-
Notifications
You must be signed in to change notification settings - Fork 14
55 lines (48 loc) · 3.15 KB
/
admin.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
name: Deploy Admin-panel
on:
push:
branches:
- main
jobs:
deploy-admin-panel:
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@v2.3.3
- uses: actions/setup-node@v1
with:
node-version: "16"
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/github-actions-frontend-access
aws-region: ${{ secrets.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to Amazon ECR
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: blog-admin
IMAGE_TAG: ${{ github.sha }}-${{ github.run_attempt }}-blog-admin
run: |
cd admin
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
- name: Deploy
env:
SSH_PRIVATE_KEY: ${{ secrets.SSH_PRIVATE_KEY }}
SSL_PRIVATE_KEY: |
${{ secrets.SSL_PRIVATE_KEY }}
SSL_PUBLIC_KEY: |
${{ secrets.SSL_PUBLIC_KEY }}
run: |
echo "$SSH_PRIVATE_KEY" > ssh_private_key && chmod 600 ssh_private_key
sed -i "s|ADMIN_PANEL_URL|${{ secrets.ADMIN_PANEL_URL }}|g" admin/nginx/conf.d/website-blog.conf
echo -e "$SSL_PRIVATE_KEY" > admin/nginx/certs/blog.live.domain.name.key && echo -e "$SSL_PUBLIC_KEY" > admin/nginx/certs/blog.live.domain.name.cert
scp -o StrictHostKeyChecking=no -i ssh_private_key -r admin/nginx ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_ADDRESS }}:blog-admin-deployment
cat admin/deploy.sh | ssh -o StrictHostKeyChecking=no -i ssh_private_key ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_ADDRESS }} 'cat > ./blog-admin-deployment/deploy.sh'
cat admin/docker-compose.yaml | ssh -o StrictHostKeyChecking=no -i ssh_private_key ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_ADDRESS }} sudo PUBLISH_PORT=${{secrets.PUBLISH_PORT}} APP_KEYS=${{secrets.APP_KEYS}} API_TOKEN_SALT=${{secrets.API_TOKEN_SALT}} ADMIN_JWT_SECRET=${{secrets.ADMIN_JWT_SECRET}} JWT_SECRET=${{secrets.JWT_SECRET}} DATABASE_CLIENT=${{secrets.DATABASE_CLIENT}} DATABASE_HOST=${{secrets.DATABASE_HOST}} DATABASE_PORT=${{secrets.DATABASE_PORT}} DATABASE_NAME=${{secrets.DATABASE_NAME}} DATABASE_USERNAME=${{secrets.DATABASE_USERNAME}} DATABASE_PASSWORD=${{secrets.DATABASE_PASSWORD}} DATABASE_SSL=${{secrets.DATABASE_SSL}} AWS_ACCOUNT_ID=${{secrets.AWS_ACCOUNT_ID}} AWS_ACCESS_KEY_ID=${{secrets.AWS_ACCESS_KEY_ID}} AWS_SECRET_ACCESS_KEY=${{secrets.AWS_SECRET_ACCESS_KEY}} AWS_REGION=${{secrets.AWS_REGION}} AWS_BUCKET=${{secrets.AWS_BUCKET}} AWS_BUCKET_URL=${{secrets.AWS_BUCKET_URL}} GITHUB_SHA=${{github.sha}} GITHUB_RUN_ATTEMPT=${{github.run_attempt}} HR_FROM_MAIL=${{secrets.HR_FROM_MAIL}} 'bash -c "cd blog-admin-deployment && cat > docker-compose.yaml && chmod -R 755 ./deploy.sh && ./deploy.sh && cd .. && rm -rf blog-admin-deployment"'