Merge pull request #5 from H1B0B0/snyk-fix-1c8fcd8c85f937fdb865391e59… #59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build and Deploy Infrastructure | |
on: | |
push: | |
branches: | |
- main | |
jobs: | |
test: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Use Node.js | |
uses: actions/setup-node@v2 | |
with: | |
node-version: "21" | |
- name: Install dependencies | |
run: cd backend && npm install | |
- name: Run pretests | |
run: cd backend && npm run pretest | |
- name: Run tests | |
run: cd backend && npm run test | |
# format: | |
# runs-on: ubuntu-latest | |
# steps: | |
# - name: Checkout code | |
# uses: actions/checkout@v2 | |
# - name: Format Terraform files | |
# working-directory: ./terraform | |
# run: terraform fmt | |
Deploy: | |
needs: test | |
# needs: format | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
# - name: Initialize Terraform | |
# working-directory: ./terraform | |
# run: terraform init | |
# env: | |
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PRIVATE_KEY }} | |
# - name: Validate Terraform files | |
# working-directory: ./terraform | |
# run: terraform validate | |
# env: | |
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PRIVATE_KEY }} | |
# - name: Apply Terraform configuration | |
# working-directory: ./terraform | |
# run: | | |
# terraform apply -auto-approve | |
# env: | |
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PRIVATE_KEY }} | |
- name: Configure & Deploy with Ansible | |
run: | | |
echo "${{ secrets.SSH_PRIVATE_KEY }}" > private_key | |
eval $(ssh-agent -s) | |
chmod 400 private_key | |
ssh-add private_key | |
mkdir -p ~/.ssh | |
chmod 700 ~/.ssh | |
python3 -m pip install docker | |
ansible-galaxy collection install community.docker | |
echo "[all]" > inventory.ini | |
echo "my_instance ansible_host=${{secrets.ip_address}} ansible_user=hibo ansible_ssh_private_key_file=./private_key" >> inventory.ini | |
ansible-playbook -i inventory.ini playbook.yml --extra-vars "MONGO_INITDB_ROOT_USERNAME=${{ secrets.MONGO_INITDB_ROOT_USERNAME }} MONGO_INITDB_ROOT_PASSWORD=${{ secrets.MONGO_INITDB_ROOT_PASSWORD }} MONGO_INITDB_DATABASE=${{ secrets.MONGO_INITDB_DATABASE }} MONGODB_USER=${{ secrets.MONGODB_USER }} MONGODB_USER_PASSWORD=${{ secrets.MONGODB_USER_PASSWORD }} SITE_ADDRESS=${{secrets.ip_address}} ORIGIN_URL=${{ secrets.ORIGIN_URL }} NEXT_PUBLIC_BASE_URL=${{ secrets.NEXT_PUBLIC_BASE_URL }} PORT=${{ secrets.PORT }} DEBUG=${{ secrets.DEBUG }} JWT_SECRET=${{ secrets.JWT_SECRET }} kuramacert=${{ secrets.kuramacert }} kuramakey=${{ secrets.kuramakey }}" | |
env: | |
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }} | |
ANSIBLE_HOST_KEY_CHECKING: False | |
# destroy: | |
# runs-on: ubuntu-latest | |
# if: github.event_name == 'workflow_dispatch' | |
# steps: | |
# - name: Checkout code | |
# uses: actions/checkout@v2 | |
# - name: Navigate to terraform directory | |
# run: cd terraform | |
# - name: Destroy Infrastructure (Manual Trigger) | |
# run: terraform destroy -auto-approve |