deploy.yml

name: 🚀 Deploy
on:
  workflow_dispatch:
    inputs:
      branch_to_deploy:
        type: string
        description: "Branch name, Version number or Sha hash to deploy"
        required: true
      environment:
        type: choice
        description: "Environment to deploy to"
        required: true
        default: "qa"
        options:
          - prd
          - qa
          - staging
permissions:
  actions: read
  checks: read
  contents: write
  deployments: read
  id-token: write
  issues: read
  discussions: read
  packages: read
  pages: read
  pull-requests: read
  repository-projects: read
  security-events: read
  statuses: read
run-name: 🚀 Deploy ${{ inputs.branch_to_deploy || github.ref_name }}
jobs:
  # =====================================================
  # Job: Manual Deployment
  # =====================================================
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: ✅ Checkout
        uses: actions/checkout@v4
        with:
          token: ${{ secrets.GITHUB_TOKEN }}

      - name: Configure AWS credentials
        id: aws_creds
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-region: eu-west-1
          role-to-assume: ${{ secrets.RESOURCES_DEPLOY_ROLE }}
          role-session-name: OIDCSession
          mask-aws-account-id: true
          output-credentials: true

      - name: Deploy to remote server via SSH
        uses: appleboy/ssh-action@v1.0.3
        env:
          AWS_ACCESS_KEY_ID: ${{ steps.aws_creds.outputs.aws-access-key-id }}
          AWS_SECRET_ACCESS_KEY: ${{ steps.aws_creds.outputs.aws-secret-access-key }}
          AWS_SESSION_TOKEN: ${{ steps.aws_creds.outputs.aws-session-token }}
          AWS_ACCOUNT_ID: ${{ steps.aws_creds.outputs.aws-account-id }}
          SHA: ${{ github.sha }}
          DOCKER_TAG: ${{ inputs.branch_to_deploy }}
          ENVIRONMENT: ${{ inputs.environment }}
        with:
          host: ${{ secrets.DEMO_ARKETYPE_HOST }}
          username: ${{ secrets.DEMO_ARKETYPE_USER }}
          key: ${{ secrets.ACTIONS_PRIVATE_SSH_KEY }}
          envs: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_SESSION_TOKEN
          script: |
            #!/bin/bash
            set -x
            echo "sha: ${{ env.SHA }}"
            export AWS_ACCESS_KEY_ID=${{ env.AWS_ACCESS_KEY_ID }}
            export AWS_SECRET_ACCESS_KEY=${{ env.AWS_SECRET_ACCESS_KEY }}
            export AWS_SESSION_TOKEN=${{ env.AWS_SESSION_TOKEN }}
            export AWS_SESSION_TOKEN=${{ env.AWS_SESSION_TOKEN }}

            # Parameters
            ENVIRONMENT=${{ inputs.environment }}
            DOCKER_TAG=${{ inputs.branch_to_deploy }}

            # Define port based on environment
            case "$ENVIRONMENT" in
                staging)
                    DOCKER_PORT=4000
                    ;;
                qa)
                    DOCKER_PORT=4001
                    ;;
                prd)
                    DOCKER_PORT=4002
                    ;;
                *)
                    echo "Unknown environment: $ENVIRONMENT"
                    exit 1
                    ;;
            esac

            # Docker image URL
            IMAGE_URL="${{ env.AWS_ACCOUNT_ID }}.dkr.ecr.eu-west-1.amazonaws.com/venly-arketype-eu-west-1"

            # Create the environment file for systemd
            ENV_FILE="/etc/default/venly-arketype-${ENVIRONMENT}"
            {
                echo "DOCKER_IMAGE_URL=${IMAGE_URL}"
                echo "DOCKER_TAG=${DOCKER_TAG}"
                echo "PORT_MAPPING=127.0.0.1:${DOCKER_PORT}:4000"
            } > $ENV_FILE

            # Docker login
            aws ecr get-login-password --region eu-west-1 | docker login --username AWS --password-stdin ${{ env.AWS_ACCOUNT_ID }}.dkr.ecr.eu-west-1.amazonaws.com

            # Prune Docker system
            docker system prune -f

            # Pull Docker image
            docker pull $IMAGE_URL:$DOCKER_TAG

            # Deployment
            echo "Deploying $DOCKER_TAG"
            SERVICE_NAME="venly-arketype@${ENVIRONMENT}.service"
            sudo systemctl stop $SERVICE_NAME
            sudo systemctl start $SERVICE_NAME

            # Docker logout
            docker logout ${{ env.AWS_ACCOUNT_ID }}.dkr.ecr.eu-west-1.amazonaws.com

            echo "Deployment to $ENVIRONMENT completed successfully"