-
Notifications
You must be signed in to change notification settings - Fork 0
92 lines (81 loc) · 3.64 KB
/
deploy-to-prod-init.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
name: Deploy to production
concurrency:
group: deploy-prod
cancel-in-progress: false
on:
workflow_dispatch:
jobs:
deploy:
environment: production
runs-on: ubuntu-22.04
name: Deploy to production
env:
DOCKER_REGISTRY: ghcr.io
DOCKER_REGISTRY_USER_NAME: blumilkbot
REPO_NAME: ${{ github.event.repository.name }}
REPO_OWNER: ${{ github.repository_owner }}
TARGET_DIR_ON_SERVER: /blumilk/production
steps:
- name: checkout
uses: actions/[email protected]
- name: set deployment project version
run: echo "DEPLOYMENT_PROJECT_VERSION=$(bash ./environment/prod/deployment/scripts/version.sh --long)" >> $GITHUB_ENV
- name: set up Docker Buildx
uses: docker/[email protected]
- name: login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ github.token }}
- name: Docker meta
id: meta
uses: docker/[email protected]
with:
images: ghcr.io/${{ github.repository_owner }}/${{ env.REPO_NAME }}
tags: |
type=raw,value=latest
type=raw,value=${{ github.ref_name }}
context: workflow
- name: build and push image
uses: docker/[email protected]
with:
context: .
file: ./environment/prod/app/Dockerfile
build-args: DEPLOYMENT_PROJECT_VERSION_ARG=${{ env.DEPLOYMENT_PROJECT_VERSION }}
labels: ${{ steps.meta.outputs.labels }}
push: true
tags: |
ghcr.io/${{ github.repository_owner }}/${{ env.REPO_NAME }}:latest
ghcr.io/${{ github.repository_owner }}/${{ env.REPO_NAME }}:${{ github.ref_name }}
cache-from: type=gha, ref=ghcr.io/${{ github.repository_owner }}/${{ env.REPO_NAME }}-prod-build-cache
cache-to: type=gha, ref=ghcr.io/${{ github.repository_owner }}/${{ env.REPO_NAME }}-prod-build-cache, mode=max
- name: copy files via ssh
uses: appleboy/[email protected]
with:
timeout: 10s
command_timeout: 10m
host: ${{ secrets.VPS_OVH_BF7EC892_HOST }}
port: ${{ secrets.VPS_OVH_BF7EC892_PORT }}
username: ${{ secrets.VPS_OVH_BF7EC892_USERNAME }}
key: ${{ secrets.VPS_OVH_BF7EC892_SSH_PRIVATE_KEY }}
passphrase: ${{ secrets.VPS_OVH_BF7EC892_SSH_PRIVATE_KEY_PASSPHRASE }}
source: "./environment/prod/deployment/prod/*,./environment/prod/deployment/scripts/*"
target: ${{ secrets.LMT_VPS_LIVE_APP_PATH }}
rm: true
- uses: appleboy/[email protected]
with:
timeout: 10s
command_timeout: 10m
host: ${{ secrets.VPS_OVH_BF7EC892_HOST }}
port: ${{ secrets.VPS_OVH_BF7EC892_PORT }}
username: ${{ secrets.VPS_OVH_BF7EC892_USERNAME }}
key: ${{ secrets.VPS_OVH_BF7EC892_SSH_PRIVATE_KEY }}
passphrase: ${{ secrets.VPS_OVH_BF7EC892_SSH_PRIVATE_KEY_PASSPHRASE }}
script_stop: true
script: |
cd ${{ env.TARGET_DIR_ON_SERVER }}/${{ env.REPO_NAME }}/environment/prod/deployment/prod
echo ${{secrets.PACKAGES_READ_TOKEN}} | docker login ${{ env.DOCKER_REGISTRY }} --username ${{ env.DOCKER_REGISTRY_USER_NAME }} --password-stdin
make prod-deploy SOPS_AGE_KEY=${{ secrets.SOPS_AGE_PROD_SECRET_KEY }}
docker images --filter dangling=true | grep "${{ env.DOCKER_REGISTRY }}/${{ env.REPO_OWNER }}/${{ env.REPO_NAME }}" | awk '{print $3}'| xargs --no-run-if-empty docker rmi
docker logout ${{ env.DOCKER_REGISTRY }}