CI/CD #88
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [main] | |
| jobs: | |
| build-and-push: | |
| name: Build and Push to ECR | |
| runs-on: ubuntu-latest | |
| env: | |
| ECR_REPOSITORY: rumble | |
| IMAGE_TAG: ${{ github.run_id }}.${{ github.run_number }}.${{ github.run_attempt }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Build, Tag, and Push the Image to Amazon ECR | |
| id: build-image | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| POSTGRES_DB: ${{ secrets.POSTGRES_DB }} | |
| POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }} | |
| POSTGRES_USER: ${{ secrets.POSTGRES_USER }} | |
| POSTGRES_HOST: ${{ secrets.POSTGRES_HOST }} | |
| MAP_API_KEY: ${{ secrets.GOOGLE_MAP_API_KEY }} | |
| DJANGO_SECRET_KEY: ${{ secrets.DJANGO_SECRET_KEY }} | |
| run: | | |
| docker compose build | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:app-$IMAGE_TAG | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:nginx-$IMAGE_TAG | |
| - name: Set Docker Pull Image Environment Variable | |
| run: echo "DOCKER_PULL_IMAGE=${{ steps.login-ecr.outputs.registry }}/${ECR_REPOSITORY}:${IMAGE_TAG}" >> $GITHUB_ENV | |
| - name: Set Docker Export Environment Variable | |
| run: | | |
| echo "ECR_REPOSITORY=${ECR_REPOSITORY}" >> $GITHUB_ENV | |
| echo "IMAGE_TAG=${IMAGE_TAG}" >> $GITHUB_ENV | |
| - name: Push artifact to server instance | |
| uses: easingthemes/ssh-deploy@main | |
| env: | |
| SSH_PRIVATE_KEY: ${{ secrets.EC2_SSH_KEY }} | |
| REMOTE_HOST: ${{ secrets.HOST_DNS }} | |
| REMOTE_USER: ${{ secrets.USERNAME }} | |
| TARGET: ${{ secrets.TARGET_DIR }} | |
| SOURCE: "docker-compose.yaml" | |
| SCRIPT_BEFORE: | | |
| mkdir -p ${{ secrets.TARGET_DIR }} | |
| if ! grep -q "source export-env" ~/.bash_profile; then | |
| echo "source export-env" >> ~/.bash_profile | |
| fi | |
| touch export-env | |
| SCRIPT_AFTER: | | |
| aws ecr get-login-password --region "${{ secrets.AWS_REGION }}" | docker login --username AWS --password-stdin "${{ steps.login-ecr.outputs.registry }}" | |
| echo 'export POSTGRES_HOST="${{ secrets.POSTGRES_HOST }}"' > export-env | |
| echo 'export POSTGRES_USER="${{ secrets.POSTGRES_USER }}"' >> export-env | |
| echo 'export POSTGRES_PASSWORD="${{ secrets.POSTGRES_PASSWORD }}"' >> export-env | |
| echo 'export POSTGRES_DB="${{ secrets.POSTGRES_DB }}"' >> export-env | |
| echo 'export POSTGRES_PORT="${{ secrets.POSTGRES_PORT }}"' >> export-env | |
| echo 'export DJANGO_SECRET_KEY="${{ secrets.DJANGO_SECRET_KEY }}"' >> export-env | |
| echo 'export GOOGLE_MAP_API_KEY="${{ secrets.GOOGLE_MAP_API_KEY }}"' >> export-env | |
| echo 'export DJANGO_ALLOWED_HOSTS="${{ secrets.DJANGO_ALLOWED_HOSTS }}"' >> export-env | |
| echo 'export DJANGO_CSRF_TRUSTED_ORIGINS="${{ secrets.DJANGO_CSRF_TRUSTED_ORIGINS }}"' >> export-env | |
| echo 'export SERVER_NAME="${{ vars.SERVER_NAME }}"' >> export-env | |
| echo 'export CERTBOT_EMAIL="${{ secrets.CERTBOT_EMAIL }}"' >> export-env | |
| echo 'export ECR_REGISTRY="${{ steps.login-ecr.outputs.registry }}"' >> export-env | |
| echo 'export ECR_REPOSITORY="${{ env.ECR_REPOSITORY }}"' >> export-env | |
| echo 'export IMAGE_TAG="${{ env.IMAGE_TAG }}"' >> export-env | |
| source ~/.bash_profile | |
| cd "${{ secrets.TARGET_DIR }}" | |
| docker compose pull app | |
| docker compose stop app | |
| docker compose up -d | |
| rm -f local_ssh_script-before-*.sh | |
| docker system prune -af |