Merge pull request #905 from parlemonde/ft/seed-countries #298
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow deploy the app on prod. | |
name: Deployment | |
# Triggered on every push on master | |
on: | |
push: | |
branches: [master] | |
jobs: | |
server_tsc: | |
runs-on: ubuntu-latest | |
steps: | |
# [1] checkout repo. | |
- uses: actions/checkout@v2 | |
# [2] get node. | |
- name: Use Node.js | |
uses: actions/setup-node@v2 | |
with: | |
node-version: '16.15.1' | |
# [3] install dependencies. | |
- name: Install dependencies | |
run: yarn | |
# [4] test typescript. | |
- name: Run typescript | |
run: yarn typescript:server | |
deploy: | |
runs-on: ubuntu-latest | |
needs: server_tsc # check server types before building. | |
steps: | |
- uses: actions/checkout@v2 | |
- name: Create SSH key | |
run: | | |
mkdir -p ~/.ssh/ | |
echo "$SSH_PRIVATE_KEY" > ../private.key | |
eval "$(ssh-agent -s)" | |
sudo chmod 600 ../private.key | |
ssh-add ../private.key | |
rm -rf ~/.ssh/known_hosts | |
echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts | |
shell: bash | |
env: | |
SSH_PRIVATE_KEY: ${{secrets.SSH_PRIVATE_KEY}} | |
SSH_KNOWN_HOSTS: ${{secrets.SSH_KNOWN_HOSTS}} | |
SSH_KEY_PATH: ${{ github.workspace }}/../private.key | |
- name: Create .env file | |
env: | |
HOST_URL: ${{ secrets.HOST }} | |
PLM_CLIENT_ID: ${{ secrets.CLIENT_ID }} | |
run: | | |
cat << EOF > .env | |
NEXT_PUBLIC_BASE_APP=/api | |
NEXT_PUBLIC_HOST_URL=$HOST_URL | |
NEXT_PUBLIC_PLM_HOST=https://prof.parlemonde.org | |
NEXT_PUBLIC_CLIENT_ID=$PLM_CLIENT_ID | |
EOF | |
- name: Create build version and tag | |
id: tag | |
uses: actions/github-script@v5 | |
with: | |
github-token: ${{secrets.GITHUB_TOKEN}} | |
script: | | |
const { data: tags } = await github.request("GET /repos/{owner}/{repo}/tags", context.repo); | |
const maxVersion = tags.map(t => t.name.split('.').map(n => parseInt(n, 10) || 0)).filter(v => v.length === 2).sort((a,b) => b[0] - a[0] || b[1] - a[1] || -1)[0]; | |
const newVersion = `${maxVersion[0] || 0}.${(maxVersion[1] || 0) + 1}`; | |
await github.rest.git.createRef({ | |
...context.repo, | |
ref: `refs/tags/${newVersion}`, | |
sha: context.sha | |
}); | |
return newVersion; | |
result-encoding: string | |
# Add IP to AWS sevurity group | |
- name: Add IP to AWS security group | |
uses: sohelamin/aws-security-group-add-ip-action@master | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: eu-west-3 | |
aws-security-group-id: ${{ secrets.AWS_SECURITY_GROUP_ID }} | |
port: 22 | |
description: GitHub Action | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: eu-west-3 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Build, tag, and push image to Amazon ECR | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
BUILD_VERSION: ${{ steps.tag.outputs.result }} | |
run: | | |
docker build --build-arg BUILD_VERSION=$BUILD_VERSION -t $ECR_REGISTRY/1village:latest . | |
docker push $ECR_REGISTRY/1village:latest | |
- name: Pull and run the docker image on the server | |
run: ssh -i $SSH_KEY_PATH $server "ECR_REGISTRY=$ECR_REGISTRY IMAGE=$ECR_REGISTRY/1village:latest exec sh" < ./deploy.sh | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
server: ${{secrets.SERVER}} | |
SSH_KEY_PATH: ${{ github.workspace }}/../private.key |