Another apporach. #29
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to EC2 Prod | |
| on: | |
| push: | |
| branches: | |
| - add-auto-deploy | |
| # on: | |
| # workflow_dispatch: | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_REGION: ${{ secrets.AWS_REGION }} | |
| AWS_AUTO_SCALING_GROUP_NAME: ${{ secrets.AWS_AUTO_SCALING_GROUP_NAME }} | |
| AWS_SECURITY_GROUP_ID: ${{ secrets.AWS_SECURITY_GROUP_ID }} | |
| AWS_EC2_SSH_KEY: ${{ secrets.AWS_EC2_SSH_KEY }} | |
| steps: | |
| # - name: Install jq | |
| # run: sudo apt-get install -y jq | |
| - name: Set up AWS CLI | |
| run: | | |
| mkdir -p ~/.aws | |
| echo "[default]" > ~/.aws/credentials | |
| echo "aws_access_key_id = $AWS_ACCESS_KEY_ID" >> ~/.aws/credentials | |
| echo "aws_secret_access_key = $AWS_SECRET_ACCESS_KEY" >> ~/.aws/credentials | |
| echo "region = $AWS_REGION" >> ~/.aws/credentials | |
| # - name: Fetch EC2 instances from Auto Scaling Group | |
| # run: | | |
| # INSTANCE_IDS=$(aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names $AWS_AUTO_SCALING_GROUP_NAME --query "AutoScalingGroups[0].Instances[*].InstanceId" --output json) | |
| # echo "Fetched instances from Auto Scaling Group: $INSTANCE_IDS" | |
| # # INSTANCE_ID_STRING=$(echo $INSTANCE_IDS | jq -r '. | join(" ")') | |
| # # echo "Fetched instances from Auto Scaling Group: $INSTANCE_ID_STRING" | |
| - name: Open SSH port to GitHub Actions IP | |
| run: | | |
| aws ec2 authorize-security-group-ingress --group-id $AWS_SECURITY_GROUP_ID --protocol tcp --port 22 --cidr $(curl -s https://api.ipify.org)/32 | |
| - name: Save the private key to a file | |
| run: | | |
| echo "$AWS_EC2_SSH_KEY" > ~/.aws/key.pem | |
| chmod 400 ~/.aws/key.pem # Set proper permissions | |
| ls -la ~/.aws/key.pem | |
| - name: Fetch EC2 instances from Auto Scaling Group | |
| run: | | |
| INSTANCE_IDS=$(aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names $AWS_AUTO_SCALING_GROUP_NAME --query "AutoScalingGroups[0].Instances[*].InstanceId" --output text) | |
| echo $INSTANCE_IDS | |
| - name: Extract the instance IDs using jq (JSON processor) | |
| run: | | |
| set -x | |
| # IFS=$'\n' read -d '' -r -a INSTANCES <<< "$(echo "$INSTANCE_IDS" | sed -n 's/[^"]*"\([^"]*\)".*/\1/p')" | |
| # readarray -t INSTANCES <<< "$(echo "$INSTANCE_IDS" | jq -r '.[]')" | |
| readarray -t INSTANCES <<< "$INSTANCE_IDS" | |
| set +x | |
| echo $INSTANCES | |
| - name: Iterate over the array | |
| run: | | |
| for INSTANCE_ID in "${INSTANCES[@]}"; do | |
| echo "Processing instance: $INSTANCE_ID" | |
| # Get instance IP | |
| INSTANCE_IP=$(aws ec2 describe-instances --instance-ids $INSTANCE_ID --query "Reservations[0].Instances[0].PublicIpAddress" --output json) | |
| # Remove double quotes from INSTANCE_IP | |
| INSTANCE_IP="${INSTANCE_IP//\"}" | |
| echo "Instance IP: $INSTANCE_IP" | |
| echo "ssh -i ~/.aws/key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ubuntu@$INSTANCE_IP 'cd /home/ubuntu && ./update_mygeneset pull_src'" | |
| ssh -i ~/.aws/key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ubuntu@$INSTANCE_IP 'cd /home/ubuntu && ./update_mygeneset pull_src' | |
| done | |
| - name: Close SSH port to GitHub Actions IP (even on failure) | |
| run: | | |
| aws ec2 revoke-security-group-ingress --group-id $AWS_SECURITY_GROUP_ID --protocol tcp --port 22 --cidr $(curl -s https://api.ipify.org)/32 | |
| if: always() | |
| - name: Setup tmate debug session on failure | |
| if: ${{ failure() }} | |
| uses: mxschmitt/action-tmate@v3 |