-
Notifications
You must be signed in to change notification settings - Fork 0
159 lines (126 loc) · 4.56 KB
/
srv.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
name: Build and Deploy Srv
on:
workflow_dispatch: {}
env:
AWS_REGION: ap-southeast-1
STACK_ENV: staging
STACK_NAME: zyg-srv
APPLICATION: backend
ZYG_DB_QUERY_DEBUG: 0
CGO_ENABLED: 0
GOOS: linux
GOARCH: amd64
jobs:
build:
name: Build and Package
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./backend
environment:
name: staging
permissions:
id-token: write
contents: read
steps:
- uses: actions/checkout@v4
name: Checkout Repository
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.IAMROLE_GITHUB }}
role-session-name: GitHub-Action-Role
aws-region: ${{ env.AWS_REGION }}
- name: Set up Go
uses: actions/setup-go@v5
with:
go-version: "1.23"
cache: true
- name: Pre Build
run: |
go mod download
go mod verify
go vet ./...
test -z $(gofmt -l .)
if [ -n "$(which golangci-lint)" ]; then golangci-lint run; fi
- name: Build Application
run: |
echo "Building Go application from source..."
GIT_COMMIT=${{ github.sha }}
go build -v \
-ldflags="-s -w \
-X main.GitCommit=$GIT_COMMIT \
-X main.BuildTime=$(date -u '+%Y-%m-%d_%H:%M:%S')" \
-o dist/bin/app cmd/srv/main.go
- name: Create Dist Package
run: |
if [ ! -f dist/bin/app ]; then
echo "Binary not found at dist/bin/app"
exit 1
fi
echo "dist/ is the root path of the dist package"
echo "Make sure of relative path of the dist/ package when deploying"
cp infra/srv/appspec.yml dist/
cp -r infra/srv/scripts dist/
cat << 'EOF' > dist/scripts/srv.service
[Unit]
Description=Zyg Srv Go Application
After=network.target
[Service]
Type=simple
User=ubuntu
Group=ubuntu
ExecStart=/usr/local/bin/app -host 0.0.0.0 -port 8080
WorkingDirectory=/usr/local/bin/
Environment=DATABASE_URL=${{ secrets.DATABASE_URL }}
Environment=REDIS_ADDR=${{ secrets.REDIS_ADDR }}
Environment=REDIS_USER=${{ secrets.REDIS_USER }}
Environment=REDIS_PASS=${{ secrets.REDIS_PASS }}
Environment=SUPABASE_JWT_SECRET=${{ secrets.SUPABASE_JWT_SECRET }}
Environment=RESEND_API_KEY=${{ secrets.RESEND_API_KEY }}
Environment=ZYG_DB_QUERY_DEBUG=${{ env.ZYG_DB_QUERY_DEBUG }}
Environment=CF_ACCOUNT_ID=${{ secrets.CF_ACCOUNT_ID }}
Environment=R2_ACCESS_KEY_ID=${{ secrets.R2_ACCESS_KEY_ID }}
Environment=R2_ACCESS_SECRET_KEY=${{ secrets.R2_ACCESS_SECRET_KEY }}
Restart=on-failure
RestartSec=5
NoNewPrivileges=yes
ProtectSystem=full
ProtectHome=true
PrivateTmp=true
TimeoutStartSec=30
TimeoutStopSec=30
[Install]
WantedBy=multi-user.target
EOF
cd dist
zip -r ../dist.zip .
cd ..
- name: Upload Artifacts to S3
run: |
BUCKET=${{ env.STACK_NAME }}-${{ env.STACK_ENV }}-${{ env.AWS_REGION }}-artifacts-${{ secrets.AWS_ACCOUNT_ID }}
aws s3 cp dist.zip s3://$BUCKET/${{ env.APPLICATION }}/${{ github.sha }}/
deploy:
name: AWS Deploy
needs: build
runs-on: ubuntu-latest
environment:
name: staging
permissions:
id-token: write
contents: read
steps:
- uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.IAMROLE_GITHUB }}
role-session-name: GitHub-Action-Role
aws-region: ${{ env.AWS_REGION }}
- name: Deploy to AWS CodeDeploy
run: |
BUCKET="${{ env.STACK_NAME }}-${{ env.STACK_ENV }}-${{ env.AWS_REGION }}-artifacts-${{ secrets.AWS_ACCOUNT_ID }}"
DEPLOYMENT_NAME="${{ env.STACK_NAME }}-${{ env.STACK_ENV }}"
DEPLOYMENT_GROUP_NAME="${{ env.STACK_NAME }}-${{ env.STACK_ENV }}-deployment-group"
aws deploy create-deployment \
--application-name "${DEPLOYMENT_NAME}" \
--deployment-group-name "${DEPLOYMENT_GROUP_NAME}" \
--s3-location bucket=${BUCKET},key=${{ env.APPLICATION }}/${{ github.sha }}/dist.zip,bundleType=zip \
--ignore-application-stop-failures