update prod cd to bare metal host #77
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Api Production deploy | ||
| on: | ||
| push: | ||
| branches: | ||
| - "main" | ||
| paths: | ||
| - "api/**" | ||
| - ".github/workflows/api-cd.yml" | ||
| workflow_dispatch: | ||
| jobs: | ||
| build-api: | ||
| permissions: | ||
| id-token: write | ||
| contents: read | ||
| name: Build and push to Google ACR | ||
| runs-on: ubuntu-latest | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| - id: 'setup-qemu' | ||
| name: Set up QEMU | ||
| uses: docker/setup-qemu-action@v3 | ||
| - id: 'docker-buildx-setup' | ||
| name: Set up Docker Buildx | ||
| uses: docker/setup-buildx-action@v3 | ||
| - id: 'auth' | ||
| name: 'Authenticate to Google Cloud' | ||
| uses: 'google-github-actions/auth@v2' | ||
| with: | ||
| create_credentials_file: true | ||
| token_format: access_token | ||
| workload_identity_provider: 'projects/5685154754/locations/global/workloadIdentityPools/cd-beerpong/providers/github-actions' | ||
| service_account: 'cd-beerpong@beer-pong-441815.iam.gserviceaccount.com' | ||
| - id: 'login-gar' | ||
| name: "Login to GAR" | ||
| uses: docker/login-action@v3 | ||
| with: | ||
| registry: europe-west10-docker.pkg.dev/beer-pong-441815/api-beerpong | ||
| username: oauth2accesstoken | ||
| password: ${{ steps.auth.outputs.access_token }} | ||
| - id: 'build-and-push' | ||
| name: 'Build and Push docker Image' | ||
| uses: docker/build-push-action@v6 | ||
| with: | ||
| push: true | ||
| context: api | ||
| file: ./api/Dockerfile | ||
| platforms: linux/amd64 | ||
| tags: europe-west10-docker.pkg.dev/beer-pong-441815/api-beerpong/api:${{ github.sha }} | ||
| needs: build-api | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| - id: 'auth' | ||
| name: 'Authenticate to Google Cloud' | ||
| uses: 'google-github-actions/auth@v2' | ||
| with: | ||
| create_credentials_file: true | ||
| token_format: access_token | ||
| workload_identity_provider: 'projects/5685154754/locations/global/workloadIdentityPools/cd-beerpong/providers/github-actions' | ||
| service_account: 'cd-beerpong@beer-pong-441815.iam.gserviceaccount.com' | ||
| - id: 'deploy' | ||
| uses: 'google-github-actions/deploy-cloudrun@v2' | ||
| with: | ||
| service: 'api-springboot' | ||
| image: 'europe-west10-docker.pkg.dev/beer-pong-441815/api-beerpong/api:${{ github.sha }}' | ||
| region: europe-west10 | ||
| flags: '--port=8080 --add-cloudsql-instances=beer-pong-441815:europe-west10:api-beerpong-pg --no-cpu-throttling --min-instances 0 --max-instances 3 --allow-unauthenticated' | ||
| env_vars: | | ||
| POSTGRES_USER=postgres | ||
| POSTGRES_URL=jdbc:postgresql:///beerpong?cloudSqlInstance=beer-pong-441815:europe-west10:api-beerpong-pg&socketFactory=com.google.cloud.sql.postgres.SocketFactory | ||
| API_BASE_URL=https://beerpong.lb.laurinnotemann.dev | ||
| secrets: |- | ||
| POSTGRES_PASSWORD=api-pg-password:latest | ||
| deploy-api: | ||
| permissions: | ||
| id-token: write | ||
| contents: read | ||
| name: "Deploy staging api on a bare metal server" | ||
| runs-on: ubuntu-latest | ||
| defaults: | ||
| run: | ||
| shell: bash | ||
| needs: build-api | ||
| steps: | ||
| - name: Checkout | ||
| uses: actions/checkout@v4 | ||
| - name: Set up SSH key | ||
| uses: webfactory/ssh-agent@v0.9.0 | ||
| with: | ||
| ssh-private-key: ${{ secrets.SSH_SECRET }} | ||
| - name: Add server to known hosts | ||
| run: | | ||
| mkdir -p ~/.ssh | ||
| ssh-keyscan -H ${{ secrets.SERVER_IP }} >> ~/.ssh/known_hosts | ||
| - name: Deploy to Bare Metal Server | ||
| env: | ||
| SERVER_IP: ${{ secrets.SERVER_IP }} | ||
| SERVER_USER: ${{ secrets.SERVER_USER }} | ||
| FILE_PATH: ${{ secrets.PATH_TO_SERVICE_ACC_JSON }} | ||
| DOCKER_IMAGE: europe-west10-docker.pkg.dev/beer-pong-441815/api-beerpong/api:${{ github.sha }} | ||
| run: | | ||
| ssh $SERVER_USER@$SERVER_IP << EOF | ||
| # Navigate to the Docker Compose directory | ||
| cd ~/docker/beerpong-api-prod | ||
| # Authenticate with Google Cloud (assuming gcloud is installed on the server) | ||
| gcloud auth activate-service-account --key-file=$FILE_PATH | ||
| gcloud auth configure-docker europe-west10-docker.pkg.dev | ||
| # Update the image in the docker-compose.yml file | ||
| sed -i 's|image: .*|image: $DOCKER_IMAGE|' docker-compose.yml | ||
| # Pull the latest image | ||
| docker compose pull | ||
| # Restart the service | ||
| docker compose up -d --force-recreate beerpong-api | ||
| # Clean up old images | ||
| docker image prune -af | ||
| EOF | ||
