CI_CD #4
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI_CD | |
on: | |
# push: | |
# branches: | |
# - main | |
# - staging | |
workflow_dispatch: | |
jobs: | |
build_image: | |
runs-on: ubuntu-latest | |
env: | |
DOCKERFILE: ci/dockerfile | |
AWS_ECR_ACCESS_KEY_ID: ${{ secrets.AWS_ECR_ACCESS_KEY_ID }} | |
AWS_ECR_SECRET_ACCESS_KEY: ${{ secrets.AWS_ECR_SECRET_ACCESS_KEY }} | |
AWS_ECR_URI: ${{ secrets.AWS_ECR_URI }} | |
AWS_ECR_REGION: ${{ secrets.AWS_ECR_REGION }} | |
AWS_ECR_PRIVATE: ${{ vars.AWS_ECR_PRIVATE }} | |
steps: | |
- name: Git checkout | |
uses: actions/checkout@v3 | |
- name: Get git short sha | |
id: git | |
run: | | |
echo "short_sha=$(git rev-parse --short $GITHUB_SHA)" >> "$GITHUB_OUTPUT" | |
- name: Get latest version of package json | |
id: version | |
uses: martinbeentjes/npm-get-version-action@main | |
- name: Git | |
run: | | |
echo Short sha: ${{ steps.git.outputs.short_sha }} | |
echo Version is: ${{ steps.version.outputs.current-version }} | |
- name: Environment | |
run: | | |
echo DOCKERFILE is: ${{ env.DOCKERFILE }} | |
echo AWS_ECR_URI is: ${{ env.AWS_ECR_URI }} | |
echo AWS_ECR_REGION is: ${{ env.AWS_ECR_REGION }} | |
echo AWS_ECR_PRIVATE is: ${{ env.AWS_ECR_PRIVATE }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx for Builder | |
uses: docker/setup-buildx-action@v3 | |
id: builder | |
- name: Set up Docker Buildx for Main | |
uses: docker/setup-buildx-action@v3 | |
id: main | |
- name: Builder name | |
run: echo ${{ steps.builder.outputs.name }} | |
- name: Main name | |
run: echo ${{ steps.main.outputs.name }} | |
- name: Login to AWS ECR Private Repo | |
if: ${{ env.AWS_ECR_PRIVATE == 'true' }} | |
run: aws ecr get-login-password --region ${{ env.AWS_ECR_REGION }} | docker login --username AWS --password-stdin ${{ env.AWS_ECR_URI }} | |
env: | |
AWS_ACCESS_KEY_ID: ${{ env.AWS_ECR_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_ECR_SECRET_ACCESS_KEY }} | |
AWS_REGION: ${{ env.AWS_ECR_REGION }} | |
AWS_ECR_URI: ${{ env.AWS_ECR_URI }} | |
- name: Login to AWS ECR Public Repo | |
if: ${{ env.AWS_ECR_PRIVATE != 'true' }} | |
run: aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin ${{ env.AWS_ECR_URI }} | |
env: | |
AWS_ACCESS_KEY_ID: ${{ env.AWS_ECR_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_ECR_SECRET_ACCESS_KEY }} | |
AWS_ECR_URI: ${{ env.AWS_ECR_URI }} | |
- name: Build builder | |
uses: docker/build-push-action@v4 | |
with: | |
builder: ${{ steps.builder.outputs.name }} | |
file: ${{ env.DOCKERFILE }} | |
target: builder | |
- name: Build main and push | |
uses: docker/build-push-action@v4 | |
if: ${{ github.ref_name == 'main' }} | |
with: | |
builder: ${{ steps.main.outputs.name }} | |
file: ${{ env.DOCKERFILE }} | |
build-args: | | |
NODE_ENV=production | |
target: main | |
tags: | | |
${{ env.AWS_ECR_URI }}:latest | |
${{ env.AWS_ECR_URI }}:main_v${{ steps.version.outputs.current-version }} | |
${{ env.AWS_ECR_URI }}:main_v${{ steps.version.outputs.current-version }}_sha-${{ steps.git.outputs.short_sha }} | |
push: true | |
- name: Build staging and push | |
uses: docker/build-push-action@v4 | |
if: ${{ github.ref_name == 'staging' }} | |
with: | |
builder: ${{ steps.main.outputs.name }} | |
file: ${{ env.DOCKERFILE }} | |
build-args: | | |
NODE_ENV=staging | |
target: main | |
tags: | | |
${{ env.AWS_ECR_URI }}:staging_v${{ steps.version.outputs.current-version }} | |
${{ env.AWS_ECR_URI }}:staging_v${{ steps.version.outputs.current-version }}_sha-${{ steps.git.outputs.short_sha }} | |
push: true | |
deploy_production: | |
needs: [ build_image ] | |
runs-on: ubuntu-latest | |
if: ${{ github.ref_name == 'main' }} | |
environment: production | |
env: | |
AWS_ECR_ACCESS_KEY_ID: ${{ secrets.AWS_ECR_ACCESS_KEY_ID }} | |
AWS_ECR_SECRET_ACCESS_KEY: ${{ secrets.AWS_ECR_SECRET_ACCESS_KEY }} | |
AWS_ECR_URI: ${{ secrets.AWS_ECR_URI }} | |
AWS_ECR_REGION: ${{ secrets.AWS_ECR_REGION }} | |
AWS_ECR_PRIVATE: ${{ vars.AWS_ECR_PRIVATE }} | |
APP_NAME: ${{ vars.APP_NAME }} | |
APP_PORT: 3000 | |
APP_PORT_EXPOSE: ${{ secrets.APP_PORT }} | |
APP_NETWORK: app-network | |
SSH_HOST: ${{ secrets.SSH_HOST }} | |
SSH_PORT: ${{ secrets.SSH_PORT }} | |
SSH_USER: ${{ secrets.SSH_USER }} | |
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY}} | |
steps: | |
- name: Git checkout | |
uses: actions/checkout@v3 | |
- name: Get short sha commit | |
id: git | |
run: | | |
echo "$(git rev-parse --short "$GITHUB_SHA")" >> "$GITHUB_OUTPUT" | |
- name: Get latest version | |
id: version | |
uses: martinbeentjes/npm-get-version-action@main | |
- name: Git | |
run: | | |
echo Short sha: ${{ steps.git.outputs.short_sha }} | |
echo Version is: ${{ steps.version.outputs.current-version }} | |
- name: Environment | |
run: | | |
echo AWS_ECR_ACCESS_KEY_ID is: ${{ env.AWS_ECR_ACCESS_KEY_ID }} | |
echo AWS_ECR_SECRET_ACCESS_KEY is: ${{ env.AWS_ECR_SECRET_ACCESS_KEY }} | |
echo AWS_ECR_URI is: ${{ env.AWS_ECR_URI }} | |
echo AWS_ECR_REGION is: ${{ env.AWS_ECR_REGION }} | |
echo AWS_ECR_PRIVATE is: ${{ env.AWS_ECR_PRIVATE }} | |
echo APP_NAME is: ${{ env.APP_NAME }} | |
echo APP_PORT is: ${{ env.APP_PORT }} | |
echo APP_PORT_EXPOSE is: ${{ env.APP_PORT_EXPOSE }} | |
echo APP_NETWORK is: ${{ env.APP_NETWORK }} | |
echo SSH_HOST is: ${{ env.SSH_HOST }} | |
echo SSH_PORT is: ${{ env.SSH_PORT }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to AWS ECR Private Repo | |
if: ${{ env.AWS_ECR_PRIVATE == 'true' }} | |
run: aws ecr get-login-password --region ${{ env.AWS_ECR_REGION }} | docker login --username AWS --password-stdin ${{ env.AWS_ECR_URI }} | |
env: | |
AWS_ACCESS_KEY_ID: ${{ env.AWS_ECR_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_ECR_SECRET_ACCESS_KEY }} | |
AWS_REGION: ${{ env.AWS_ECR_REGION }} | |
AWS_ECR_URI: ${{ env.AWS_ECR_URI }} | |
- name: Deploy | |
uses: fifsky/ssh-action@master | |
with: | |
command: | | |
docker pull ${{ env.AWS_ECR_URI }}:main_v${{ steps.version.outputs.current-version }}_sha-${{ steps.git.outputs.short_sha }} | |
docker stop ${{ env.APP_NAME }} && docker rm ${{ env.APP_NAME }} | |
docker network create ${{ env.APP_NETWORK }} --driver=bridge | |
docker run -itd \ | |
--env NODE_ENV=production \ | |
--hostname ${{ env.APP_NAME }} \ | |
--publish ${{ env.APP_PORT_EXPOSE }}:${{ env.APP_PORT }} \ | |
--network ${{ env.APP_NETWORK }} \ | |
--volume /app/${{ env.APP_NAME }}/logs/:/app/logs/ \ | |
--volume /app/${{ env.APP_NAME }}/.env:/app/.env \ | |
--restart unless-stopped \ | |
--name ${{ env.APP_NAME }} ${{ env.AWS_ECR_URI }}:main_v${{ steps.version.outputs.current-version }}_sha-${{ steps.git.outputs.short_sha }} | |
host: ${{ env.SSH_HOST }} | |
port: ${{ env.SSH_PORT }} | |
user: ${{ env.SSH_USER }} | |
key: ${{ env.SSH_PRIVATE_KEY }} | |
- name: Clean | |
uses: fifsky/ssh-action@master | |
continue-on-error: true | |
with: | |
command: | | |
docker container prune --force | |
docker image prune --force | |
docker rmi $(docker images **/${{ env.AWS_ECR_URI }} -q) --force | |
host: ${{ env.SSH_HOST }} | |
port: ${{ env.SSH_PORT }} | |
user: ${{ env.SSH_USER }} | |
key: ${{ env.SSH_PRIVATE_KEY }} | |
deploy_staging: | |
needs: [ build_image ] | |
runs-on: ubuntu-latest | |
if: ${{ github.ref_name == 'staging' }} | |
environment: 'staging' | |
env: | |
AWS_ECR_ACCESS_KEY_ID: ${{ secrets.AWS_ECR_ACCESS_KEY_ID }} | |
AWS_ECR_SECRET_ACCESS_KEY: ${{ secrets.AWS_ECR_SECRET_ACCESS_KEY }} | |
AWS_ECR_URI: ${{ secrets.AWS_ECR_URI }} | |
AWS_ECR_REGION: ${{ secrets.AWS_ECR_REGION }} | |
AWS_ECR_PRIVATE: ${{ vars.AWS_ECR_PRIVATE }} | |
APP_NAME: ${{ vars.APP_NAME }} | |
APP_PORT: 3000 | |
APP_PORT_EXPOSE: ${{ secrets.APP_PORT }} | |
APP_NETWORK: app-network | |
SSH_HOST: ${{ secrets.SSH_HOST }} | |
SSH_PORT: ${{ secrets.SSH_PORT }} | |
SSH_USER: ${{ secrets.SSH_USER }} | |
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY}} | |
steps: | |
- name: Git checkout | |
uses: actions/checkout@v3 | |
- name: Get short sha commit | |
id: git | |
run: | | |
echo "short_sha=$(git rev-parse --short $GITHUB_SHA)" >> "$GITHUB_OUTPUT" | |
- name: Get latest version | |
id: version | |
uses: martinbeentjes/npm-get-version-action@main | |
- name: Git | |
run: | | |
echo Short sha: ${{ steps.git.outputs.short_sha }} | |
echo Version is: ${{ steps.version.outputs.current-version }} | |
- name: Environment | |
run: | | |
echo AWS_ECR_ACCESS_KEY_ID is: ${{ env.AWS_ECR_ACCESS_KEY_ID }} | |
echo AWS_ECR_SECRET_ACCESS_KEY is: ${{ env.AWS_ECR_SECRET_ACCESS_KEY }} | |
echo AWS_ECR_URI is: ${{ env.AWS_ECR_URI }} | |
echo AWS_ECR_REGION is: ${{ env.AWS_ECR_REGION }} | |
echo AWS_ECR_PRIVATE is: ${{ env.AWS_ECR_PRIVATE }} | |
echo APP_NAME is: ${{ env.APP_NAME }} | |
echo APP_PORT is: ${{ env.APP_PORT }} | |
echo APP_PORT_EXPOSE is: ${{ env.APP_PORT_EXPOSE }} | |
echo APP_NETWORK is: ${{ env.APP_NETWORK }} | |
echo SSH_HOST is: ${{ env.SSH_HOST }} | |
echo SSH_PORT is: ${{ env.SSH_PORT }} | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v2 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to AWS ECR Private Repo | |
if: ${{ env.AWS_ECR_PRIVATE == 'true' }} | |
run: aws ecr get-login-password --region ${{ env.AWS_ECR_REGION }} | docker login --username AWS --password-stdin ${{ env.AWS_ECR_URI }} | |
env: | |
AWS_ACCESS_KEY_ID: ${{ env.AWS_ECR_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ env.AWS_ECR_SECRET_ACCESS_KEY }} | |
AWS_REGION: ${{ env.AWS_ECR_REGION }} | |
AWS_ECR_URI: ${{ env.AWS_ECR_URI }} | |
- name: Deploy | |
if: ${{ env.AWS_ECR_PRIVATE != 'true' }} | |
uses: fifsky/ssh-action@master | |
with: | |
command: | | |
docker pull ${{ env.AWS_ECR_URI }}:staging_v${{ steps.version.outputs.current-version }}_sha-${{ steps.git.outputs.short_sha }} | |
docker stop ${{ env.APP_NAME }} && docker rm ${{ env.APP_NAME }} | |
docker network create ${{ env.APP_NETWORK }} --driver=bridge | |
docker run -itd \ | |
--env NODE_ENV=staging \ | |
--hostname ${{ env.APP_NAME }} \ | |
--publish ${{ env.APP_PORT_EXPOSE }}:${{ env.APP_PORT }} \ | |
--network ${{ env.APP_NETWORK }} \ | |
--volume /app/${{ env.APP_NAME }}/logs/:/app/logs/ \ | |
--volume /app/${{ env.APP_NAME }}/.env:/app/.env \ | |
--restart unless-stopped \ | |
--name ${{ env.APP_NAME }} ${{ env.AWS_ECR_URI }}:staging_v${{ steps.version.outputs.current-version }}_sha-${{ steps.git.outputs.short_sha }} | |
host: ${{ env.SSH_HOST }} | |
port: ${{ env.SSH_PORT }} | |
user: ${{ env.SSH_USER }} | |
key: ${{ env.SSH_PRIVATE_KEY }} | |
- name: Clean | |
uses: fifsky/ssh-action@master | |
continue-on-error: true | |
with: | |
command: | | |
docker container prune --force | |
docker image prune --force | |
docker rmi $(docker images **/${{ env.AWS_ECR_URI }} -q) --force | |
host: ${{ env.SSH_HOST }} | |
port: ${{ env.SSH_PORT }} | |
user: ${{ env.SSH_USER }} | |
key: ${{ env.SSH_PRIVATE_KEY }} |