-
Notifications
You must be signed in to change notification settings - Fork 0
133 lines (104 loc) · 4.68 KB
/
infrastructure.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: CI and CD
on:
push:
pull_request:
defaults:
run:
working-directory: ./infrastructure
env:
TF_VAR_project_name: tarhche
TF_VAR_instance_name: backend
PROXY_IMAGE_NAME: proxy
EC2_SSH_ADDRESS: ${{ secrets.EC2_SSH_ADDRESS }}
EC2_SSH_ENDPOINT: ${{ secrets.EC2_SSH_USER }}@${{ secrets.EC2_SSH_ADDRESS }}
jobs:
ci:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Terraform validate and apply
uses: ./.github/actions/terraform
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
validate: true
apply: true
- name: Build image
uses: ./.github/actions/docker-build
with:
context: ./proxy
dockerfile: ./proxy/Dockerfile
image-name: ${{ env.PROXY_IMAGE_NAME }}
push: false
container-registry: ghcr.io
cd:
runs-on: ubuntu-latest
if: ${{ format('refs/heads/{0}', github.event.repository.default_branch) == github.ref }}
permissions:
packages: write
contents: read
needs:
- ci
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Terraform validate and apply
uses: ./.github/actions/terraform
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
validate: true
apply: true
- name: Build and push proxy image
uses: ./.github/actions/docker-build
with:
context: ./proxy
dockerfile: ./proxy/Dockerfile
image-name: ${{ env.PROXY_IMAGE_NAME }}
push: true
container-registry: ghcr.io
container-registry-username: ${{ github.actor }}
container-registry-password: ${{ secrets.GITHUB_TOKEN }}
- name: Deploy services
run: |
# Setup ssh key
echo '${{ secrets.EC2_SSH_PRIVATE_KEY }}' > ~/ec2-key.pem
chmod 400 ~/ec2-key.pem
mkdir -p ~/.ssh
ssh-keyscan -H $EC2_SSH_ADDRESS >> ~/.ssh/known_hosts
# Ensure remote directory exists
ssh -q -i ~/ec2-key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null $EC2_SSH_ENDPOINT > /dev/null 2>&1 << 'EOF'
export VOLUME_PATH='${{ secrets.VOLUME_PATH }}'
sudo mkdir -p /opt/deployment
sudo chown ${{ secrets.EC2_SSH_USER }}:${{ secrets.EC2_SSH_USER }} /opt/deployment
# create volumes directories
sudo mkdir -p $VOLUME_PATH/mongodb/db
sudo mkdir -p $VOLUME_PATH/mongodb/configdb
sudo mkdir -p $VOLUME_PATH/nats
EOF
# Copy files
scp -q -i ~/ec2-key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -r ./* $EC2_SSH_ENDPOINT:/opt/deployment/ > /dev/null 2>&1
# Connect and deploy services
ssh -q -i ~/ec2-key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null $EC2_SSH_ENDPOINT > /dev/null 2>&1 << 'EOF'
export VOLUME_PATH='${{ secrets.VOLUME_PATH }}'
export MONGO_USERNAME='${{ secrets.MONGO_USERNAME }}'
export MONGO_PASSWORD='${{ secrets.MONGO_PASSWORD }}'
export DASHBOARD_MONGO_USERNAME='${{ secrets.DASHBOARD_MONGO_USERNAME }}'
export DASHBOARD_MONGO_PASSWORD='${{ secrets.DASHBOARD_MONGO_PASSWORD }}'
export DASHBOARD_MONGO_MONGODB_URL='mongodb://${{ secrets.MONGO_USERNAME }}:${{ secrets.MONGO_PASSWORD }}@mongodb:27017'
export PROXY_IMAGE='${{ secrets.PROXY_IMAGE }}'
export PORTAINER_ADMIN_PASSWORD='${{ secrets.PORTAINER_ADMIN_PASSWORD }}'
# Run Docker Compose
cd /opt/deployment/
docker compose -f compose.mongodb.yaml --project-name mongodb up --pull always --detach
docker compose -f compose.mongodb_dashboard.yaml --project-name mongodb_dashboard up --pull always --detach
docker compose -f compose.nats.yaml --project-name nats up --pull always --detach
docker compose -f compose.docker.yaml --project-name docker up --pull always --detach
docker compose -f compose.docker_dashboard.yaml --project-name docker_dashboard up --pull always --detach
docker compose -f compose.app.yaml --project-name app up --pull always --detach
docker compose -f compose.frontend.yaml --project-name frontend up --pull always --detach
docker compose -f compose.proxy.yaml --project-name proxy up --pull always --detach
EOF