CI_CD #7
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI_CD | |
| on: | |
| # push: | |
| # branches: | |
| # - main | |
| # - staging | |
| workflow_dispatch: | |
| jobs: | |
| build_image: | |
| runs-on: ubuntu-latest | |
| env: | |
| DOCKERFILE: ci/dockerfile | |
| AWS_ECR_ACCESS_KEY_ID: ${{ secrets.AWS_ECR_ACCESS_KEY_ID }} | |
| AWS_ECR_SECRET_ACCESS_KEY: ${{ secrets.AWS_ECR_SECRET_ACCESS_KEY }} | |
| AWS_ECR_URI: ${{ vars.AWS_ECR_URI }} | |
| AWS_ECR_REPO_NAME: ${{ vars.AWS_ECR_REPO_NAME }} | |
| AWS_ECR_REGION: ${{ vars.AWS_ECR_REGION }} | |
| AWS_ECR_PRIVATE: ${{ vars.AWS_ECR_PRIVATE }} | |
| steps: | |
| - name: Git checkout | |
| uses: actions/checkout@v3 | |
| - name: Get git short sha | |
| id: git | |
| run: | | |
| echo "short_sha=$(git rev-parse --short $GITHUB_SHA)" >> "$GITHUB_OUTPUT" | |
| - name: Get latest version of package json | |
| id: version | |
| uses: martinbeentjes/npm-get-version-action@main | |
| - name: Git | |
| run: | | |
| echo Short sha: ${{ steps.git.outputs.short_sha }} | |
| echo Version is: ${{ steps.version.outputs.current-version }} | |
| - name: Environment | |
| run: | | |
| echo DOCKERFILE is: ${{ env.DOCKERFILE }} | |
| echo AWS_ECR_URI is: ${{ env.AWS_ECR_URI }} | |
| echo AWS_ECR_REPO_NAME is: ${{ env.AWS_ECR_REPO_NAME }} | |
| echo AWS_ECR_REGION is: ${{ env.AWS_ECR_REGION }} | |
| echo AWS_ECR_PRIVATE is: ${{ env.AWS_ECR_PRIVATE }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker Buildx for Builder | |
| uses: docker/setup-buildx-action@v3 | |
| id: builder | |
| - name: Set up Docker Buildx for Main | |
| uses: docker/setup-buildx-action@v3 | |
| id: main | |
| - name: Builder name | |
| run: echo ${{ steps.builder.outputs.name }} | |
| - name: Main name | |
| run: echo ${{ steps.main.outputs.name }} | |
| - name: Login to AWS ECR Private Repo | |
| if: ${{ env.AWS_ECR_PRIVATE == 'true' }} | |
| run: aws ecr get-login-password --region ${{ env.AWS_ECR_REGION }} | docker login --username AWS --password-stdin ${{ env.AWS_ECR_URI }} | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ env.AWS_ECR_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ env.AWS_ECR_SECRET_ACCESS_KEY }} | |
| - name: Login to AWS ECR Public Repo | |
| if: ${{ env.AWS_ECR_PRIVATE != 'true' }} | |
| run: aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin ${{ env.AWS_ECR_URI }} | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ env.AWS_ECR_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ env.AWS_ECR_SECRET_ACCESS_KEY }} | |
| - name: Build builder | |
| uses: docker/build-push-action@v4 | |
| with: | |
| builder: ${{ steps.builder.outputs.name }} | |
| file: ${{ env.DOCKERFILE }} | |
| target: builder | |
| - name: Build main and push | |
| uses: docker/build-push-action@v4 | |
| with: | |
| builder: ${{ steps.main.outputs.name }} | |
| file: ${{ env.DOCKERFILE }} | |
| build-args: | | |
| NODE_ENV=production | |
| target: main | |
| tags: | | |
| ${{ env.AWS_ECR_URI }}/${{ env.AWS_ECR_URI }}:latest | |
| ${{ env.AWS_ECR_URI }}/${{ env.AWS_ECR_URI }}:main_v${{ steps.version.outputs.current-version }} | |
| ${{ env.AWS_ECR_URI }}/${{ env.AWS_ECR_URI }}:main_v${{ steps.version.outputs.current-version }}_sha-${{ steps.git.outputs.short_sha }} | |
| push: true | |
| - name: Build staging and push | |
| uses: docker/build-push-action@v4 | |
| if: ${{ github.ref_name == 'staging' }} | |
| with: | |
| builder: ${{ steps.main.outputs.name }} | |
| file: ${{ env.DOCKERFILE }} | |
| build-args: | | |
| NODE_ENV=staging | |
| target: main | |
| tags: | | |
| ${{ env.AWS_ECR_URI }}/${{ env.AWS_ECR_URI }}:staging_v${{ steps.version.outputs.current-version }} | |
| ${{ env.AWS_ECR_URI }}/${{ env.AWS_ECR_URI }}:staging_v${{ steps.version.outputs.current-version }}_sha-${{ steps.git.outputs.short_sha }} | |
| push: true | |
| deploy_production: | |
| needs: [ build_image ] | |
| runs-on: ubuntu-latest | |
| environment: production | |
| env: | |
| AWS_ECR_ACCESS_KEY_ID: ${{ secrets.AWS_ECR_ACCESS_KEY_ID }} | |
| AWS_ECR_SECRET_ACCESS_KEY: ${{ secrets.AWS_ECR_SECRET_ACCESS_KEY }} | |
| AWS_ECR_URI: ${{ vars.AWS_ECR_URI }} | |
| AWS_ECR_REPO_NAME: ${{ vars.AWS_ECR_REPO_NAME }} | |
| AWS_ECR_REGION: ${{ vars.AWS_ECR_REGION }} | |
| AWS_ECR_PRIVATE: ${{ vars.AWS_ECR_PRIVATE }} | |
| APP_NAME: ${{ vars.APP_NAME }} | |
| APP_PORT: 3000 | |
| APP_PORT_EXPOSE: ${{ vars.APP_PORT }} | |
| APP_NETWORK: app-network | |
| SSH_HOST: ${{ secrets.SSH_HOST }} | |
| SSH_PORT: ${{ secrets.SSH_PORT }} | |
| SSH_USER: ${{ secrets.SSH_USER }} | |
| SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY}} | |
| steps: | |
| - name: Git checkout | |
| uses: actions/checkout@v3 | |
| - name: Get short sha commit | |
| id: git | |
| run: | | |
| echo "$(git rev-parse --short "$GITHUB_SHA")" >> "$GITHUB_OUTPUT" | |
| - name: Get latest version | |
| id: version | |
| uses: martinbeentjes/npm-get-version-action@main | |
| - name: Git | |
| run: | | |
| echo Short sha: ${{ steps.git.outputs.short_sha }} | |
| echo Version is: ${{ steps.version.outputs.current-version }} | |
| - name: Environment | |
| run: | | |
| echo AWS_ECR_URI is: ${{ env.AWS_ECR_URI }} | |
| echo AWS_ECR_REGION is: ${{ env.AWS_ECR_REGION }} | |
| echo AWS_ECR_REPO_NAME is: ${{ env.AWS_ECR_REPO_NAME }} | |
| echo AWS_ECR_PRIVATE is: ${{ env.AWS_ECR_PRIVATE }} | |
| echo APP_NAME is: ${{ env.APP_NAME }} | |
| echo APP_PORT is: ${{ env.APP_PORT }} | |
| echo APP_PORT_EXPOSE is: ${{ env.APP_PORT_EXPOSE }} | |
| echo APP_NETWORK is: ${{ env.APP_NETWORK }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to AWS ECR Private Repo | |
| if: ${{ env.AWS_ECR_PRIVATE == 'true' }} | |
| run: aws ecr get-login-password --region ${{ env.AWS_ECR_REGION }} | docker login --username AWS --password-stdin ${{ env.AWS_ECR_URI }} | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ env.AWS_ECR_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ env.AWS_ECR_SECRET_ACCESS_KEY }} | |
| - name: Deploy | |
| uses: fifsky/ssh-action@master | |
| with: | |
| command: | | |
| docker pull ${{ env.AWS_ECR_URI }}/${{ env.AWS_ECR_URI }}:main_v${{ steps.version.outputs.current-version }}_sha-${{ steps.git.outputs.short_sha }} | |
| docker stop ${{ env.APP_NAME }} && docker rm ${{ env.APP_NAME }} | |
| docker network create ${{ env.APP_NETWORK }} --driver=bridge | |
| docker run -itd \ | |
| --env NODE_ENV=production \ | |
| --hostname ${{ env.APP_NAME }} \ | |
| --publish ${{ env.APP_PORT_EXPOSE }}:${{ env.APP_PORT }} \ | |
| --network ${{ env.APP_NETWORK }} \ | |
| --volume /app/${{ env.APP_NAME }}/logs/:/app/logs/ \ | |
| --volume /app/${{ env.APP_NAME }}/.env:/app/.env \ | |
| --restart unless-stopped \ | |
| --name ${{ env.APP_NAME }} ${{ env.AWS_ECR_URI }}/${{ env.AWS_ECR_URI }}:main_v${{ steps.version.outputs.current-version }}_sha-${{ steps.git.outputs.short_sha }} | |
| host: ${{ env.SSH_HOST }} | |
| port: ${{ env.SSH_PORT }} | |
| user: ${{ env.SSH_USER }} | |
| key: ${{ env.SSH_PRIVATE_KEY }} | |
| - name: Clean | |
| uses: fifsky/ssh-action@master | |
| continue-on-error: true | |
| with: | |
| command: | | |
| docker container prune --force | |
| docker image prune --force | |
| docker rmi $(docker images **/${{ env.AWS_ECR_URI }} -q) --force | |
| host: ${{ env.SSH_HOST }} | |
| port: ${{ env.SSH_PORT }} | |
| user: ${{ env.SSH_USER }} | |
| key: ${{ env.SSH_PRIVATE_KEY }} | |
| deploy_staging: | |
| needs: [ build_image ] | |
| runs-on: ubuntu-latest | |
| if: ${{ github.ref_name == 'staging' }} | |
| environment: 'staging' | |
| env: | |
| AWS_ECR_ACCESS_KEY_ID: ${{ secrets.AWS_ECR_ACCESS_KEY_ID }} | |
| AWS_ECR_SECRET_ACCESS_KEY: ${{ secrets.AWS_ECR_SECRET_ACCESS_KEY }} | |
| AWS_ECR_URI: ${{ vars.AWS_ECR_URI }} | |
| AWS_ECR_REPO_NAME: ${{ vars.AWS_ECR_REPO_NAME }} | |
| AWS_ECR_REGION: ${{ vars.AWS_ECR_REGION }} | |
| AWS_ECR_PRIVATE: ${{ vars.AWS_ECR_PRIVATE }} | |
| APP_NAME: ${{ vars.APP_NAME }} | |
| APP_PORT: 3000 | |
| APP_PORT_EXPOSE: ${{ vars.APP_PORT }} | |
| APP_NETWORK: app-network | |
| SSH_HOST: ${{ secrets.SSH_HOST }} | |
| SSH_PORT: ${{ secrets.SSH_PORT }} | |
| SSH_USER: ${{ secrets.SSH_USER }} | |
| SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY}} | |
| steps: | |
| - name: Git checkout | |
| uses: actions/checkout@v3 | |
| - name: Get short sha commit | |
| id: git | |
| run: | | |
| echo "short_sha=$(git rev-parse --short $GITHUB_SHA)" >> "$GITHUB_OUTPUT" | |
| - name: Get latest version | |
| id: version | |
| uses: martinbeentjes/npm-get-version-action@main | |
| - name: Git | |
| run: | | |
| echo Short sha: ${{ steps.git.outputs.short_sha }} | |
| echo Version is: ${{ steps.version.outputs.current-version }} | |
| - name: Environment | |
| run: | | |
| echo AWS_ECR_URI is: ${{ env.AWS_ECR_URI }} | |
| echo AWS_ECR_REGION is: ${{ env.AWS_ECR_REGION }} | |
| echo AWS_ECR_REPO_NAME is: ${{ env.AWS_ECR_REPO_NAME }} | |
| echo AWS_ECR_PRIVATE is: ${{ env.AWS_ECR_PRIVATE }} | |
| echo APP_NAME is: ${{ env.APP_NAME }} | |
| echo APP_PORT is: ${{ env.APP_PORT }} | |
| echo APP_PORT_EXPOSE is: ${{ env.APP_PORT_EXPOSE }} | |
| echo APP_NETWORK is: ${{ env.APP_NETWORK }} | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to AWS ECR Private Repo | |
| if: ${{ env.AWS_ECR_PRIVATE == 'true' }} | |
| run: aws ecr get-login-password --region ${{ env.AWS_ECR_REGION }} | docker login --username AWS --password-stdin ${{ env.AWS_ECR_URI }} | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ env.AWS_ECR_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ env.AWS_ECR_SECRET_ACCESS_KEY }} | |
| - name: Deploy | |
| if: ${{ env.AWS_ECR_PRIVATE != 'true' }} | |
| uses: fifsky/ssh-action@master | |
| with: | |
| command: | | |
| docker pull ${{ env.AWS_ECR_URI }}/${{ env.AWS_ECR_URI }}:staging_v${{ steps.version.outputs.current-version }}_sha-${{ steps.git.outputs.short_sha }} | |
| docker stop ${{ env.APP_NAME }} && docker rm ${{ env.APP_NAME }} | |
| docker network create ${{ env.APP_NETWORK }} --driver=bridge | |
| docker run -itd \ | |
| --env NODE_ENV=staging \ | |
| --hostname ${{ env.APP_NAME }} \ | |
| --publish ${{ env.APP_PORT_EXPOSE }}:${{ env.APP_PORT }} \ | |
| --network ${{ env.APP_NETWORK }} \ | |
| --volume /app/${{ env.APP_NAME }}/logs/:/app/logs/ \ | |
| --volume /app/${{ env.APP_NAME }}/.env:/app/.env \ | |
| --restart unless-stopped \ | |
| --name ${{ env.APP_NAME }} ${{ env.AWS_ECR_URI }}/${{ env.AWS_ECR_URI }}:staging_v${{ steps.version.outputs.current-version }}_sha-${{ steps.git.outputs.short_sha }} | |
| host: ${{ env.SSH_HOST }} | |
| port: ${{ env.SSH_PORT }} | |
| user: ${{ env.SSH_USER }} | |
| key: ${{ env.SSH_PRIVATE_KEY }} | |
| - name: Clean | |
| uses: fifsky/ssh-action@master | |
| continue-on-error: true | |
| with: | |
| command: | | |
| docker container prune --force | |
| docker image prune --force | |
| docker rmi $(docker images **/${{ env.AWS_ECR_URI }} -q) --force | |
| host: ${{ env.SSH_HOST }} | |
| port: ${{ env.SSH_PORT }} | |
| user: ${{ env.SSH_USER }} | |
| key: ${{ env.SSH_PRIVATE_KEY }} |