.github/workflows/deploy.yml

# This workflow deploy the app on prod.
name: Deployment

# Triggered on every push on master
on:
  push:
    branches: [master]

jobs:
  server_tsc:
    runs-on: ubuntu-latest
    steps:
      # [1] checkout repo.
      - uses: actions/checkout@v2

      # [2] get node.
      - name: Use Node.js
        uses: actions/setup-node@v1
        with:
          node-version: '18.14.2'

      # [3] install dependencies.
      - name: Install dependencies
        run: yarn

      # [4] test typescript.
      - name: Run typescript
        run: yarn typescript:server

  deploy:
    runs-on: ubuntu-latest
    needs: server_tsc # check server types before building.
    steps:
      - uses: actions/checkout@v2

      - name: Create SSH key
        run: |
          mkdir -p ~/.ssh/
          echo "$SSH_PRIVATE_KEY" > ../private.key
          eval "$(ssh-agent -s)"
          sudo chmod 600 ../private.key
          ssh-add ../private.key
          rm -rf ~/.ssh/known_hosts
          echo "$SSH_KNOWN_HOSTS" > ~/.ssh/known_hosts
        shell: bash
        env:
          SSH_PRIVATE_KEY: ${{secrets.SSH_PRIVATE_KEY}}
          SSH_KNOWN_HOSTS: ${{secrets.SSH_KNOWN_HOSTS}}
          SSH_KEY_PATH: ${{ github.workspace }}/../private.key

      - name: Create .env file
        env:
          HOST_URL: ${{ secrets.HOST }}
          PLM_CLIENT_ID: ${{ secrets.CLIENT_ID }}
        run: |
          cat << EOF > .env
          NEXT_PUBLIC_BASE_APP=/api
          NEXT_PUBLIC_HOST_URL=$HOST_URL
          NEXT_PUBLIC_PLM_HOST=https://prof.parlemonde.org
          NEXT_PUBLIC_CLIENT_ID=$PLM_CLIENT_ID
          EOF

      - name: Add IP to AWS security group
        uses: sohelamin/aws-security-group-add-ip-action@master
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: "eu-west-3"
          aws-security-group-id: ${{ secrets.AWS_SECURITY_GROUP_ID }}
          port: "22"
          description: "GitHub Action"

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: eu-west-3

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1

      - name: Build, tag, and push image to Amazon ECR
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
        run: |
          docker build -t $ECR_REGISTRY/clap:latest .
          docker push $ECR_REGISTRY/clap:latest

      - name: Pull and run the docker image on the server
        run: ssh -i $SSH_KEY_PATH $server "ECR_REGISTRY=$ECR_REGISTRY IMAGE=$ECR_REGISTRY/clap:latest exec sh" < ./deploy.sh
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          server: ${{secrets.SERVER}}
          SSH_KEY_PATH: ${{ github.workspace }}/../private.key