name docker_dashboard up --pull always --detach | |
docker compose -f compose.app.yaml --project-name app up --pull always --detach | |
docker compose -f compose.frontend.yaml --project-name frontend up --pull always --detach | |
docker compose -f compose.proxy.yaml --project-name proxy up --pull always --detach | |
EOF |