Skip to content
CD

debug state #296

Sign in to view logs

debug state

debug state #296

Workflow file for this run

.github/workflows/cd.yml at 0656a16
name: CD
on:
push:
branches:
- main
workflow_dispatch:
jobs:
deploy:
name: πŸš€ CD Workflow
runs-on: ubuntu-latest
env:
AWS_INSTANCE_SG_ID: ${{ secrets.SECURITY_GROUP_ID }}
timeout-minutes: 5
steps:
- name: πŸ“¦ Checkout code
uses: actions/checkout@v4
- name: βš™οΈ Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Get IP Addresses
id: ip
uses: candidob/get-runner-ip@v1.0.0
- name: βš™οΈ Whitelist runner ip address
id: whitelist-ip
run: |
aws ec2 authorize-security-group-ingress \
--group-id $AWS_INSTANCE_SG_ID \
--protocol tcp \
--port 22 \
--cidr ${{ steps.ip.outputs.ipv4}}/32
- name: πŸ” Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: πŸ—οΈ Build, tag and push Image to Amazon ECR
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
REPOSITORY: unext-backend-ecr
IMAGE_TAG: ${{ github.sha }}
GIT_SECRET_PRIVATE_KEY: ${{ secrets.GIT_SECRET_PRIVATE_KEY }}
GIT_SECRET_PASSWORD: ${{ secrets.GIT_SECRET_PASSWORD }}
run: |
docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG \
--build-arg GIT_SECRET_PRIVATE_KEY="$GIT_SECRET_PRIVATE_KEY" \
--build-arg GIT_SECRET_PASSWORD="$GIT_SECRET_PASSWORD" \
--no-cache --progress=plain .
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
- name: πŸš€ Deploy and start container
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.HOSTNAME }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.SECRET_SSH_KEY }}
script: |
aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | docker login --username AWS --password-stdin ${{ secrets.AWS_ACCOUNT_ID }}.${{ secrets.ECR_REGISTRY }}
docker pull ${{ secrets.AWS_ACCOUNT_ID }}.${{ secrets.ECR_REGISTRY }}/unext-backend-ecr:${{ github.sha }}
docker stop unext-backend
docker rm unext-backend
docker run -d --name unext-backend -p ${{ secrets.PORT }}:${{ secrets.PORT }} ${{ secrets.AWS_ACCOUNT_ID }}.${{ secrets.ECR_REGISTRY }}/unext-backend-ecr:${{ github.sha }}
- name: πŸ—οΈ Revoke runner ip address
if: ${{ always() && steps.whitelist-ip.conclusion == 'success' }}
run: |
aws ec2 revoke-security-group-ingress \
--group-id $AWS_INSTANCE_SG_ID \
--protocol tcp \
--port 22 \
--cidr ${{ steps.ip.outputs.ipv4 }}/32