another try 2 #34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Deploy App | |
| on: | |
| push: | |
| branches: | |
| - release/dev | |
| - release/prod | |
| pull_request: | |
| branches: | |
| - release/dev | |
| - release/prod | |
| types: | |
| - closed | |
| env: | |
| APP_ID: ${{ secrets.APP_ID }} | |
| HOST_URL: ${{ secrets.HOST_URL }} | |
| HOST_USER: ${{ secrets.HOST_USER }} | |
| GA_APP_URL: ${{ secrets.GA_APP_URL }} | |
| GA_APP_DIR: ${{ secrets.GA_APP_DIR }} | |
| GA_ENV_FILE: ${{ secrets.GA_ENV_FILE }} | |
| GA_ENV_SRC: ${{ secrets.GA_ENV_SRC }} | |
| GA_ENV_DEST: ${{ secrets.GA_ENV_DEST }} | |
| GA_WORK_DIR: ${{ secrets.GA_WORK_DIR }} | |
| jobs: | |
| build-image: | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.ref == 'refs/heads/release/prod' && 'prod' || 'dev' }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Build and push Docker image | |
| env: | |
| DK_HUB: ${{ secrets.DK_HUB}} | |
| DK_TOKEN: ${{ secrets.DK_TOKEN }} | |
| DK_FILE: ${{ secrets.DK_FILE}} | |
| DK_IMAGE: ${{ secrets.DK_IMAGE}} | |
| run: | | |
| docker build -t $DK_IMAGE -f $DK_FILE . | |
| echo $DK_TOKEN | docker login -u $DK_HUB --password-stdin | |
| docker push $DK_IMAGE | |
| create-dns-record: | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.ref == 'refs/heads/release/prod' && 'prod' || 'dev' }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up AWS CLI | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_KEY }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET }} | |
| aws-region: us-east-1 | |
| - name: Create Route 53 DNS Record | |
| env: | |
| AWS_R53_ZONE_ID: ${{ secrets.AWS_R53_ZONE_ID }} | |
| HOST_IP: ${{ secrets.HOST_IP }} | |
| GA_URL1: ${{ secrets.GA_URL1 }} | |
| GA_URL2: ${{ secrets.GA_URL2 }} | |
| GA_URL3: ${{ secrets.GA_URL3 }} | |
| run: | | |
| chmod +x app.sh | |
| ./app.sh 7 | |
| working-directory: ${{ env.GA_WORK_DIR }} | |
| create-app-dir: | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.ref == 'refs/heads/release/prod' && 'prod' || 'dev' }} | |
| needs: create-dns-record | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Setup SSH | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ secrets.HOST_SSH_KEY }} | |
| - name: Create app directory | |
| env: | |
| DK_DIR: ${{ secrets.DK_DIR }} | |
| run: | | |
| # Create app directory | |
| ssh -T -o "StrictHostKeyChecking=no" "$HOST_USER@$HOST_URL" \ | |
| "APP_ID=$APP_ID" \ | |
| "DK_DIR=$DK_DIR" \ | |
| 'bash -s' < ./app.sh 8 | |
| working-directory: ${{ env.GA_WORK_DIR }} | |
| clone-app-repo: | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.ref == 'refs/heads/release/prod' && 'prod' || 'dev' }} | |
| needs: create-app-dir | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Setup SSH | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ secrets.HOST_SSH_KEY }} | |
| - name: Clone app | |
| env: | |
| GH_REPO: ${{ secrets.GH_REPO }} | |
| GH_BRANCH: ${{ secrets.GH_BRANCH }} | |
| run: | | |
| ssh -T -o "StrictHostKeyChecking=no" "$HOST_USER@$HOST_URL" \ | |
| "GA_APP_DIR=$GA_APP_DIR" \ | |
| "GH_REPO=$GH_REPO" \ | |
| "GH_BRANCH=$GH_BRANCH" \ | |
| 'bash -s' < ./app.sh 9 | |
| working-directory: ${{ env.GA_WORK_DIR }} | |
| create-nginx-vhost: | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.ref == 'refs/heads/release/prod' && 'prod' || 'dev' }} | |
| needs: clone-app-repo | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Setup SSH | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ secrets.HOST_SSH_KEY }} | |
| - name: Create & copy vhost config file | |
| env: | |
| NGX: ${{ vars.NGX }} | |
| run: | | |
| echo -e "$NGX" > vhost.conf | |
| tr -d '\r' < vhost.conf > vhost_fixed.conf | |
| mv vhost_fixed.conf vhost.conf | |
| scp -o "StrictHostKeyChecking=no" -r vhost.conf "$HOST_USER@$HOST_URL:$GA_ENV_DEST" | |
| - name: Create Nginx vhost | |
| env: | |
| GA_NGX_PROXY: ${{ secrets.GA_NGX_PROXY }} | |
| GA_NGX_CONF: ${{ secrets.GA_NGX_CONF }} | |
| HOST_NGX_DIR: ${{ secrets.HOST_NGX_DIR }} | |
| NGX_CERT: ${{ secrets.NGX_CERT }} | |
| NGX_CERT_KEY: ${{ secrets.NGX_CERT_KEY }} | |
| run: | | |
| ssh -T -o "StrictHostKeyChecking=no" "$HOST_USER@$HOST_URL" \ | |
| "GA_APP_URL=$GA_APP_URL" \ | |
| "GA_NGX_PROXY=$GA_NGX_PROXY" \ | |
| "HOST_NGX_DIR=$HOST_NGX_DIR" \ | |
| "GA_NGX_CONF=$GA_NGX_CONF" \ | |
| "NGX_CERT=$NGX_CERT" \ | |
| "NGX_CERT_KEY=$NGX_CERT_KEY" \ | |
| "GA_ENV_DEST=$GA_ENV_DEST" \ | |
| 'bash -s' < ./app.sh 10 | |
| working-directory: ${{ env.GA_WORK_DIR }} | |
| deploy-app: | |
| runs-on: ubuntu-latest | |
| environment: ${{ github.ref == 'refs/heads/release/prod' && 'prod' || 'dev' }} | |
| needs: create-nginx-vhost | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Generate envfile | |
| id: envfile | |
| uses: SpicyPizza/[email protected] | |
| with: | |
| envkey_DL_STACK: ${{ secrets.DL_STACK }} | |
| envkey_DL_APP1: ${{ secrets.DL_APP1 }} | |
| envkey_DL_APP2: ${{ secrets.DL_APP2 }} | |
| envkey_ORG_ID: ${{ secrets.ORG_ID }} | |
| envkey_TLD: ${{ secrets.TLD }} | |
| envkey_HOST_ENV: ${{ secrets.HOST_ENV }} | |
| envkey_HOST_NAME: ${{ secrets.HOST_NAME }} | |
| envkey_HOST_LOCAL: ${{ secrets.HOST_LOCAL }} | |
| envkey_HOST_SSH_DIR: ${{ secrets.HOST_SSH_DIR }} | |
| envkey_ENV_FILE: ${{ secrets.ENV_FILE }} | |
| envkey_OPS_DIR: ${{ secrets.OPS_DIR }} | |
| envkey_OPS_SH_DIR: ${{ secrets.OPS_SH_DIR }} | |
| envkey_OPS_NGX_DIR: ${{ secrets.OPS_NGX_DIR }} | |
| envkey_HOST_PORT1: ${{ secrets.HOST_PORT1 }} | |
| envkey_DK_PORT1: ${{ secrets.DK_PORT1 }} | |
| envkey_DK_HUB: ${{ secrets.DK_HUB }} | |
| envkey_DK_FILE: ${{ secrets.DK_FILE }} | |
| envkey_COMPOSE_FILE: ${{ secrets.COMPOSE_FILE }} | |
| envkey_GH_SSH: ${{ secrets.GH_SSH }} | |
| envkey_GH_APP_REPO: ${{ secrets.GH_APP_REPO }} | |
| envkey_GH_OWNER_REPO: ${{ secrets.GH_OWNER_REPO }} | |
| envkey_NGX_CERT: ${{ secrets.NGX_CERT }} | |
| envkey_NGX_CERT_KEY: ${{ secrets.NGX_CERT_KEY }} | |
| envkey_APP_ID: ${{ secrets.APP_ID }} | |
| envkey_COMPOSE_NETWORK: ${{ secrets.COMPOSE_NETWORK }} | |
| envkey_COMPOSE_PROJECT_NAME: ${{ secrets.COMPOSE_PROJECT_NAME }} | |
| envkey_COMPOSE_PORT: ${{ secrets.COMPOSE_PORT }} | |
| envkey_DK_IMAGE: ${{ secrets.DK_IMAGE }} | |
| envkey_DK_REPO: ${{ secrets.DK_REPO }} | |
| envkey_GH_REPO: ${{ secrets.GH_REPO }} | |
| envkey_GA_APP_DIR: ${{ secrets.GA_APP_DIR }} | |
| envkey_GA_ENV_EXCLUDE: ${{ secrets.GA_ENV_EXCLUDE }} | |
| envkey_APP_NAME: ${{ secrets.APP_NAME }} | |
| envkey_APP_ENV: ${{ secrets.APP_ENV }} | |
| envkey_APP_KEY: ${{ secrets.APP_KEY }} | |
| envkey_APP_DEBUG: ${{ secrets.APP_DEBUG }} | |
| envkey_APP_URL: ${{ secrets.APP_URL }} | |
| envkey_LOG_CHANNEL: ${{ secrets.LOG_CHANNEL }} | |
| envkey_LOG_LEVEL: ${{ secrets.LOG_LEVEL }} | |
| envkey_DB_CONNECTION: ${{ secrets.DB_CONNECTION }} | |
| envkey_DB_HOST: ${{ secrets.DB_HOST }} | |
| envkey_DB_PORT: ${{ secrets.DB_PORT }} | |
| envkey_DB_DATABASE: ${{ secrets.DB_DATABASE }} | |
| envkey_DB_USERNAME: ${{ secrets.DB_USERNAME }} | |
| envkey_DB_PASSWORD: ${{ secrets.DB_PASSWORD }} | |
| envkey_BROADCAST_DRIVER: ${{ secrets.BROADCAST_DRIVER }} | |
| envkey_CACHE_DRIVER: ${{ secrets.CACHE_DRIVER }} | |
| envkey_FILESYSTEM_DRIVER: ${{ secrets.FILESYSTEM_DRIVER }} | |
| envkey_QUEUE_CONNECTION: ${{ secrets.QUEUE_CONNECTION }} | |
| envkey_SESSION_DRIVER: ${{ secrets.SESSION_DRIVER }} | |
| envkey_SESSION_LIFETIME: ${{ secrets.SESSION_LIFETIME }} | |
| envkey_MEMCACHED_HOST: ${{ secrets.MEMCACHED_HOST }} | |
| envkey_REDIS_HOST: ${{ secrets.REDIS_HOST }} | |
| envkey_REDIS_PASSWORD: ${{ secrets.REDIS_PASSWORD }} | |
| envkey_REDIS_PORT: ${{ secrets.REDIS_PORT }} | |
| envkey_MAIL_MAILER: ${{ secrets.MAIL_MAILER }} | |
| envkey_MAIL_HOST: ${{ secrets.MAIL_HOST }} | |
| envkey_MAIL_PORT: ${{ secrets.MAIL_PORT }} | |
| envkey_MAIL_USERNAME: ${{ secrets.MAIL_USERNAME }} | |
| envkey_MAIL_PASSWORD: ${{ secrets.MAIL_PASSWORD }} | |
| envkey_MAIL_ENCRYPTION: ${{ secrets.MAIL_ENCRYPTION }} | |
| envkey_MAIL_FROM_ADDRESS: ${{ secrets.MAIL_FROM_ADDRESS }} | |
| envkey_MAIL_FROM_NAME: ${{ secrets.MAIL_FROM_NAME }} | |
| envkey_AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| envkey_AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| envkey_AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
| envkey_AWS_BUCKET: ${{ secrets.AWS_BUCKET }} | |
| envkey_PUSHER_APP_ID: ${{ secrets.PUSHER_APP_ID }} | |
| envkey_PUSHER_APP_KEY: ${{ secrets.PUSHER_APP_KEY }} | |
| envkey_PUSHER_APP_SECRET: ${{ secrets.PUSHER_APP_SECRET }} | |
| envkey_PUSHER_APP_CLUSTER: ${{ secrets.PUSHER_APP_CLUSTER }} | |
| envkey_MIX_PUSHER_APP_KEY: ${{ secrets.MIX_PUSHER_APP_KEY }} | |
| envkey_MIX_PUSHER_APP_CLUSTER: ${{ secrets.MIX_PUSHER_APP_CLUSTER }} | |
| directory: ${{ env.GA_ENV_SRC }} | |
| file_name: ${{ env.GA_ENV_FILE }} | |
| fail_on_empty: false | |
| sort_keys: false | |
| - name: Setup SSH | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ secrets.HOST_SSH_KEY }} | |
| - name: Copy envfile | |
| env: | |
| GA_ENV_FILE: ${{ env.GA_ENV_FILE }} | |
| GA_ENV_SRC: ${{ env.GA_ENV_SRC }} | |
| run: | | |
| scp -o "StrictHostKeyChecking=no" -r "$GA_ENV_SRC/$GA_ENV_FILE" "$HOST_USER@$HOST_URL:$GA_ENV_DEST" | |
| - name: Deploy app | |
| run: | | |
| ssh -T -o "StrictHostKeyChecking=no" "$HOST_USER@$HOST_URL" \ | |
| "GA_APP_DIR=$GA_APP_DIR" \ | |
| 'bash -s' < ./app.sh 11 | |
| working-directory: ${{ env.GA_WORK_DIR }} |