Another apporach. #35
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy to EC2 Prod | |
on: | |
push: | |
branches: | |
- add-auto-deploy | |
# on: | |
# workflow_dispatch: | |
jobs: | |
deploy: | |
runs-on: ubuntu-latest | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_REGION: ${{ secrets.AWS_REGION }} | |
AWS_AUTO_SCALING_GROUP_NAME: ${{ secrets.AWS_AUTO_SCALING_GROUP_NAME }} | |
AWS_SECURITY_GROUP_ID: ${{ secrets.AWS_SECURITY_GROUP_ID }} | |
AWS_EC2_SSH_KEY: ${{ secrets.AWS_EC2_SSH_KEY }} | |
steps: | |
# - name: Install jq | |
# run: sudo apt-get install -y jq | |
- name: Set up AWS CLI | |
run: | | |
mkdir -p ~/.aws | |
echo "[default]" > ~/.aws/credentials | |
echo "aws_access_key_id = $AWS_ACCESS_KEY_ID" >> ~/.aws/credentials | |
echo "aws_secret_access_key = $AWS_SECRET_ACCESS_KEY" >> ~/.aws/credentials | |
echo "region = $AWS_REGION" >> ~/.aws/credentials | |
- name: Open SSH port to GitHub Actions IP | |
run: | | |
aws ec2 authorize-security-group-ingress --group-id $AWS_SECURITY_GROUP_ID --protocol tcp --port 22 --cidr $(curl -s https://api.ipify.org)/32 | |
- name: Deploy to EC2 | |
run: | | |
echo "$AWS_EC2_SSH_KEY" > ~/.aws/key.pem | |
chmod 400 ~/.aws/key.pem # Set proper permissions | |
ls -la ~/.aws/key.pem | |
# Fetch EC2 instances from Auto Scaling Group | |
INSTANCE_IDS=$(aws autoscaling describe-auto-scaling-groups --auto-scaling-group-names $AWS_AUTO_SCALING_GROUP_NAME --query "AutoScalingGroups[0].Instances[*].InstanceId" --output text) | |
echo $INSTANCE_IDS | |
# Create array with list of instances | |
echo "START: Create array with list of instances" | |
echo $INSTANCE_IDS | |
INSTANCES=( $INSTANCE_IDS ) | |
echo $INSTANCES | |
echo "END: Create array with list of instances" | |
# Iterate over the array | |
for INSTANCE_ID in "${INSTANCES[@]}" | |
do | |
echo "Processing instance: $INSTANCE_ID" | |
# Get instance IP | |
INSTANCE_IP=$(aws ec2 describe-instances --instance-ids $INSTANCE_ID --query "Reservations[0].Instances[0].PublicIpAddress" --output json) | |
# Remove double quotes from INSTANCE_IP | |
INSTANCE_IP="${INSTANCE_IP//\"}" | |
echo "Instance IP: $INSTANCE_IP" | |
echo "ssh -i ~/.aws/key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ubuntu@$INSTANCE_IP 'cd /home/ubuntu && ./update_mygeneset pull_src'" | |
ssh -i ~/.aws/key.pem -o StrictHostKeyChecking=no -o UserKnownHostsFile=/dev/null ubuntu@$INSTANCE_IP 'cd /home/ubuntu && ./update_mygeneset pull_src' | |
done | |
- name: Close SSH port to GitHub Actions IP (even on failure) | |
run: | | |
aws ec2 revoke-security-group-ingress --group-id $AWS_SECURITY_GROUP_ID --protocol tcp --port 22 --cidr $(curl -s https://api.ipify.org)/32 | |
if: always() | |
- name: Setup tmate debug session on failure | |
if: ${{ failure() }} | |
uses: mxschmitt/action-tmate@v3 |