-
Notifications
You must be signed in to change notification settings - Fork 43
147 lines (132 loc) · 6.23 KB
/
dokku-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
name: Deploy to Dokku
on:
pull_request:
branches: [ master, rc, dev ]
types: [ opened, reopened, synchronize, closed, labeled, unlabeled ]
push:
branches: [ master, rc, dev ]
jobs:
deploy:
runs-on: ubuntu-latest
# only run when commit is pushed to master/rc/dev
if: github.event_name == 'push'
steps:
- name: Cloning repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Add public IP to AWS security group
uses: uxxman/aws-security-group-add-ip-action@patch-1
with:
aws-access-key-id: ${{ secrets.DOKKU_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.DOKKU_AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.DOKKU_AWS_REGION }}
aws-security-group-id: ${{ secrets.DOKKU_AWS_SECURITY_GROUP_ID }}
port: '22'
to-port: '30'
protocol: 'tcp'
description: 'GitHub Action'
- name: Push to dokku
uses: dokku/github-action@master
with:
git_remote_url: ${{ secrets.DOKKU_GIT_REMOTE }}
ssh_private_key: ${{ secrets.DOKKU_SSH_PRIVATE_KEY }}
git_push_flags: '--force'
review_app:
runs-on: ubuntu-latest
# only run when a PR is opened/reopened/synchronize with label:deploy-review-app OR the label is added in open PR
if: github.event_name == 'pull_request' && github.event.pull_request.state == 'open' && (github.event.action == 'opened' || github.event.action == 'reopened' || github.event.action == 'synchronize' || github.event.action == 'labeled') && contains( github.event.pull_request.labels.*.name, 'deploy-review-app')
steps:
- name: Cloning repo
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Add public IP to AWS security group
uses: uxxman/aws-security-group-add-ip-action@patch-1
with:
aws-access-key-id: ${{ secrets.DOKKU_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.DOKKU_AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.DOKKU_AWS_REGION }}
aws-security-group-id: ${{ secrets.DOKKU_AWS_SECURITY_GROUP_ID }}
port: '22'
to-port: '30'
protocol: 'tcp'
description: 'GitHub Action'
- name: Push to dokku
uses: dokku/github-action@master
with:
# create a review app
command: review-apps:create
review_app_name: review-${{ github.event.pull_request.number }}
git_remote_url: ${{ secrets.DOKKU_GIT_REMOTE }}
ssh_private_key: ${{ secrets.DOKKU_SSH_PRIVATE_KEY }}
ssh_host_key: ${{ secrets.DOKKU_SSH_HOST_KEY }}
git_push_flags: '--force'
- name: Add TSL/SSL certificate to the review-app
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.DOKKU_HOST }}
key: ${{ secrets.DOKKU_SSH_PRIVATE_KEY }}
username: ubuntu
script: dokku letsencrypt:active review-${{ github.event.pull_request.number }} || dokku letsencrypt:enable review-${{ github.event.pull_request.number }}
- name: Add deployed review-app link in PR comment
uses: mshick/add-pr-comment@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
message: |
Deployed review-app can be viewed at [https://review-${{ github.event.pull_request.number }}.violet-test.net](https://review-${{ github.event.pull_request.number }}.violet-test.net)
allow-repeats: true
checklabel:
runs-on: ubuntu-latest
if: github.event_name == 'pull_request' && ((github.event.pull_request.state == 'open' && github.event.action == 'unlabeled') || github.event.action == 'closed')
outputs:
deploy_review_app_removed: ${{ steps.check.outputs.deploy_review_app_removed }}
steps:
- name: Check if label:deploy-review-app was removed
id: check
env:
GITHUB_TOKEN: ${{ github.token }}
run: |
pr=${{ github.event.number }}
label=$(gh api "repos/$GITHUB_REPOSITORY/issues/$pr/events" \
--jq 'map(select(.event == "unlabeled"))[-1].label.name')
if [[ $label == 'deploy-review-app' ]]; then
echo "deploy_review_app_removed=true" >> $GITHUB_OUTPUT
fi
destroy_review_app:
needs: checklabel
runs-on: ubuntu-latest
# only run when a pull request with label:deploy-review-app is closed OR the label is removed from open PR
if: github.event_name == 'pull_request' && ((github.event.action == 'closed' && contains(github.event.pull_request.labels.*.name, 'deploy-review-app')) || (github.event.pull_request.state == 'open' && github.event.action == 'unlabeled' && needs.checklabel.outputs.deploy_review_app_removed))
steps:
- name: Add public IP to AWS security group
uses: uxxman/aws-security-group-add-ip-action@patch-1
with:
aws-access-key-id: ${{ secrets.DOKKU_AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.DOKKU_AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.DOKKU_AWS_REGION }}
aws-security-group-id: ${{ secrets.DOKKU_AWS_SECURITY_GROUP_ID }}
port: '22'
to-port: '30'
protocol: 'tcp'
description: 'GitHub Action'
- name: Destroy the review app
uses: dokku/github-action@master
with:
# destroy a review app
command: review-apps:destroy
review_app_name: review-${{ github.event.pull_request.number }}
git_remote_url: ${{ secrets.DOKKU_GIT_REMOTE }}
ssh_private_key: ${{ secrets.DOKKU_SSH_PRIVATE_KEY }}
ssh_host_key: ${{ secrets.DOKKU_SSH_HOST_KEY }}
git_push_flags: '--force'
- name: Destroy review-app-db and review-app-redis
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.DOKKU_HOST }}
key: ${{ secrets.DOKKU_SSH_PRIVATE_KEY }}
username: ubuntu
script: |
dokku postgres:exists review-${{ github.event.pull_request.number }}-db && dokku postgres:destroy review-${{ github.event.pull_request.number }}-db --force
dokku redis:exists review-${{ github.event.pull_request.number }}-redis && dokku redis:destroy review-${{ github.event.pull_request.number }}-redis --force