inventory-notification-system-backend/.github/workflows/cd.yml at main · renancvitor/inventory-notification-system-backend · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
name: CD - Deploy to EC2

on:
  workflow_run:
    workflows: ["CI - Build & Test"]
    types:
      - completed
  workflow_dispatch:  # Permite execução manual via GitHub UI ou gh CLI

jobs:
  deploy:
    if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }}
    runs-on: ubuntu-latest
    permissions:
      deployments: write
      contents: read

    steps:
      # ============================
      # 📊 GITHUB DEPLOYMENT TRACKING
      # ============================
      - name: Create deployment
        uses: actions/github-script@v7
        with:
          script: |
            const deployment = await github.rest.repos.createDeployment({
              owner: context.repo.owner,
              repo: context.repo.repo,
              ref: context.ref,
              environment: 'production',
              required_contexts: [],
              auto_merge: false,
            });
            console.log('Deployment created with ID: ' + deployment.data.id);
            require('fs').appendFileSync(process.env.GITHUB_ENV, `DEPLOYMENT_ID=${deployment.data.id}\n`);

      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Java
        uses: actions/setup-java@v3
        with:
          distribution: temurin
          java-version: 21

      # ============================
      # 🔥 FLYWAY MIGRATION
      # ============================
      - name: Run Flyway migrations
        run: |
          mvn -q \
            -Dflyway.url=${{ secrets.DB_FLYWAY_URL }} \
            -Dflyway.user=${{ secrets.DB_USER }} \
            -Dflyway.password=${{ secrets.DB_PASSWORD }} \
            flyway:migrate

      # ============================
      # BUILD
      # ============================
      - name: Build JAR
        run: mvn clean package -DskipTests

      - name: Verify JAR was created
        run: |
          if [ ! -f target/inventory-notification-system-backend-0.0.1-SNAPSHOT.jar ]; then
            echo "❌ JAR file not found!"
            exit 1
          fi
          echo "✅ JAR file created successfully"
          ls -lh target/inventory-notification-system-backend-0.0.1-SNAPSHOT.jar

      # ============================
      # SSH CONFIG
      # ============================
      - name: Setup SSH
        run: |
          mkdir -p ~/.ssh
          printf "%s\n" "${{ secrets.EC2_SSH_KEY }}" > ~/.ssh/ec2.pem
          chmod 600 ~/.ssh/ec2.pem
          ssh-keyscan -H ${{ secrets.EC2_HOST }} >> ~/.ssh/known_hosts

      - name: Network test
        run: |
          echo "Testing connection to ${{ secrets.EC2_HOST }}"
          nc -zv ${{ secrets.EC2_HOST }} 22

      # ============================
      # PRE-DEPLOY CHECKS
      # ============================
      - name: Check EC2 connectivity and service status
        run: |
          ssh -i ~/.ssh/ec2.pem \
          ${{ secrets.EC2_USER }}@${{ secrets.EC2_HOST }} \
          "echo '✅ Connected to EC2' && \
           echo '📦 Current JAR:' && \
           ls -lh ${{ secrets.EC2_APP_DIR }}/inventory-notification-system-backend-0.0.1-SNAPSHOT.jar 2>/dev/null || echo 'No JAR found yet' && \
           echo '🔍 Service status:' && \
           sudo systemctl status ${{ secrets.SERVICE_NAME }} | head -5"

      # ============================
      # DEPLOY
      # ============================
      - name: Backup old JAR
        run: |
          ssh -i ~/.ssh/ec2.pem \
          ${{ secrets.EC2_USER }}@${{ secrets.EC2_HOST }} \
          "if [ -f ${{ secrets.EC2_APP_DIR }}/inventory-notification-system-backend-0.0.1-SNAPSHOT.jar ]; then \
             mv ${{ secrets.EC2_APP_DIR }}/inventory-notification-system-backend-0.0.1-SNAPSHOT.jar \
                ${{ secrets.EC2_APP_DIR }}/inventory-notification-system-backend-0.0.1-SNAPSHOT.jar.backup; \
             echo '✅ Backup created'; \
           fi"

      - name: Deploy JAR to EC2
        run: |
          scp -i ~/.ssh/ec2.pem \
          target/inventory-notification-system-backend-0.0.1-SNAPSHOT.jar \
          ${{ secrets.EC2_USER }}@${{ secrets.EC2_HOST }}:${{ secrets.EC2_APP_DIR }}/

          if [ $? -eq 0 ]; then
            echo "✅ JAR deployed successfully"
          else
            echo "❌ Failed to deploy JAR"
            exit 1
          fi

      - name: Verify deployed JAR
        run: |
          ssh -i ~/.ssh/ec2.pem \
          ${{ secrets.EC2_USER }}@${{ secrets.EC2_HOST }} \
          "ls -lh ${{ secrets.EC2_APP_DIR }}/inventory-notification-system-backend-0.0.1-SNAPSHOT.jar && \
           echo '✅ JAR verified on EC2'"

      # ============================
      # RESTART
      # ============================
      - name: Restart service
        run: |
          ssh -i ~/.ssh/ec2.pem \
          ${{ secrets.EC2_USER }}@${{ secrets.EC2_HOST }} \
          "echo 'Stopping service...' && \
           sudo systemctl stop ${{ secrets.SERVICE_NAME }} && \
           sleep 3 && \
           echo 'Starting service...' && \
           sudo systemctl start ${{ secrets.SERVICE_NAME }} && \
           sleep 5 && \
           echo 'Service status:' && \
           sudo systemctl status ${{ secrets.SERVICE_NAME }} --no-pager"

      - name: Verify service is running
        run: |
          ssh -i ~/.ssh/ec2.pem \
          ${{ secrets.EC2_USER }}@${{ secrets.EC2_HOST }} \
          "if sudo systemctl is-active --quiet ${{ secrets.SERVICE_NAME }}; then \
             echo '✅ Service is running'; \
           else \
             echo '❌ Service failed to start'; \
             sudo systemctl status ${{ secrets.SERVICE_NAME }} --no-pager; \
             exit 1; \
           fi"

      - name: Health check
        run: |
          sleep 10
          echo "Checking health endpoint..."
          curl -s http://${{ secrets.EC2_HOST }}:8080/health | head -c 200 || echo "⚠️ Health check not yet available"

      # ============================
      # ✅ DEPLOYMENT SUCCESS/FAILURE
      # ============================
      - name: Mark deployment as successful
        if: success()
        uses: actions/github-script@v7
        with:
          script: |
            await github.rest.repos.createDeploymentStatus({
              owner: context.repo.owner,
              repo: context.repo.repo,
              deployment_id: process.env.DEPLOYMENT_ID,
              state: 'success',
              environment_url: 'http://${{ secrets.EC2_HOST }}:8080',
              description: 'Deployment completed successfully',
            });
            console.log('✅ Deployment marked as successful');

      - name: Mark deployment as failed
        if: failure()
        uses: actions/github-script@v7
        with:
          script: |
            if (process.env.DEPLOYMENT_ID) {
              await github.rest.repos.createDeploymentStatus({
                owner: context.repo.owner,
                repo: context.repo.repo,
                deployment_id: process.env.DEPLOYMENT_ID,
                state: 'failure',
                description: 'Deployment failed',
              });
              console.log('❌ Deployment marked as failed');
            } else {
              console.log('⚠️ DEPLOYMENT_ID not available');
            }