elaborating on the bug correction #23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Continuous Integration and Delivery | |
| on: | |
| push: | |
| branches: | |
| - master | |
| workflow_dispatch: | |
| env: | |
| WEB_IMAGE: ghcr.io/$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')/web | |
| NGINX_IMAGE: ghcr.io/$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')/nginx | |
| jobs: | |
| build: | |
| name: Build Docker Images | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout master | |
| uses: actions/checkout@v1 | |
| - name: Add environment variables to .env | |
| run: | | |
| echo "RBS_DEBUG=0" >> .env | |
| echo "TELEGRAM_SEND_URL=${{ secrets.TELEGRAM_SEND_URL }}" >> .env | |
| echo "DB_URL=${{ secrets.DB_URL }}" >> .env | |
| echo "DB_KEY=${{ secrets.DB_KEY }}" >> .env | |
| echo "GOOGLE_OAUTH_ID=${{ secrets.GOOGLE_OAUTH_ID }}" >> .env | |
| echo "GOOGLE_OAUTH_SECRET=${{ secrets.GOOGLE_OAUTH_SECRET }}" >> .env | |
| echo "GOOGLE_DISCOVERY_URL=${{ secrets.GOOGLE_DISCOVERY_URL }}" >> .env | |
| echo "TWITTER_APIV1_KEY=${{ secrets.TWITTER_APIV1_KEY }}" >> .env | |
| echo "TWITTER_APIV1_SECRET=${{ secrets.TWITTER_APIV1_SECRET }}" >> .env | |
| echo "FACEBOOK_CLIENT_ID=${{ secrets.FACEBOOK_CLIENT_ID }}" >> .env | |
| echo "FACEBOOK_CLIENT_SECRET=${{ secrets.FACEBOOK_CLIENT_SECRET }}" >> .env | |
| echo "GH_CLIENT_ID=${{ secrets.GH_CLIENT_ID }}" >> .env | |
| echo "GH_CLIENT_SECRET=${{ secrets.GH_CLIENT_SECRET }}" >> .env | |
| echo "DISCORD_CLIENT_ID=${{ secrets.DISCORD_CLIENT_ID }}" >> .env | |
| echo "DISCORD_CLIENT_SECRET=${{ secrets.DISCORD_CLIENT_SECRET }}" >> .env | |
| echo "TWITCH_CLIENT_ID=${{ secrets.TWITCH_CLIENT_ID }}" >> .env | |
| echo "TWITCH_CLIENT_SECRET=${{ secrets.TWITCH_CLIENT_SECRET }}" >> .env | |
| echo "SENDGRID_API_KEY=${{ secrets.SENDGRID_API_KEY }}" >> .env | |
| echo "DEEPL_AUTH_KEY=${{ secrets.DEEPL_AUTH_KEY }}" >> .env | |
| - name: Set environment variables | |
| run: | | |
| echo "WEB_IMAGE=$(echo ${{env.WEB_IMAGE}} )" >> $GITHUB_ENV | |
| echo "NGINX_IMAGE=$(echo ${{env.NGINX_IMAGE}} )" >> $GITHUB_ENV | |
| - name: Log in to GitHub Packages | |
| run: echo ${PERSONAL_ACCESS_TOKEN} | docker login ghcr.io -u ${{ secrets.NAMESPACE }} --password-stdin | |
| env: | |
| PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }} | |
| - name: Pull images | |
| run: | | |
| docker pull ${{ env.WEB_IMAGE }} || true | |
| docker pull ${{ env.NGINX_IMAGE }} || true | |
| - name: Build images | |
| run: | | |
| docker compose -f docker-compose.ci.yml build | |
| - name: Push images | |
| run: | | |
| docker push ${{ env.WEB_IMAGE }} | |
| docker push ${{ env.NGINX_IMAGE }} | |
| deploy: | |
| name: Deploy to Linode | |
| runs-on: ubuntu-latest | |
| needs: build | |
| environment: | |
| name: 'Production' | |
| url: "https://web-rbs.com" | |
| steps: | |
| - name: Checkout master | |
| uses: actions/checkout@v1 | |
| - name: Add environment variables to .env.prod | |
| run: | | |
| echo "RBS_DEBUG=0" >> .env.prod | |
| echo "TELEGRAM_SEND_URL=${{ secrets.TELEGRAM_SEND_URL }}" >> .env.prod | |
| echo "DB_URL=${{ secrets.DB_URL }}" >> .env.prod | |
| echo "DB_KEY=${{ secrets.DB_KEY }}" >> .env.prod | |
| echo "GOOGLE_OAUTH_ID=${{ secrets.GOOGLE_OAUTH_ID }}" >> .env.prod | |
| echo "GOOGLE_OAUTH_SECRET=${{ secrets.GOOGLE_OAUTH_SECRET }}" >> .env.prod | |
| echo "GOOGLE_DISCOVERY_URL=${{ secrets.GOOGLE_DISCOVERY_URL }}" >> .env.prod | |
| echo "TWITTER_APIV1_KEY=${{ secrets.TWITTER_APIV1_KEY }}" >> .env.prod | |
| echo "TWITTER_APIV1_SECRET=${{ secrets.TWITTER_APIV1_SECRET }}" >> .env.prod | |
| echo "FACEBOOK_CLIENT_ID=${{ secrets.FACEBOOK_CLIENT_ID }}" >> .env.prod | |
| echo "FACEBOOK_CLIENT_SECRET=${{ secrets.FACEBOOK_CLIENT_SECRET }}" >> .env.prod | |
| echo "GH_CLIENT_ID=${{ secrets.GH_CLIENT_ID }}" >> .env.prod | |
| echo "GH_CLIENT_SECRET=${{ secrets.GH_CLIENT_SECRET }}" >> .env.prod | |
| echo "DISCORD_CLIENT_ID=${{ secrets.DISCORD_CLIENT_ID }}" >> .env.prod | |
| echo "DISCORD_CLIENT_SECRET=${{ secrets.DISCORD_CLIENT_SECRET }}" >> .env.prod | |
| echo "TWITCH_CLIENT_ID=${{ secrets.TWITCH_CLIENT_ID }}" >> .env.prod | |
| echo "TWITCH_CLIENT_SECRET=${{ secrets.TWITCH_CLIENT_SECRET }}" >> .env.prod | |
| echo "SENDGRID_API_KEY=${{ secrets.SENDGRID_API_KEY }}" >> .env.prod | |
| echo "DEEPL_AUTH_KEY=${{ secrets.DEEPL_AUTH_KEY }}" >> .env.prod | |
| echo "WEB_IMAGE=${{ env.WEB_IMAGE }}" >> .env.prod | |
| echo "NGINX_IMAGE=${{ env.NGINX_IMAGE }}" >> .env.prod | |
| echo "NAMESPACE=${{ secrets.NAMESPACE }}" >> .env.prod | |
| echo "PERSONAL_ACCESS_TOKEN=${{ secrets.PERSONAL_ACCESS_TOKEN }}" >> .env.prod | |
| - name: Add the private SSH key to the ssh-agent | |
| env: | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| run: | | |
| mkdir -p ~/.ssh | |
| ssh-agent -a $SSH_AUTH_SOCK > /dev/null | |
| ssh-keyscan github.com >> ~/.ssh/known_hosts | |
| ssh-add - <<< "${{ secrets.PRIVATE_KEY }}" | |
| - name: Build and deploy images on Linode | |
| env: | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| run: | | |
| scp -o StrictHostKeyChecking=no -r ./.env.prod ./docker-compose.prod.yml root@${{ secrets.LINODE_IP_ADDRESS }}:/usr/src/app | |
| ssh -o StrictHostKeyChecking=no root@${{ secrets.LINODE_IP_ADDRESS }} << 'ENDSSH' | |
| cd /usr/src/app | |
| source .env.prod | |
| docker login ghcr.io -u $NAMESPACE -p $PERSONAL_ACCESS_TOKEN | |
| docker pull $WEB_IMAGE | |
| docker pull $NGINX_IMAGE | |
| sudo docker compose -f docker-compose.prod.yml up -d | |
| ENDSSH |