-
Notifications
You must be signed in to change notification settings - Fork 0
124 lines (108 loc) · 4.29 KB
/
deploy_on_push.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
name: Deploy on Push
on:
push:
branches:
- main
jobs:
run_pull:
name: Run Pull and Manage Containers
runs-on: ubuntu-latest
env:
AWS_INSTANCE_SG_ID: ${{ secrets.AWS_SG_ID }}
steps:
- name: configure aws credentials
uses: aws-actions/configure-aws-credentials@v3
with:
aws-access-key-id: ${{secrets.AWS_ACCESS_KEY_ID}}
aws-secret-access-key: ${{secrets.AWS_SECRET_ACCESS_KEY}}
aws-region: ${{secrets.AWS_REGION}}
- name: get runner ip address
id: ip
uses: haythem/[email protected]
- name: whitelist runner ip address
run: |
aws ec2 authorize-security-group-ingress \
--group-id $AWS_INSTANCE_SG_ID \
--protocol tcp \
--port 22 \
--cidr ${{ steps.ip.outputs.ipv4 }}/32
- name: Wait for security group update to propagate
run: sleep 30
- name: Checkout repository
uses: actions/checkout@v4
- name: Create .ssh directory
run: |
echo "Creating .ssh directory..."
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo ".ssh directory created."
- name: Install SSH keys
run: |
echo "Installing SSH keys..."
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.EC2_PRIVATE_KEY }}" | tr -d '\r' > ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
echo "SSH key file created and permissions set."
echo "Checking DNS resolution for SSH host..."
nslookup ${{ secrets.SSH_HOST }}
echo "Pinging SSH host..."
ping -c 4 ${{ secrets.SSH_HOST }}
echo "Running ssh-keyscan with verbose output..."
ssh-keyscan -v -H ${{ secrets.SSH_HOST }} >> ~/.ssh/known_hosts || { echo "ssh-keyscan failed"; exit 1; }
echo "SSH host key added to known_hosts."
env:
EC2_PRIVATE_KEY: ${{ secrets.EC2_PRIVATE_KEY }}
SSH_HOST: ${{ secrets.SSH_HOST }}
- name: Debug List .ssh directory contents
run: |
echo "Listing ~/.ssh directory contents..."
ls -la ~/.ssh
echo "Displaying SSH key file contents..."
cat ~/.ssh/id_ed25519
echo "Done listing ~/.ssh directory contents."
- name: Test SSH connection
run: |
echo "Testing SSH connection..."
ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "echo 'SSH connection successful'"
env:
SSH_USER: ${{ secrets.SSH_USER }}
SSH_HOST: ${{ secrets.SSH_HOST }}
- name: Create .ssh directory on remote server
run: |
echo "Creating .ssh directory on remote server..."
ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "mkdir -p ~/.ssh && chmod 700 ~/.ssh"
echo ".ssh directory created on remote server."
- name: Pull latest code on remote server
run: |
echo "Pulling latest code from remote repository..."
ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} "cd ${{ secrets.WORK_DIR }} && git checkout ${{ secrets.MAIN_BRANCH }} && git pull"
echo "Code pulled successfully."
- name: Manage Docker Compose on remote server
run: |
echo "Managing Docker Compose on remote server..."
ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=no ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} << 'EOF'
set -e
cd ${{ secrets.WORK_DIR }}
echo "Stopping and removing Docker containers..."
docker-compose down
echo "Removing Docker images..."
docker rmi file_uploader-backend:latest || true
docker rmi file_uploader-frontend:latest || true
echo "Starting Docker containers..."
docker-compose up -d
echo "Containers started."
EOF
echo "Docker Compose managed successfully."
- name: Cleanup SSH keys on GitHub runner
run: |
echo "Cleaning up SSH keys..."
rm -rf ~/.ssh/id_ed25519
echo "SSH keys cleaned up."
- name: revoke runner ip address
run: |
aws ec2 revoke-security-group-ingress \
--group-id $AWS_INSTANCE_SG_ID \
--protocol tcp \
--port 22 \
--cidr ${{ steps.ip.outputs.ipv4 }}/32