This repository has been archived by the owner on Jan 2, 2024. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 1
128 lines (113 loc) · 4.04 KB
/
deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
name: Deploy backend
on:
push:
branches: [master]
permissions:
packages: write
actions: read
env:
IMAGE_NAME: 'ghcr.io/${{ github.repository }}'
TF_VAR_db_password_dev: ${{ secrets.DB_PASSWORD_DEV }}
TF_VAR_db_password_prod: ${{ secrets.DB_PASSWORD_PROD }}
TF_VAR_admin_key_dev: ${{ secrets.ADMIN_KEY_DEV }}
TF_VAR_admin_key_prod: ${{ secrets.ADMIN_KEY_PROD }}
TF_VAR_auth_secret: ${{ secrets.AUTH_SECRET }}
TF_VAR_sendgrid_api_key: ${{ secrets.SENDGRID_API_KEY }}
TF_VAR_revision_suffix: ${{ github.sha }}
ARM_CLIENT_ID: ${{ secrets.ARM_CLIENT_ID }}
ARM_CLIENT_SECRET: ${{ secrets.ARM_CLIENT_SECRET }}
ARM_SUBSCRIPTION_ID: ${{ secrets.ARM_SUBSCRIPTION_ID }}
ARM_TENANT_ID: ${{ secrets.ARM_TENANT_ID }}
jobs:
docker_push_backend:
name: 'Push backend image to Docker registry'
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get changed files
id: changed-files
uses: tj-actions/changed-files@v40
with:
files: |
backend/**
files_ignore: |
backend/.gitignore
backend/.env.example
since_last_remote_commit: true
- name: List all changed files
run: |
for file in ${{ steps.changed-files.outputs.all_changed_files }}; do
echo "$file was changed"
done
echo "any_changed = ${{ steps.changed-files.outputs.any_changed }}"
- name: Login to GitHub Container Registry
if: steps.changed-files.outputs.any_changed == 'true'
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build backend with cache and push to registry
if: steps.changed-files.outputs.any_changed == 'true'
run: |
cd backend
docker build \
--cache-from "$IMAGE_NAME/backend" \
-t "$IMAGE_NAME/backend:$TAG" \
--build-arg BUILDKIT_INLINE_CACHE=1 \
.
docker push "$IMAGE_NAME/backend" --all-tags
env:
DOCKER_BUILDKIT: 1
TAG: latest
terraform_deploy:
name: 'Deploy backend with Terraform'
runs-on: ubuntu-latest
needs: [docker_push_backend]
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Get changed files, Terraform
id: changed-files-tf
uses: tj-actions/changed-files@v40
with:
files: |
terraform/**
since_last_remote_commit: true
- name: List all changed files, Terraform
run: |
for file in ${{ steps.changed-files-tf.outputs.all_changed_files }}; do
echo "$file was changed"
done
echo "any_changed = ${{ steps.changed-files-tf.outputs.any_changed }}"
- name: Get changed files, backend
id: changed-files-backend
uses: tj-actions/changed-files@v40
with:
files: |
backend/**
.github/workflows/deploy.yaml
files_ignore: |
backend/.gitignore
backend/.env.example
since_last_remote_commit: true
- name: List all changed files, backend
run: |
for file in ${{ steps.changed-files-backend.outputs.all_changed_files }}; do
echo "$file was changed"
done
echo "any_changed = ${{ steps.changed-files-backend.outputs.any_changed }}"
- name: Setup Terraform
if: steps.changed-files-tf.outputs.any_changed == 'true' || steps.changed-files-backend.outputs.any_changed == 'true'
uses: hashicorp/setup-terraform@v2
- name: Apply Terraform changes
if: steps.changed-files-tf.outputs.any_changed == 'true' || steps.changed-files-backend.outputs.any_changed == 'true'
run: |
cd terraform/main
terraform init -lockfile=readonly
terraform apply -auto-approve -lock-timeout=15m