.github/workflows/deploy.yml

name: CI/CD Pipeline

on:
  workflow_dispatch:
    inputs:
      dry_run:
        description: 'Perform a dry run'
        required: false
        default: 'true'

jobs:
  dry-run:
    if: github.event.inputs.dry_run == 'true'
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1

      - name: Log in to Amazon ECR
        env:
          AWS_REGION: ${{ secrets.AWS_REGION }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        run: |
          aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin ${{ secrets.AWS_ECR_REPOSITORY }}

      - name: Compare Docker image digests
        env:
          AWS_REGION: ${{ secrets.AWS_REGION }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        run: |
          set -e
          IMAGE_URI="${{ secrets.AWS_ECR_REPOSITORY }}:latest"
          
          echo "Fetching remote image digest..."
          REMOTE_DIGEST=$(aws ecr describe-images --repository-name wxyc_backend_service --query 'sort_by(imageDetails,& imagePushedAt)[-1].imageDigest' --output text)
          
          if [ -z "$REMOTE_DIGEST" ]; then
            echo "Failed to fetch remote image digest."
            exit 1
          fi
          
          echo "Remote Digest: $REMOTE_DIGEST"
          
          echo "Building Docker image locally..."
          docker build --platform linux/amd64 -t $IMAGE_URI .
          
          echo "Fetching local image digest..."
          LOCAL_DIGEST=$(docker inspect --format='{{index .RepoDigests 0}}' $IMAGE_URI | cut -d '@' -f 2)
          
          if [ -z "$LOCAL_DIGEST" ]; then
            echo "Failed to fetch local image digest."
            exit 1
          fi
          
          echo "Local Digest: $LOCAL_DIGEST"
          
          if [ "$REMOTE_DIGEST" = "$LOCAL_DIGEST" ]; then
            echo "The image to be deployed is the same as the current image in ECR."
          else
            echo "The image to be deployed is different from the current image in ECR."
          fi

      - name: Dry run - list Docker images
        uses: appleboy/ssh-action@v0.1.0
        with:
          host: ${{ secrets.EC2_HOST }}
          username: ${{ secrets.EC2_USER }}
          key: ${{ secrets.EC2_SSH_KEY }}
          script: |
            echo "Listing Docker images..."
            docker images
            echo "Listing running Docker containers..."
            docker ps

  build-and-deploy:
    if: github.event.inputs.dry_run != 'true'
    runs-on: ubuntu-latest

    steps:
      - name: Checkout code
        uses: actions/checkout@v2

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1

      - name: Log in to Amazon ECR
        env:
          AWS_REGION: ${{ secrets.AWS_REGION }}
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        run: |
          aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin ${{ secrets.AWS_ECR_REPOSITORY }}

      - name: Build, tag, and push Docker image to Amazon ECR
        run: |
          IMAGE_URI="${{ secrets.AWS_ECR_REPOSITORY }}:latest"
          echo "Building Docker image..."
          docker build --platform linux/amd64 -t $IMAGE_URI .
          echo "Tagging Docker image..."
          docker tag $IMAGE_URI $IMAGE_URI
          echo "Pushing Docker image to ECR..."
          docker push $IMAGE_URI

      - name: Execute remote commands via SSH
        uses: appleboy/ssh-action@v0.1.0
        with:
          host: ${{ secrets.EC2_HOST }}
          username: ${{ secrets.EC2_USER }}
          key: ${{ secrets.EC2_SSH_KEY }}
          script: |
            set -e
            export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }}
            export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}
            export AWS_DEFAULT_REGION=${{ secrets.AWS_REGION }}
            
            echo "Logging into AWS ECR..."
            aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin ${{ secrets.AWS_ECR_REPOSITORY }}
            
            echo "Pulling Docker image..."
            docker pull ${{ secrets.AWS_ECR_REPOSITORY }}:latest
            
            echo "Stopping current Docker container..."
            docker ps -q --filter ancestor=${{ secrets.AWS_ECR_REPOSITORY }}:latest | xargs -r docker stop
            
            echo "Starting new Docker container..."
            docker run -d -p 8080:8080 --env-file /path/to/.env ${{ secrets.AWS_ECR_REPOSITORY }}:latest

      - name: Confirm server is up
        uses: appleboy/ssh-action@v0.1.0
        with:
          host: ${{ secrets.EC2_HOST }}
          username: ${{ secrets.EC2_USER }}
          key: ${{ secrets.EC2_SSH_KEY }}
          script: |
            echo "Waiting for server to start..."
            sleep 30  # Adjust sleep time as needed
            echo "Checking server status..."
            if curl -s --head  --request GET http://localhost:8080 | grep "200 OK" > /dev/null; then 
              echo "Server is up and running."
            else
              echo "Server is not running. Deployment failed." >&2
              exit 1
            fi