Deploy to Testing Environment #25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Testing Environment | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_PREFIX: ${{ github.repository }} | |
| jobs: | |
| deploy: | |
| name: Build and Deploy to EC2 Testing | |
| runs-on: ubuntu-latest | |
| environment: Development | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Setup SSH | |
| uses: webfactory/ssh-agent@v0.9.0 | |
| with: | |
| ssh-private-key: ${{ secrets.EC2_SSH_KEY }} | |
| - name: Add EC2 host to known hosts | |
| env: | |
| EC2_HOST: ${{ secrets.EC2_HOST }} | |
| run: | | |
| mkdir -p ~/.ssh | |
| ssh-keyscan -H $EC2_HOST >> ~/.ssh/known_hosts | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push backend image | |
| run: | | |
| docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-backend:latest \ | |
| -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-backend:${{ github.sha }} \ | |
| --target dev \ | |
| ./backend | |
| docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-backend:latest | |
| docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-backend:${{ github.sha }} | |
| - name: Build and push frontend image | |
| run: | | |
| docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend:latest \ | |
| -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend:${{ github.sha }} \ | |
| --target dev \ | |
| ./frontend | |
| docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend:latest | |
| docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend:${{ github.sha }} | |
| - name: Build and push osm-userinfo image | |
| run: | | |
| docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-osm-userinfo:latest \ | |
| -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-osm-userinfo:${{ github.sha }} \ | |
| ./osm-userinfo | |
| docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-osm-userinfo:latest | |
| docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-osm-userinfo:${{ github.sha }} | |
| - name: Deploy to EC2 | |
| env: | |
| EC2_HOST: ${{ secrets.EC2_HOST }} | |
| EC2_USER: ${{ secrets.EC2_USER }} | |
| COOKIE_SECRET: ${{ secrets.COOKIE_SECRET }} | |
| OSM_CLIENT_ID: ${{ secrets.OSM_CLIENT_ID }} | |
| OSM_CLIENT_SECRET: ${{ secrets.OSM_CLIENT_SECRET }} | |
| run: | | |
| # Deploy via SSH (using ssh-agent from webfactory/ssh-agent action) | |
| ssh $EC2_USER@$EC2_HOST << 'EOF' | |
| set -e | |
| # Navigate to application directory | |
| cd /home/admin/login || exit 1 | |
| # Create/update backend .env file with secrets | |
| cd backend | |
| if [ ! -f .env ]; then | |
| cp .env.example .env | |
| echo "✓ Created backend .env from .env.example" | |
| fi | |
| # Update secrets in backend .env | |
| sed -i 's|^COOKIE_SECRET=.*|COOKIE_SECRET=${{ secrets.COOKIE_SECRET }}|' .env | |
| sed -i 's|^OSM_CLIENT_ID=.*|OSM_CLIENT_ID=${{ secrets.OSM_CLIENT_ID }}|' .env | |
| sed -i 's|^OSM_CLIENT_SECRET=.*|OSM_CLIENT_SECRET=${{ secrets.OSM_CLIENT_SECRET }}|' .env | |
| echo "✓ Updated backend secrets" | |
| # Go back to root | |
| cd /home/admin/login | |
| # Login to GitHub Container Registry | |
| echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
| # Pull latest images | |
| docker compose pull | |
| # Restart services with dev profile (uses dev services) | |
| docker compose --profile dev up -d --force-recreate --pull always | |
| # Clean up old images | |
| docker image prune -af | |
| echo "✓ Deployment completed successfully" | |
| EOF | |
| - name: Notify deployment status | |
| if: always() | |
| run: | | |
| if [ ${{ job.status }} == 'success' ]; then | |
| echo "✓ Deployment to testing environment successful" | |
| else | |
| echo "✗ Deployment failed" | |
| exit 1 | |
| fi |