Merge branch 'main' into deploy #55
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | |
| on: | |
| push: | |
| branches: [deploy] | |
| env: | |
| REGISTRY: ${{ secrets.DOCKER_REGISTRY }} | |
| IMAGE_NAME: ${{ secrets.DOCKER_IMAGE }} | |
| PRODUCTION_DOT_ENV: ${{ secrets.PRODUCTION_DOT_ENV }} | |
| SERVER_APP_DIRECTORY: ${{ secrets.SERVER_APP_DIRECTORY }} | |
| DIGITALOCEAN_ACCESS_TOKEN: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} | |
| HOST_URL: ${{ secrets.HOST_URL }} | |
| jobs: | |
| build-and-push: | |
| name: Build image and push to DO registry | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout the repo | |
| uses: actions/checkout@v4 | |
| - name: Set up Python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: "3.10" | |
| - name: Install Poetry | |
| run: | | |
| curl -sSL https://install.python-poetry.org | python - | |
| - name: Install dependencies | |
| working-directory: . | |
| run: poetry install | |
| - name: Make sure browsers are installed for Playwright | |
| run: poetry run playwright install --with-deps | |
| - name: Run tests | |
| run: TEST_MODE=yes poetry run pytest app.py --base-url http://localhost:5002 | |
| continue-on-error: false | |
| - name: Freeze dependencies | |
| run: poetry export --without-hashes -f requirements.txt --output requirements.txt | |
| - name: Install doctl | |
| uses: digitalocean/action-doctl@v2 | |
| with: | |
| token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} | |
| - name: Build image | |
| run: docker build -t $(echo $REGISTRY)/$(echo $IMAGE_NAME):$(echo $GITHUB_SHA | head -c7) . | |
| - name: Log in to DigitalOcean Container Registry with short-lived credentials | |
| run: doctl registry login --expiry-seconds 600 | |
| - name: Push image to DigitalOcean Container Registry | |
| run: docker push $(echo $REGISTRY)/$(echo $IMAGE_NAME):$(echo $GITHUB_SHA | head -c7) | |
| deploy: | |
| name: Deploy | |
| runs-on: ubuntu-latest | |
| needs: build-and-push | |
| steps: | |
| - name: Checkout the repo | |
| uses: actions/checkout@v4 | |
| - name: Config env | |
| run: | | |
| echo "IMAGE_TAG=$(echo $GITHUB_SHA | head -c7)" >> $GITHUB_ENV | |
| - name: Config docker compose | |
| uses: appleboy/scp-action@v0.1.7 | |
| with: | |
| host: ${{ secrets.HOST_IP }} | |
| username: root | |
| key: ${{ secrets.SSHKEY }} | |
| passphrase: ${{ secrets.PASSPHRASE }} | |
| source: "config/docker-compose.yml" | |
| strip_components: 1 | |
| target: ${{ secrets.SERVER_APP_DIRECTORY }} | |
| - name: Config nginx | |
| uses: appleboy/scp-action@v0.1.7 | |
| with: | |
| host: ${{ secrets.HOST_IP }} | |
| username: root | |
| key: ${{ secrets.SSHKEY }} | |
| passphrase: ${{ secrets.PASSPHRASE }} | |
| source: "config/nginx/site-confs/default.conf" | |
| strip_components: 1 | |
| # change this if you change volumes mapping for swag in docker-compose.yml | |
| target: /etc/config/swag | |
| - name: Deploy to Digital Ocean droplet via SSH action | |
| uses: appleboy/ssh-action@v1.1.0 | |
| with: | |
| host: ${{ secrets.HOST_IP }} | |
| username: root | |
| key: ${{ secrets.SSHKEY }} | |
| passphrase: ${{ secrets.PASSPHRASE }} | |
| envs: SERVER_APP_DIRECTORY,IMAGE_NAME,REGISTRY,DIGITALOCEAN_ACCESS_TOKEN,GITHUB_SHA,PRODUCTION_DOT_ENV,HOST_URL,IMAGE_TAG | |
| script: | | |
| # Login to registry | |
| docker login -u $(echo DIGITALOCEAN_ACCESS_TOKEN) -p $(echo DIGITALOCEAN_ACCESS_TOKEN) registry.digitalocean.com | |
| # Stop running containers | |
| if [ "$(docker ps -q -f name=$(echo $IMAGE_NAME))" ]; then | |
| docker stop $(echo $IMAGE_NAME) | |
| fi | |
| # Remove old containers | |
| if [ "$(docker ps -aq -f status=exited -f name=$(echo $IMAGE_NAME))" ]; then | |
| docker rm $(echo $IMAGE_NAME) | |
| fi | |
| # set up directories for the app | |
| if [ ! -d "$(echo $SERVER_APP_DIRECTORY)" ]; then | |
| mkdir $(echo $SERVER_APP_DIRECTORY) | |
| fi | |
| if [ ! -d "$(echo $SERVER_APP_DIRECTORY)/data" ]; then | |
| mkdir $(echo $SERVER_APP_DIRECTORY)/data | |
| fi | |
| # app configuration | |
| echo "$PRODUCTION_DOT_ENV" > $(echo $SERVER_APP_DIRECTORY)/.env | |
| cd $(echo $SERVER_APP_DIRECTORY) | |
| docker compose down | |
| docker compose up -d | |
| - name: Check the deployed service URL | |
| uses: jtalk/url-health-check-action@v4 | |
| with: | |
| url: ${{ secrets.HEALTH_CHECK_URL }} | |
| max-attempts: 3 | |
| retry-delay: 5s |