login/.github/workflows/deploy-testing.yml at 2738a41b47424ba748ee5296bfd97cd4455708c6 · hotosm/login · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
name: Deploy to Testing Environment

on:
  push:
    branches:
      - develop

env:
  REGISTRY: ghcr.io
  IMAGE_PREFIX: ${{ github.repository }}

jobs:
  deploy:
    name: Build and Deploy to EC2 Testing
    runs-on: ubuntu-latest
    environment: Development

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Setup SSH
        uses: webfactory/ssh-agent@v0.9.0
        with:
          ssh-private-key: ${{ secrets.EC2_SSH_KEY }}

      - name: Add EC2 host to known hosts
        env:
          EC2_HOST: ${{ secrets.EC2_HOST }}
        run: |
          mkdir -p ~/.ssh
          ssh-keyscan -H $EC2_HOST >> ~/.ssh/known_hosts

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Log in to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      - name: Build and push backend image
        run: |
          docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-backend:latest \
            -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-backend:${{ github.sha }} \
            --target dev \
            ./backend
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-backend:latest
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-backend:${{ github.sha }}

      - name: Build and push frontend image
        run: |
          docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend:latest \
            -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend:${{ github.sha }} \
            --target dev \
            ./frontend
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend:latest
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend:${{ github.sha }}

      - name: Build and push osm-userinfo image
        run: |
          docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-osm-userinfo:latest \
            -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-osm-userinfo:${{ github.sha }} \
            ./osm-userinfo
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-osm-userinfo:latest
          docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-osm-userinfo:${{ github.sha }}

      - name: Deploy to EC2
        env:
          EC2_HOST: ${{ secrets.EC2_HOST }}
          EC2_USER: ${{ secrets.EC2_USER }}
          POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
        run: |
          # Deploy via SSH (using ssh-agent from webfactory/ssh-agent action)
          ssh $EC2_USER@$EC2_HOST << 'EOF'
            set -e

            # Navigate to application directory
            cd /opt/login || exit 1

            # Pull latest changes
            git pull origin develop

            # Create/update .env file with secrets (if not exists)
            if [ ! -f .env ]; then
              echo "POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}" > .env
              echo "✓ Created .env file"
            else
              sed -i 's|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}|' .env
              echo "✓ Updated .env file"
            fi

            # Login to GitHub Container Registry
            echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin

            # Pull latest images
            docker compose pull

            # Restart services with dev profile (uses dev services)
            docker compose --profile dev up -d --force-recreate --pull always

            # Clean up old images
            docker image prune -af

            echo "✓ Deployment completed successfully"
          EOF

      - name: Notify deployment status
        if: always()
        run: |
          if [ ${{ job.status }} == 'success' ]; then
            echo "✓ Deployment to testing environment successful"
          else
            echo "✗ Deployment failed"
            exit 1
          fi