-
Notifications
You must be signed in to change notification settings - Fork 0
83 lines (74 loc) · 3.52 KB
/
main.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
name: CI/CD
on:
workflow_dispatch:
push:
branches: [main]
jobs:
build-and-push:
name: Build and Push to ECR
runs-on: ubuntu-latest
env:
ECR_REPOSITORY: rumble
IMAGE_TAG: ${{ github.run_id }}.${{ github.run_number }}.${{ github.run_attempt }}
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build, Tag, and Push the Image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
POSTGRES_DB: ${{ secrets.POSTGRES_DB }}
POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
POSTGRES_USER: ${{ secrets.POSTGRES_USER }}
POSTGRES_HOST: ${{ secrets.POSTGRES_HOST }}
MAP_API_KEY: ${{ secrets.GOOGLE_MAP_API_KEY }}
DJANGO_SECRET_KEY: ${{ secrets.DJANGO_SECRET_KEY }}
run: |
docker compose build
docker push $ECR_REGISTRY/$ECR_REPOSITORY:app-$IMAGE_TAG
docker push $ECR_REGISTRY/$ECR_REPOSITORY:nginx-$IMAGE_TAG
- name: Set Docker Pull Image Environment Variable
run: echo "DOCKER_PULL_IMAGE=${{ steps.login-ecr.outputs.registry }}/${ECR_REPOSITORY}:${IMAGE_TAG}" >> $GITHUB_ENV
- name: Set Docker Export Environment Variable
run: |
echo "ECR_REPOSITORY=${ECR_REPOSITORY}" >> $GITHUB_ENV
echo "IMAGE_TAG=${IMAGE_TAG}" >> $GITHUB_ENV
- name: Push artifact to server instance
uses: easingthemes/ssh-deploy@main
env:
SSH_PRIVATE_KEY: ${{ secrets.EC2_SSH_KEY }}
REMOTE_HOST: ${{ secrets.HOST_DNS }}
REMOTE_USER: ${{ secrets.USERNAME }}
TARGET: ${{ secrets.TARGET_DIR }}
SOURCE: "docker-compose.yaml"
SCRIPT_AFTER: |
aws ecr get-login-password --region "${{ secrets.AWS_REGION }}" | docker login --username AWS --password-stdin "${{ steps.login-ecr.outputs.registry }}"
cd "${{ secrets.TARGET_DIR }}"
echo 'POSTGRES_HOST="${{ secrets.POSTGRES_HOST }}"' > .env
echo 'POSTGRES_USER="${{ secrets.POSTGRES_USER }}"' >> .env
echo 'POSTGRES_PASSWORD="${{ secrets.POSTGRES_PASSWORD }}"' >> .env
echo 'POSTGRES_DB="${{ secrets.POSTGRES_DB }}"' >> .env
echo 'POSTGRES_PORT="${{ secrets.POSTGRES_PORT }}"' >> .env
echo 'DJANGO_SECRET_KEY="${{ secrets.DJANGO_SECRET_KEY }}"' >> .env
echo 'GOOGLE_MAP_API_KEY="${{ secrets.GOOGLE_MAP_API_KEY }}"' >> .env
echo 'DJANGO_ALLOWED_HOSTS="${{ secrets.DJANGO_ALLOWED_HOSTS }}"' >> .env
echo 'DJANGO_CSRF_TRUSTED_ORIGINS="${{ secrets.DJANGO_CSRF_TRUSTED_ORIGINS }}"' >> .env
echo 'SERVER_NAME="${{ vars.SERVER_NAME }}"' >> .env
echo 'CERTBOT_EMAIL="${{ secrets.CERTBOT_EMAIL }}"' >> .env
echo 'ECR_REGISTRY="${{ steps.login-ecr.outputs.registry }}"' >> .env
echo 'ECR_REPOSITORY="${{ env.ECR_REPOSITORY }}"' >> .env
echo 'IMAGE_TAG="${{ env.IMAGE_TAG }}"' >> .env
docker compose pull
docker compose down
docker compose up -d
# rm -f local_ssh_script-before-*.sh
docker system prune -af