refac: enrollments update #253
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CD | |
on: | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
jobs: | |
deploy: | |
name: π CD Workflow | |
runs-on: ubuntu-latest | |
env: | |
AWS_INSTANCE_SG_ID: ${{ secrets.SECURITY_GROUP_ID }} | |
timeout-minutes: 5 | |
steps: | |
- name: π¦ Checkout code | |
uses: actions/checkout@v4 | |
- name: βοΈ Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
- name: Get IP Addresses | |
id: ip | |
uses: candidob/[email protected] | |
- name: βοΈ Whitelist runner ip address | |
id: whitelist-ip | |
run: | | |
aws ec2 authorize-security-group-ingress \ | |
--group-id $AWS_INSTANCE_SG_ID \ | |
--protocol tcp \ | |
--port 22 \ | |
--cidr ${{ steps.ip.outputs.ipv4}}/32 | |
- name: π Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v2 | |
- name: ποΈ Build, tag and push Image to Amazon ECR | |
env: | |
REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
REPOSITORY: unext-backend-ecr | |
IMAGE_TAG: ${{ github.sha }} | |
GIT_SECRET_PRIVATE_KEY: ${{ secrets.GIT_SECRET_PRIVATE_KEY }} | |
GIT_SECRET_PASSWORD: ${{ secrets.GIT_SECRET_PASSWORD }} | |
run: | | |
docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG \ | |
--build-arg GIT_SECRET_PRIVATE_KEY="$GIT_SECRET_PRIVATE_KEY" \ | |
--build-arg GIT_SECRET_PASSWORD="$GIT_SECRET_PASSWORD" \ | |
--no-cache --progress=plain . | |
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG | |
- name: π Deploy and start container | |
uses: appleboy/[email protected] | |
with: | |
host: ${{ secrets.HOSTNAME }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.SECRET_SSH_KEY }} | |
script: | | |
aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | docker login --username AWS --password-stdin ${{ secrets.AWS_ACCOUNT_ID }}.${{ secrets.ECR_REGISTRY }} | |
docker pull ${{ secrets.AWS_ACCOUNT_ID }}.${{ secrets.ECR_REGISTRY }}/unext-backend-ecr:${{ github.sha }} | |
docker stop unext-backend | |
docker rm unext-backend | |
docker run -d --name unext-backend -p ${{ secrets.PORT }}:${{ secrets.PORT }} ${{ secrets.AWS_ACCOUNT_ID }}.${{ secrets.ECR_REGISTRY }}/unext-backend-ecr:${{ github.sha }} | |
- name: ποΈ Revoke runner ip address | |
if: ${{ always() && steps.whitelist-ip.conclusion == 'success' }} | |
run: | | |
aws ec2 revoke-security-group-ingress \ | |
--group-id $AWS_INSTANCE_SG_ID \ | |
--protocol tcp \ | |
--port 22 \ | |
--cidr ${{ steps.ip.outputs.ipv4 }}/32 |