CI/CD #80
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD | |
on: | |
workflow_dispatch: | |
push: | |
branches: [main] | |
jobs: | |
build-and-push: | |
name: Build and Push to ECR | |
runs-on: ubuntu-latest | |
env: | |
ECR_REPOSITORY: rumble | |
IMAGE_TAG: ${{ github.run_id }}.${{ github.run_number }}.${{ github.run_attempt }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: Build, Tag, and Push the Image to Amazon ECR | |
id: build-image | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
POSTGRES_DB: ${{ secrets.POSTGRES_DB }} | |
POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }} | |
POSTGRES_USER: ${{ secrets.POSTGRES_USER }} | |
POSTGRES_HOST: ${{ secrets.POSTGRES_HOST }} | |
MAP_API_KEY: ${{ secrets.GOOGLE_MAP_API_KEY }} | |
DJANGO_SECRET_KEY: ${{ secrets.DJANGO_SECRET_KEY }} | |
run: | | |
docker compose build | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
- name: Set Docker Pull Image Environment Variable | |
run: echo "DOCKER_PULL_IMAGE=${{ steps.login-ecr.outputs.registry }}/${ECR_REPOSITORY}:${IMAGE_TAG}" >> $GITHUB_ENV | |
- name: Set Docker Export Environment Variable | |
run: | | |
echo "ECR_REPOSITORY=${ECR_REPOSITORY}" >> $GITHUB_ENV | |
echo "IMAGE_TAG=${IMAGE_TAG}" >> $GITHUB_ENV | |
- name: Push artifact to server instance | |
uses: easingthemes/ssh-deploy@main | |
env: | |
SSH_PRIVATE_KEY: ${{ secrets.EC2_SSH_KEY }} | |
REMOTE_HOST: ${{ secrets.HOST_DNS }} | |
REMOTE_USER: ${{ secrets.USERNAME }} | |
TARGET: ${{ secrets.TARGET_DIR }} | |
SCRIPT_BEFORE: mkdir -p ${{ secrets.TARGET_DIR }} | |
SCRIPT_AFTER: | | |
aws ecr get-login-password --region "${{ secrets.AWS_REGION }}" | docker login --username AWS --password-stdin "${{ steps.login-ecr.outputs.registry }}" | |
echo 'export POSTGRES_HOST="${{ secrets.POSTGRES_HOST }}"' > export-env | |
echo 'export POSTGRES_USER="${{ secrets.POSTGRES_USER }}"' >> export-env | |
echo 'export POSTGRES_PASSWORD="${{ secrets.POSTGRES_PASSWORD }}"' >> export-env | |
echo 'export POSTGRES_DB="${{ secrets.POSTGRES_DB }}"' >> export-env | |
echo 'export POSTGRES_PORT="${{ secrets.POSTGRES_PORT }}"' >> export-env | |
echo 'export DJANGO_SECRET_KEY="${{ secrets.DJANGO_SECRET_KEY }}"' >> export-env | |
echo 'export GOOGLE_MAP_API_KEY="${{ secrets.GOOGLE_MAP_API_KEY }}"' >> export-env | |
echo 'export DJANGO_ALLOWED_HOSTS="${{ secrets.DJANGO_ALLOWED_HOSTS }}"' >> export-env | |
echo 'export DJANGO_CSRF_TRUSTED_ORIGINS="${{ secrets.DJANGO_CSRF_TRUSTED_ORIGINS }}"' >> export-env | |
echo 'export SERVER_NAME="${{ vars.SERVER_NAME }}"' >> export-env | |
echo 'export CERTBOT_EMAIL="${{ secrets.CERTBOT_EMAIL }}"' >> export-env | |
echo 'export IS_SSL_ACQUIRED="${{ vars.IS_SSL_ACQUIRED }}"' >> export-env | |
echo 'export ECR_REGISTRY="${{ steps.login-ecr.outputs.registry }}"' > export-ecr | |
echo 'export ECR_REPOSITORY="${{ env.ECR_REPOSITORY }}"' >> export-ecr | |
echo 'export IMAGE_TAG="${{ env.IMAGE_TAG }}"' >> export-ecr | |
source ~/.bash_profile | |
docker stop rumble | |
docker rm rumble | |
cd "${{ secrets.TARGET_DIR }}" && docker compose up -d | |
docker system prune -a |