-
Notifications
You must be signed in to change notification settings - Fork 0
96 lines (85 loc) · 3.19 KB
/
cicd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
---
name: CI/CD
on:
workflow_run:
workflows: [ "Linter" ]
branches: [ main ]
types:
- completed
env:
ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }}
ECR_REPOSITORY: ${{ github.event.repository.name }}
IMAGE_TAG: ${{ github.sha }}
jobs:
lint:
name: Linting
permissions:
contents: read
statuses: write
# FIXME: customize uri to point to your own reusable linter repository
uses: k4mien/super-linter-bf/.github/workflows/reusable-super-linter.yaml@main
with:
filter-regex-include: src/.*
push_to_registry:
name: Push to ECR
needs: lint
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Build, tag, and push image to Amazon ECR
id: build-image
run: |
docker build --target prod --tag $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
deploy_to_server:
name: Deploy to EC2
needs: push_to_registry
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Create .env files with secrets
run: |
echo "${{ secrets.ENV_FILE_LAVALINK }}">> application.env
echo "${{ secrets.ENV_FILE_BOT }}">> bot.env
echo "IMAGE=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG">> .env
- name: SCP docker compose and lavalink config to server
uses: appleboy/[email protected]
with:
host: ${{ secrets.EC2_HOST }}
username: ${{ secrets.EC2_USERNAME }}
port: 22
key: ${{ secrets.EC2_SSH_KEY }}
rm: true
source: "./.env,./bot.env,./application.env,./compose-prod-aws.yml"
target: "~/.deploy/${{ github.event.repository.name }}/"
- name: SSH into EC2 instance and deploy
uses: appleboy/[email protected]
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ${{ secrets.AWS_REGION }}
with:
host: ${{ secrets.EC2_HOST }}
username: ${{ secrets.EC2_USERNAME }}
key: ${{ secrets.EC2_SSH_KEY }}
envs: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION, ECR_REGISTRY
script: |
aws configure set aws_access_key_id "$AWS_ACCESS_KEY_ID"
aws configure set aws_secret_access_key "$AWS_SECRET_ACCESS_KEY"
aws configure set region "$AWS_REGION"
aws ecr get-login-password | docker login -u AWS --password-stdin $ECR_REGISTRY
cd ~/.deploy/${{ github.event.repository.name }}
docker compose -f compose-prod-aws.yml pull
docker compose -f compose-prod-aws.yml up -d