To-Staging #770
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow push the branch on the staging server to be tested. | |
name: To-Staging | |
# Manual trigger | |
on: workflow_dispatch | |
jobs: | |
deploy: | |
runs-on: ubuntu-latest | |
steps: | |
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it | |
- uses: actions/checkout@v2 | |
# Create ssh key | |
- name: Create SSH key | |
run: | | |
mkdir -p ~/.ssh/ | |
echo "$SSH_PRIVATE_KEY" > ../private.key | |
eval "$(ssh-agent -s)" | |
sudo chmod 600 ../private.key | |
ssh-add ../private.key | |
rm -rf ~/.ssh/known_hosts | |
echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts | |
shell: bash | |
env: | |
SSH_PRIVATE_KEY: ${{secrets.SSH_PRIVATE_KEY}} | |
SSH_KNOWN_HOSTS: ${{secrets.SSH_KNOWN_HOSTS}} | |
SSH_KEY_PATH: ${{ github.workspace }}/../private.key | |
- name: Create .env file | |
env: | |
HOST_URL: ${{ secrets.STAGING_HOST }} | |
PLM_CLIENT_ID: ${{ secrets.STAGING_CLIENT_ID }} | |
run: | | |
cat << EOF > .env | |
NEXT_PUBLIC_BASE_APP=/api | |
NEXT_PUBLIC_HOST_URL=$HOST_URL | |
NEXT_PUBLIC_PLM_HOST=https://prof.parlemonde.org | |
NEXT_PUBLIC_CLIENT_ID=$PLM_CLIENT_ID | |
EOF | |
- name: Remove robots.txt | |
run: | | |
rm public/robots.txt | |
- name: Add IP to AWS security group | |
uses: sohelamin/aws-security-group-add-ip-action@master | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: eu-west-3 | |
aws-security-group-id: ${{ secrets.AWS_SECURITY_GROUP_ID_STAGING }} | |
port: '22' | |
description: 'GitHub Action' | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: eu-west-3 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Build, tag, and push image to Amazon ECR | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
run: | | |
docker build -t $ECR_REGISTRY/1village:staging . | |
docker push $ECR_REGISTRY/1village:staging | |
- name: Pull and run the docker image on the server | |
run: ssh -i $SSH_KEY_PATH $server "ECR_REGISTRY=$ECR_REGISTRY IMAGE=$ECR_REGISTRY/1village:staging exec sh" < ./deploy.sh | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
server: ${{secrets.STAGING_SERVER}} | |
SSH_KEY_PATH: ${{ github.workspace }}/../private.key |