03.Deploy Application to Server #36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 03.Deploy Application to Server | |
on: | |
workflow_dispatch: | |
inputs: | |
version: | |
description: "Docker image version" | |
required: true | |
default: "latest" | |
env: | |
REGISTRY: ghcr.io | |
IMAGE_NAME: ${{ github.repository }} | |
jobs: | |
deploy: | |
runs-on: ubuntu-latest | |
steps: | |
# Step 1: Checkout del repository | |
- name: Checkout the repo | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Remove old config directory | |
uses: appleboy/[email protected] | |
with: | |
host: ${{ secrets.HOST }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.PRIVATE_KEY }} | |
script: | | |
rm -r /opt/config/ | |
# Step 2: Creazione dei file di configurazione | |
- name: Create config directory | |
uses: appleboy/[email protected] | |
with: | |
host: ${{ secrets.HOST }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.PRIVATE_KEY }} | |
script: | | |
mkdir -p /opt/config/ | |
- name: Create main config file (django.cfg) | |
uses: appleboy/[email protected] | |
with: | |
host: ${{ secrets.HOST }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.PRIVATE_KEY }} | |
script: | | |
echo "DEBUG=${{ secrets.DEBUG }}" >> /opt/config/django.cfg | |
echo "SECRET_KEY=${{ secrets.SECRET_KEY }}" >> /opt/config/django.cfg | |
echo "DJANGO_ALLOWED_HOSTS=${{ secrets.DJANGO_ALLOWED_HOSTS }}" >> /opt/config/django.cfg | |
echo "SQL_ENGINE=${{ secrets.SQL_ENGINE }}" >> /opt/config/django.cfg | |
echo "DATABASE=${{ secrets.DATABASE }}" >> /opt/config/django.cfg | |
echo "POSTGRES_DB=${{ secrets.POSTGRES_DB }}" >> /opt/config/django.cfg | |
echo "POSTGRES_USER=${{ secrets.POSTGRES_USER }}" >> /opt/config/django.cfg | |
echo "POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}" >> /opt/config/django.cfg | |
echo "SQL_HOST=${{ secrets.SQL_HOST }}" >> /opt/config/django.cfg | |
echo "SQL_PORT=${{ secrets.SQL_PORT }}" >> /opt/config/django.cfg | |
echo "GOLD_POSTGRES_DB=${{ secrets.GOLD_POSTGRES_DB }}" >> /opt/config/django.cfg | |
echo "GOLD_POSTGRES_USER=${{ secrets.GOLD_POSTGRES_USER }}" >> /opt/config/django.cfg | |
echo "GOLD_POSTGRES_PASSWORD=${{ secrets.GOLD_POSTGRES_PASSWORD }}" >> /opt/config/django.cfg | |
echo "GOLD_SQL_HOST=${{ secrets.GOLD_SQL_HOST }}" >> /opt/config/django.cfg | |
echo "GOLD_SQL_PORT=${{ secrets.GOLD_SQL_PORT }}" >> /opt/config/django.cfg | |
echo "EMAIL=${{ secrets.EMAIL }}" >> /opt/config/django.cfg | |
echo "DOMAIN=${{ secrets.DOMAIN }}" >> /opt/config/django.cfg | |
- name: Creation of config file for Postgres (db.cfg) | |
uses: appleboy/[email protected] | |
with: | |
host: ${{ secrets.HOST }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.PRIVATE_KEY }} | |
script: | | |
echo "POSTGRES_DB=${{ secrets.POSTGRES_DB }}" >> /opt/config/db.cfg | |
echo "POSTGRES_USER=${{ secrets.POSTGRES_USER }}" >> /opt/config/db.cfg | |
echo "POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}" >> /opt/config/db.cfg | |
echo "SQL_HOST=${{ secrets.SQL_HOST }}" >> /opt/config/db.cfg | |
echo "SQL_PORT=${{ secrets.SQL_PORT }}" >> /opt/config/db.cfg | |
- name: Creation of config file for Gold Postgres (gold.cfg) | |
uses: appleboy/[email protected] | |
with: | |
host: ${{ secrets.HOST }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.PRIVATE_KEY }} | |
script: | | |
echo "GOLD_POSTGRES_DB=${{ secrets.GOLD_POSTGRES_DB }}" >> /opt/config/gold.cfg | |
echo "GOLD_POSTGRES_USER=${{ secrets.GOLD_POSTGRES_USER }}" >> /opt/config/gold.cfg | |
echo "GOLD_POSTGRES_PASSWORD=${{ secrets.GOLD_POSTGRES_PASSWORD }}" >> /opt/config/gold.cfg | |
echo "GOLD_SQL_HOST=${{ secrets.GOLD_SQL_HOST }}" >> /opt/config/gold.cfg | |
echo "GOLD_SQL_PORT=${{ secrets.GOLD_SQL_PORT }}" >> /opt/config/gold.cfg | |
# Step 3: SCP Docker Compose file al server | |
- name: SCP Docker Compose file | |
uses: appleboy/[email protected] | |
with: | |
host: ${{ secrets.HOST }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.PRIVATE_KEY }} | |
source: "./docker-compose.prod.yml" | |
target: "/opt/" | |
- name: Set lower case owner and repo names | |
run: | | |
echo "OWNER_LC=${{ github.repository_owner }}" >>${GITHUB_ENV} | |
echo "IMAGE_NAME=${{ github.repository }}" >>${GITHUB_ENV} | |
echo "IMAGE_NAME_LC=${IMAGE_NAME,,}" >>${GITHUB_ENV} | |
- name: Pull containers from GHCR | |
uses: appleboy/[email protected] | |
with: | |
host: ${{ secrets.HOST }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.PRIVATE_KEY }} | |
script: | | |
echo ${{ secrets.GHCR_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
docker pull ${{ env.REGISTRY }}/${IMAGE_NAME_LC}:${{ inputs.version }} | |
docker compose -f /opt/docker-compose.prod.yml up -d --force-recreate | |
# Step 5: Configurazione di Nginx | |
- name: SCP Nginx configuration | |
uses: appleboy/[email protected] | |
with: | |
host: ${{ secrets.HOST }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.PRIVATE_KEY }} | |
source: "nginx/" | |
target: "/etc/nginx/sites-available/" | |
strip_components: 1 | |
- name: Update Nginx configuration | |
uses: appleboy/[email protected] | |
with: | |
host: ${{ secrets.HOST }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.PRIVATE_KEY }} | |
script: | | |
sed -i "s/localhost/${{ secrets.DOMAIN }}/g" /etc/nginx/sites-available/nginx.conf | |
ln -s /etc/nginx/sites-available/nginx.conf /etc/nginx/sites-enabled | |
nginx -t && sudo systemctl restart nginx | |
# Step 6: Certbot per SSL | |
- name: Setup Certbot for SSL | |
uses: appleboy/[email protected] | |
with: | |
host: ${{ secrets.HOST }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.PRIVATE_KEY }} | |
script: | | |
sudo apt-get remove certbot | |
sudo snap install --classic certbot | |
sudo ln -s /snap/bin/certbot /usr/bin/certbot | |
sudo certbot --nginx --non-interactive --agree-tos --email ${{ secrets.EMAIL }} --domains ${{ secrets.DOMAIN }} | |
sudo certbot renew --dry-run |