-
Notifications
You must be signed in to change notification settings - Fork 1
75 lines (66 loc) · 2.31 KB
/
cd-backend.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
name: Backend CD Pipeline
on:
push:
branches:
- deployment
paths:
- 'backend/**'
workflow_dispatch:
jobs:
deploy:
runs-on: ubuntu-latest
# environment:
# name: backend
# url: ${{ vars.URL }}
steps:
- name: Checkout code
uses: actions/checkout@v2
- name: Get terraform-apply.yml Run ID
id: get-run-id
run: |
RUN_ID=$(curl -s \
-H "Authorization: Bearer ${{ secrets.TOKEN }}" \
-H "Accept: application/vnd.github+json" \
"https://api.github.com/repos/${{ github.repository }}/actions/workflows/terraform-apply.yml/runs?branch=infra_main&per_page=1" \
| jq -r '.workflow_runs[0].id')
echo "run_id=$RUN_ID" >> $GITHUB_OUTPUT
echo "$RUN_ID"
- name: Download Public_IP File
uses: actions/download-artifact@v4
with:
name: Public_IP
github-token: ${{ secrets.TOKEN }}
run-id: ${{ steps.get-run-id.outputs.run_id }}
- name: Read public IP
id: read_ip
run: |
PUBLIC_IP=$(cat public_ip_env.txt | tr -d '[:space:]')
echo "PUBLIC_IP=$PUBLIC_IP" >> $GITHUB_ENV
- name: Decrypt Backend Env File
env:
PASSPHRASE: ${{ secrets.ENCRYPTION_PASSPHRASE }}
ENCRYPTED_BACKEND_ENV: ${{ secrets.BACKEND_ENV_FILE }}
run: |
echo "$ENCRYPTED_BACKEND_ENV" | base64 -d | openssl enc -aes-256-cbc -d -pbkdf2 -k "$PASSPHRASE" -out backend.env
- name: Prepare PostgreSQL Password
env:
POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
run: |
echo "$POSTGRES_PASSWORD" > POSTGRES_PASSWORD.txt
- name: Copy files to Server
uses: appleboy/[email protected]
with:
host: ${{ env.PUBLIC_IP }}
username: ${{ vars.EC2_USER }}
key: ${{ secrets.PRIVATE_KEY }}
source: "backend.env, POSTGRES_PASSWORD.txt, compose.yml"
target: "~/"
- name: Use SSH Action
uses: appleboy/[email protected]
with:
host: ${{ env.PUBLIC_IP }}
username: ${{ vars.EC2_USER }}
key: ${{ secrets.PRIVATE_KEY }}
script: |
mv backend.env backend/.env
docker compose up -d --no-deps --force-recreate backend db adminer