-
Notifications
You must be signed in to change notification settings - Fork 1
193 lines (148 loc) · 7.18 KB
/
infrastructure.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
name: Infrastructure CI and CD
on:
workflow_run:
workflows:
- Frontend CI and CD
- Backend CI and CD
types:
- completed
defaults:
run:
working-directory: ./infrastructure
env:
TF_VAR_project_name: tarhche
TF_VAR_instance_name: backend
DOCKER_REGISTRY: ghcr.io
PROXY_IMAGE_NAME: proxy
EC2_SSH_ADDRESS: ${{ secrets.EC2_SSH_ADDRESS }}
EC2_SSH_ENDPOINT: ${{ secrets.EC2_SSH_USER }}@${{ secrets.EC2_SSH_ADDRESS }}
jobs:
ci:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
- name: Terraform Format
id: fmt
run: terraform fmt -check
- name: Terraform Init
id: init
run: terraform init
- name: Terraform Validate
id: validate
run: terraform validate -no-color
- name: Terraform Plan
run: terraform plan -no-color -input=false
continue-on-error: false
cd:
runs-on: ubuntu-latest
if: ${{ format('refs/heads/{0}', github.event.repository.default_branch) == github.ref }}
permissions:
packages: write
contents: read
needs:
- ci
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Setup Terraform
uses: hashicorp/setup-terraform@v3
- name: Terraform Init
id: init
run: terraform init
- name: Terraform Validate
id: validate
run: terraform validate -no-color
- name: Terraform Apply
run: terraform apply -auto-approve -input=false
continue-on-error: false
- name: Build images
run: |
PROXY_IMAGE_ID=$(echo $DOCKER_REGISTRY/${{ github.repository_owner }}/$PROXY_IMAGE_NAME | tr '[A-Z]' '[a-z]')
PROXY_IMAGE_VERSION=${{ github.sha }}
echo "PROXY_IMAGE_ID=$PROXY_IMAGE_ID" >> "$GITHUB_ENV"
echo "PROXY_IMAGE_VERSION=$PROXY_IMAGE_VERSION" >> "$GITHUB_ENV"
docker build ./proxy --file ./proxy/Dockerfile --tag $PROXY_IMAGE_ID:$PROXY_IMAGE_VERSION --tag $PROXY_IMAGE_ID:latest
- name: Log in to registry
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
- name: Push images
run: |
docker push $PROXY_IMAGE_ID:$PROXY_IMAGE_VERSION
docker push $PROXY_IMAGE_ID:latest
- name: Deploy services
run: |
# Setup ssh key
echo "${{ secrets.EC2_SSH_PRIVATE_KEY }}" > ~/ec2-key.pem
chmod 400 ~/ec2-key.pem
mkdir -p ~/.ssh
ssh-keyscan -H $EC2_SSH_ADDRESS >> ~/.ssh/known_hosts
# Ensure remote directory exists
ssh -q -i ~/ec2-key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null $EC2_SSH_ENDPOINT > /dev/null 2>&1 << 'EOF'
export VOLUME_PATH="${{ secrets.VOLUME_PATH }}"
sudo mkdir -p /opt/deployment
sudo chown ${{ secrets.EC2_SSH_USER }}:${{ secrets.EC2_SSH_USER }} /opt/deployment
# create volumes directories
sudo mkdir -p $VOLUME_PATH/mongodb/db
sudo mkdir -p $VOLUME_PATH/mongodb/configdb
sudo mkdir -p $VOLUME_PATH/nats
EOF
# Copy files
scp -q -i ~/ec2-key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null -r ./* $EC2_SSH_ENDPOINT:/opt/deployment/ > /dev/null 2>&1
# Connect and deploy services
ssh -q -i ~/ec2-key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null $EC2_SSH_ENDPOINT > /dev/null 2>&1 << 'EOF'
export VOLUME_PATH="${{ secrets.VOLUME_PATH }}"
export MONGO_USERNAME="${{ secrets.MONGO_USERNAME }}"
export MONGO_PASSWORD="${{ secrets.MONGO_PASSWORD }}"
export DASHBOARD_MONGO_USERNAME="${{ secrets.DASHBOARD_MONGO_USERNAME }}"
export DASHBOARD_MONGO_PASSWORD="${{ secrets.DASHBOARD_MONGO_PASSWORD }}"
export DASHBOARD_MONGO_MONGODB_URL="mongodb://${{ secrets.MONGO_USERNAME }}:${{ secrets.MONGO_PASSWORD }}@mongodb:27017"
export BACKEND_NATS_URL="${{ secrets.BACKEND_NATS_URL }}"
export BACKEND_PRIVATE_KEY="${{ secrets.BACKEND_PRIVATE_KEY }}"
export BACKEND_MONGO_HOST="mongodb"
export BACKEND_MONGO_PORT="27017"
export BACKEND_MONGO_SCHEME="mongodb"
export BACKEND_MONGO_DATABASE_NAME="${{ secrets.BACKEND_MONGO_DATABASE_NAME }}"
export BACKEND_MONGO_USERNAME="${{ secrets.MONGO_USERNAME }}"
export BACKEND_MONGO_PASSWORD="${{ secrets.MONGO_PASSWORD }}"
export BACKEND_MAIL_SMTP_PASSWORD="${{ secrets.BACKEND_MAIL_SMTP_PASSWORD }}"
export BACKEND_MAIL_SMTP_HOST="${{ secrets.BACKEND_MAIL_SMTP_HOST }}"
export BACKEND_MAIL_SMTP_FROM="${{ secrets.BACKEND_MAIL_SMTP_FROM }}"
export BACKEND_MAIL_SMTP_USERNAME="${{ secrets.BACKEND_MAIL_SMTP_USERNAME }}"
export BACKEND_MAIL_SMTP_PORT="${{ secrets.BACKEND_MAIL_SMTP_PORT }}"
export BACKEND_S3_ENDPOINT="${{ secrets.BACKEND_S3_ENDPOINT }}"
export BACKEND_S3_SECRET_KEY="${{ secrets.BACKEND_S3_SECRET_KEY }}"
export BACKEND_S3_ACCESS_KEY="${{ secrets.BACKEND_S3_ACCESS_KEY }}"
export BACKEND_S3_USE_SSL="${{ secrets.BACKEND_S3_USE_SSL }}"
export BACKEND_S3_BUCKET_NAME="${{ secrets.BACKEND_S3_BUCKET_NAME }}"
export PROXY_IMAGE=${{ secrets.PROXY_IMAGE }}
export APP_IMAGE="${{ secrets.APP_IMAGE }}"
export PORTAINER_ADMIN_PASSWORD='${{ secrets.PORTAINER_ADMIN_PASSWORD }}'
export FRONTEND_IMAGE="${{ secrets.FRONTEND_IMAGE }}"
export NEXT_PUBLIC_EXTERNAL_BACKEND_BASE_URL="${{ secrets.NEXT_PUBLIC_EXTERNAL_BACKEND_BASE_URL }}"
export INTERNAL_BACKEND_BASE_URL="${{ secrets.INTERNAL_BACKEND_BASE_URL }}"
export NEXT_PUBLIC_FILES_BASE_URL="${{ secrets.NEXT_PUBLIC_FILES_BASE_URL }}"
# Run Docker Compose
cd /opt/deployment/
docker stack deploy -c compose.mongodb.yaml mongodb --detach=true
docker stack deploy -c compose.mongodb_dashboard.yaml mongodb_dashboard --detach=true
docker stack deploy -c compose.nats.yaml nats --detach=true
docker stack deploy -c compose.docker.yaml docker --detach=true
docker stack deploy -c compose.docker_dashboard.yaml docker_dashboard --detach=true
docker stack deploy -c compose.backend.yaml backend --detach=true
docker stack deploy -c compose.frontend.yaml frontend --detach=true
docker stack deploy -c compose.proxy.yaml proxy --detach=true
EOF