Skip to content

Merge pull request #802 from Studio-Yandex-Practicum/bugfix/improve-a… #428

Merge pull request #802 from Studio-Yandex-Practicum/bugfix/improve-a…

Merge pull request #802 from Studio-Yandex-Practicum/bugfix/improve-a… #428

name: Stage backend build and deploy
concurrency:
group: stage_deploy
cancel-in-progress: true
on:
push:
branches:
- develop
env:
REGISTRY: ghcr.io
IMAGE_NAME: lubimovka_backend
DEPLOY_PATH: /LUBIMOVKA
defaults:
run:
working-directory: .
jobs:
tests:
name: Run tests
runs-on: ubuntu-latest
steps:
-
name: Check out the repo
uses: actions/checkout@v2
-
name: Set up Python
uses: actions/setup-python@v2
with:
python-version: 3.9
-
name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install -r requirements/dev.txt
-
name: Test with pytest
run: pytest
build-and-push-image-to-github-packages:
name: Push Docker image to GitHub Packages
runs-on: ubuntu-latest
needs: tests
permissions:
contents: read
packages: write
steps:
-
name: Checkout
uses: actions/checkout@v2
with:
ref: develop
-
name: Docker login
uses: docker/login-action@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
-
name: Set variables
run: |
echo REP_OWNER=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
-
name: Build and push
uses: docker/build-push-action@v2
with:
context: .
file: Dockerfile_dev
labels: runnumber=${GITHUB_RUN_ID}
push: true
tags: |
${{ env.REGISTRY }}/${{ env.REP_OWNER }}/${{ env.IMAGE_NAME }}:stage,
${{ env.REGISTRY }}/${{ env.REP_OWNER }}/${{ env.IMAGE_NAME }}:latest,
${{ env.REGISTRY }}/${{ env.REP_OWNER }}/${{ env.IMAGE_NAME }}:${{ github.sha }}
deploy:
name: Deploy changes on server
runs-on: ubuntu-latest
environment:
name: stage_deploy
needs: build-and-push-image-to-github-packages
steps:
-
name: Checkout
uses: actions/checkout@v2
with:
ref: develop
-
name: Create SSH key
# (SSH_KNOWN_HOSTS=ssh-keyscan -H сервер, SSH_PRIVATE_KEY - ключ с ПК, которому разрешен вход)
run: |
mkdir -p ~/.ssh
chmod 700 ~/.ssh
echo "${{ secrets.SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts
echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
chmod 600 ~/.ssh/id_rsa
-
name: Create folder for application
run: ssh ${{ secrets.USERNAME }}@${{ secrets.HOST }} mkdir -p ${{ env.DEPLOY_PATH }}
-
name: Deploy with scp
run: scp -r infra_deploy/stage/ ${{ secrets.USERNAME }}@${{ secrets.HOST }}:${{ env.DEPLOY_PATH }}
-
name: Copy postfix setup
run: scp -r infra_deploy/postfix/ ${{ secrets.USERNAME }}@${{ secrets.HOST }}:${{ env.DEPLOY_PATH }}/stage/
-
name: executing remote ssh commands to deploy
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
passphrase: ${{ secrets.PASSPHRASE }}
script: |
cd ${{ env.DEPLOY_PATH }}/stage/
# GitHub variables
echo "IMAGE_BACK=${{ secrets.IMAGE_BACK }}" > .github_vars
echo "IMAGE_BACK_TAG=${{ secrets.IMAGE_BACK_TAG }}" >> .github_vars
echo "IMAGE_FRONT=${{ secrets.IMAGE_FRONT }}" >> .github_vars
echo "IMAGE_FRONT_TAG=${{ secrets.IMAGE_FRONT_TAG }}" >> .github_vars
echo "FRONT_BASE_URL=${{ secrets.FRONT_BASE_URL }}" >> .github_vars
echo "API_BASE_URL=${{ secrets.API_BASE_URL }}" >> .github_vars
echo "SUBDOMAIN=${{ secrets.SUBDOMAIN }}" >> .github_vars
# PostgreSQL environment variables
echo POSTGRES_DB=${{ secrets.POSTGRES_DB }} > .env-stage
echo POSTGRES_USER=${{ secrets.POSTGRES_USER }} >> .env-stage
echo POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} >> .env-stage
echo POSTGRES_HOST=${{ secrets.POSTGRES_HOST }} >> .env-stage
echo POSTGRES_PORT=${{ secrets.POSTGRES_PORT }} >> .env-stage
# Postfix settings
echo POSTFIX_DB_PASSWORD=${{ secrets.POSTFIX_DB_PASSWORD }} >> .env-stage
echo POSTFIX_HOSTNAME=${{ secrets.POSTFIX_HOSTNAME }} >> .env-stage
echo POSTFIX_MAIL_DOMAIN=${{ secrets.POSTFIX_MAIL_DOMAIN }} >> .env-stage
# Django environment variables
echo DEBUG=${{ secrets.DEBUG }} >> .env-stage
echo DJANGO_SETTINGS_MODULE=${{ secrets.DJANGO_SETTINGS_MODULE }} >> .env-stage
echo DJANGO_SECRET_KEY=${{ secrets.DJANGO_SECRET_KEY }} >> .env-stage
echo DJANGO_ALLOWED_HOSTS=${{ secrets.DJANGO_ALLOWED_HOSTS }} >> .env-stage
echo DJANGO_EMAIL_BACKEND=${{ secrets.DJANGO_EMAIL_BACKEND }} >> .env-stage
echo DJANGO_SUPERUSER_USERNAME=${{ secrets.DJANGO_SUPERUSER_USERNAME }} >> .env-stage
echo DJANGO_SUPERUSER_EMAIL=${{ secrets.DJANGO_SUPERUSER_EMAIL }} >> .env-stage
echo DJANGO_SUPERUSER_PASSWORD=${{ secrets.DJANGO_SUPERUSER_PASSWORD }} >> .env-stage
echo SERVER_EMAIL=${{ secrets.SERVER_EMAIL }} >> .env-stage
echo MAILJET_API_KEY=${{ secrets.MAILJET_API_KEY }} >> .env-stage
echo MAILJET_SECRET_KEY=${{ secrets.MAILJET_SECRET_KEY }} >> .env-stage
echo MAILJET_TEMPLATE_ID_QUESTION=${{ secrets.MAILJET_TEMPLATE_ID_QUESTION }} >> .env-stage
echo MAILJET_TEMPLATE_ID_REGISTRATION_USER=${{ secrets.MAILJET_TEMPLATE_ID_REGISTRATION_USER }} >> .env-stage
echo MAILJET_TEMPLATE_ID_PARTICIPATION_APPLICATION=${{ secrets.MAILJET_TEMPLATE_ID_PARTICIPATION_APPLICATION }} >> .env-stage
echo MAILJET_TEMPLATE_ID_RESET_PASSWORD_USER=${{ secrets.MAILJET_TEMPLATE_ID_RESET_PASSWORD_USER }} >> .env-stage
# Secrets variables for google sheets in Django:
echo GOOGLE_PRIVATE_KEY_ID=${{ secrets.GOOGLE_PRIVATE_KEY_ID }} >> .env-stage
echo GOOGLE_PRIVATE_KEY=\"${{ secrets.GOOGLE_PRIVATE_KEY }}\" >> .env-stage
# Swag environment variables
echo PUID=${{ secrets.PUID }} >> .env-stage
echo PGID=${{ secrets.PGID }} >> .env-stage
echo URL=${{ secrets.URL }} >> .env-stage
echo EMAIL=${{ secrets.SSL_EMAIL }} >> .env-stage
# Token for yandex disk
echo YNDX_DISK_TOKEN=${{ secrets.YNDX_DISK_TOKEN }} >> .env-stage
# Очистка неиспользуемых контейнеров, образов, сетей
docker system prune --force
# Создание сети вынесено отдельно для возможности независимо перезапускать контейнеры (через external networks)
docker network create stage_db_network || true
docker network create stage_swag_network || true
# Установка приложения - backend
cp -rf ${{ env.DEPLOY_PATH }}/stage/lubimovka-backend.service /etc/systemd/system/lubimovka-backend.service
systemctl daemon-reload
systemctl restart lubimovka-backend.service
# Установка приложения - frontend
cp -rf ${{ env.DEPLOY_PATH }}/stage/lubimovka-frontend.service /etc/systemd/system/lubimovka-frontend.service
systemctl daemon-reload
systemctl restart lubimovka-frontend.service
# После установки удаляем файлы
rm ${{ env.DEPLOY_PATH }}/stage/lubimovka-backend.service
rm ${{ env.DEPLOY_PATH }}/stage/lubimovka-frontend.service