From a1bcd6fc52a43fb27a954f0a27de7c70e1db8633 Mon Sep 17 00:00:00 2001 From: Joabesv Date: Thu, 5 Oct 2023 21:23:01 -0300 Subject: [PATCH 01/20] chore: remove dotenv from common --- packages/common/config.ts | 23 ----------------------- packages/common/lib/logger.ts | 5 ++--- packages/common/package.json | 4 +--- 3 files changed, 3 insertions(+), 29 deletions(-) delete mode 100644 packages/common/config.ts diff --git a/packages/common/config.ts b/packages/common/config.ts deleted file mode 100644 index a722518a..00000000 --- a/packages/common/config.ts +++ /dev/null @@ -1,23 +0,0 @@ -import { config as dotEnvConfig } from 'dotenv'; -import { z } from 'zod'; - -if (process.env.NODE_ENV === 'test') { - dotEnvConfig({ path: '.env.test' }); -} else { - dotEnvConfig(); -} - -const envSchema = z.object({ - // Local machine - NODE_ENV: z.enum(['dev', 'test', 'prod']).default('dev'), -}); - -const _env = envSchema.safeParse(process.env); - -if (!_env.success) { - console.error('invalid envs', _env.error.format()); - throw new Error('Invalid environments variables'); -} - -export type Config = z.infer; -export const Config = _env.data; diff --git a/packages/common/lib/logger.ts b/packages/common/lib/logger.ts index 844a1728..52fa80e6 100644 --- a/packages/common/lib/logger.ts +++ b/packages/common/lib/logger.ts @@ -1,6 +1,5 @@ import { pino } from 'pino'; import { PrettyOptions } from 'pino-pretty'; -import { Config } from '../config'; const pinoPrettyOptions = { destination: 1, @@ -20,7 +19,7 @@ const loggerSetup = { test: false, }; -function buildLogger(nodeEnv: Config['NODE_ENV']) { +function buildLogger(nodeEnv: string = 'dev') { if (nodeEnv === 'dev') { const logger = pino(loggerSetup.dev); return logger; @@ -30,4 +29,4 @@ function buildLogger(nodeEnv: Config['NODE_ENV']) { } } -export const logger = buildLogger(Config.NODE_ENV); +export const logger = buildLogger(process.env.NODE_ENV); diff --git a/packages/common/package.json b/packages/common/package.json index 6e7e578f..ffc20aa2 100644 --- a/packages/common/package.json +++ b/packages/common/package.json @@ -26,8 +26,6 @@ "typescript": "^5.2.2" }, "dependencies": { - "dotenv": "^16.3.1", - "pino": "^8.15.3", - "zod": "^3.22.2" + "pino": "^8.15.3" } } From a04a274614adb8383d1df22c99fa2b4249b6aee4 Mon Sep 17 00:00:00 2001 From: Joabesv Date: Thu, 5 Oct 2023 22:39:35 -0300 Subject: [PATCH 02/20] chore: rerun pipe --- .github/workflows/cd.yml | 22 +++++++++++++--------- Dockerfile | 8 +++++--- apps/core/src/config/config.ts | 1 + pnpm-lock.yaml | 6 ------ 4 files changed, 19 insertions(+), 18 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 5a3136ea..1d233bbf 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -4,6 +4,9 @@ on: push: branches: - main + pull_request: + # keep only for debugging + types: [opened, synchronize] workflow_dispatch: jobs: @@ -40,14 +43,15 @@ jobs: REPOSITORY: ufabc-next-backend IMAGE_TAG: ${{ github.sha }} run: | - docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG . + echo ${{ secrets }} > .env.production + docker build --build-arg=ARG_VALUE -t $REGISTRY/$REPOSITORY:$IMAGE_TAG . docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG - - name: Deploy to EC2 Instance - uses: appleboy/ssh-action@v1.0.0 - with: - host: ${{ secrets.EC2_HOST }} - username: ${{ secrets.EC2_USERNAME }} - key: ${{ secrets.EC2_KEY }} - script: | - cat ~/.ssh/id_rsa + - name: Deploy to my EC2 instance + uses: easingthemes/ssh-deploy@v4.1.0 + env: + SSH_PRIVATE_KEY: ${{ secrets.EC2_KEY }} + SOURCE: './' + REMOTE_HOST: ${{ secrets.EC2_HOST }} + REMOTE_USER: ${{ secrets.EC2_USERNAME }} + TARGET: '/home/ec2-user/workspace' diff --git a/Dockerfile b/Dockerfile index 307a59fc..0ef108d7 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,7 +16,7 @@ COPY pnpm*.yaml ./ # mount pnpm store as cache & fetch dependencies RUN --mount=type=cache,id=pnpm-store,target=/root/.local/share/pnpm-store \ - pnpm fetch + pnpm fetch --ignore-scripts FROM fetcher as builder # specify the app in apps/ we want to build @@ -25,16 +25,18 @@ ENV APP_NAME=${APP_NAME} WORKDIR /workspace COPY . . -RUN pnpm install --frozen-lockfile --offline --silent +RUN pnpm i --frozen-lockfile --offline --silent # build app + RUN --mount=type=cache,target=/workspace/node_modules/.cache \ pnpm turbo run build --filter="${APP_NAME}" # deploy app FROM builder as deployer WORKDIR /workspace -RUN pnpm --filter ${APP_NAME} deploy --prod ./out +RUN export NODE_ENV=prod +RUN pnpm --filter ${APP_NAME} deploy --prod --ignore-scripts ./out FROM runtime as runner WORKDIR /workspace diff --git a/apps/core/src/config/config.ts b/apps/core/src/config/config.ts index b5379556..3d49e73c 100644 --- a/apps/core/src/config/config.ts +++ b/apps/core/src/config/config.ts @@ -1,6 +1,7 @@ import { config as dotEnvConfig } from 'dotenv'; import { z } from 'zod'; +// eslint-disable-next-line if (process.env.NODE_ENV === 'test') { dotEnvConfig({ path: '.env.test' }); } else { diff --git a/pnpm-lock.yaml b/pnpm-lock.yaml index bb13cdbd..04d2bddb 100644 --- a/pnpm-lock.yaml +++ b/pnpm-lock.yaml @@ -200,15 +200,9 @@ importers: packages/common: dependencies: - dotenv: - specifier: ^16.3.1 - version: 16.3.1 pino: specifier: ^8.15.3 version: 8.15.3 - zod: - specifier: ^3.22.2 - version: 3.22.2 devDependencies: '@types/node': specifier: ^20.8.0 From 013368e019105f4e41d79db967581fc36cf878b1 Mon Sep 17 00:00:00 2001 From: Joabesv Date: Fri, 6 Oct 2023 01:14:09 -0300 Subject: [PATCH 03/20] do it the hard way --- .github/workflows/cd.yml | 34 ++++++++++++++-------------------- 1 file changed, 14 insertions(+), 20 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 1d233bbf..f309d980 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -20,16 +20,9 @@ jobs: - name: Configure AWS credentials uses: aws-actions/configure-aws-credentials@v4 with: - aws-access-key-id: ${{ secrets.ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.SECRET_ACCESS_KEY }} - aws-region: us-east-1 - - - name: Retrieve AWS Secrets - uses: aws-actions/aws-secretsmanager-get-secrets@v1 - with: - secret-ids: | - staging/next-staging - # parse-json-secrets: true + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_REGION }} - name: Login to Amazon ECR id: login-ecr @@ -43,15 +36,16 @@ jobs: REPOSITORY: ufabc-next-backend IMAGE_TAG: ${{ github.sha }} run: | - echo ${{ secrets }} > .env.production - docker build --build-arg=ARG_VALUE -t $REGISTRY/$REPOSITORY:$IMAGE_TAG . + echo ${{ secrets.PRODUCTION_ENV }} > .env.production + docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG . docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG - - name: Deploy to my EC2 instance - uses: easingthemes/ssh-deploy@v4.1.0 - env: - SSH_PRIVATE_KEY: ${{ secrets.EC2_KEY }} - SOURCE: './' - REMOTE_HOST: ${{ secrets.EC2_HOST }} - REMOTE_USER: ${{ secrets.EC2_USERNAME }} - TARGET: '/home/ec2-user/workspace' + - name: SSH into EC2 instance and pull the latest image + run: | + ssh -i ${{ secrets.EC2_KEY }} ec2-user@${{ secrets.EC2_HOST }} 'docker pull ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' + + - name: SSH into EC2 instance and restart Docker container + run: | + ssh -i ${{ secrets.EC2_KEY }} ec2-user@${{ secrets.EC2_HOST }} 'docker stop ufabc-next-backend' + ssh -i ${{ secrets.EC2_KEY }} ec2-user@${{ secrets.EC2_HOST }} 'docker rm ufabc-next-backend' + ssh -i ${{ secrets.EC2_KEY }} ec2-user@${{ secrets.EC2_HOST }} 'docker run -d --name ufabc-next-backend -p 3000:3000 ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' From 2d35c24547317e8d2d75149a997a8495d26a1d96 Mon Sep 17 00:00:00 2001 From: Joabesv Date: Fri, 6 Oct 2023 01:19:17 -0300 Subject: [PATCH 04/20] fix --- .github/workflows/cd.yml | 12 ++++++++---- 1 file changed, 8 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index f309d980..99ca9787 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -42,10 +42,14 @@ jobs: - name: SSH into EC2 instance and pull the latest image run: | - ssh -i ${{ secrets.EC2_KEY }} ec2-user@${{ secrets.EC2_HOST }} 'docker pull ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' + echo ${{ secrets.EC2_KEY }} > deploy.pem + ssh -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker pull ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' + rm deploy.pem - name: SSH into EC2 instance and restart Docker container run: | - ssh -i ${{ secrets.EC2_KEY }} ec2-user@${{ secrets.EC2_HOST }} 'docker stop ufabc-next-backend' - ssh -i ${{ secrets.EC2_KEY }} ec2-user@${{ secrets.EC2_HOST }} 'docker rm ufabc-next-backend' - ssh -i ${{ secrets.EC2_KEY }} ec2-user@${{ secrets.EC2_HOST }} 'docker run -d --name ufabc-next-backend -p 3000:3000 ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' + echo ${{ secrets.EC2_KEY }} > deploy.pem + ssh -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker stop ufabc-next-backend' + ssh -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker rm ufabc-next-backend' + ssh -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker run -d --name ufabc-next-backend -p 3000:3000 ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' + rm deploy.pem From bcf5af9b36369cd843cfdf5c77689b17a61ffa79 Mon Sep 17 00:00:00 2001 From: Joabesv Date: Fri, 6 Oct 2023 01:21:45 -0300 Subject: [PATCH 05/20] fix --- .github/workflows/cd.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 99ca9787..665989b1 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -42,12 +42,14 @@ jobs: - name: SSH into EC2 instance and pull the latest image run: | + touch deploy.pem echo ${{ secrets.EC2_KEY }} > deploy.pem ssh -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker pull ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' rm deploy.pem - name: SSH into EC2 instance and restart Docker container run: | + touch deploy.pem echo ${{ secrets.EC2_KEY }} > deploy.pem ssh -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker stop ufabc-next-backend' ssh -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker rm ufabc-next-backend' From ee7028e1c96112a03c1051e32ccda5fd3e4c55fa Mon Sep 17 00:00:00 2001 From: Joabesv Date: Fri, 6 Oct 2023 01:27:27 -0300 Subject: [PATCH 06/20] fix --- .github/workflows/cd.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 665989b1..2a3335dd 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -43,14 +43,14 @@ jobs: - name: SSH into EC2 instance and pull the latest image run: | touch deploy.pem - echo ${{ secrets.EC2_KEY }} > deploy.pem + echo "${{ secrets.EC2_KEY }}"" > deploy.pem ssh -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker pull ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' rm deploy.pem - name: SSH into EC2 instance and restart Docker container run: | touch deploy.pem - echo ${{ secrets.EC2_KEY }} > deploy.pem + echo "${{ secrets.EC2_KEY }}"" > deploy.pem ssh -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker stop ufabc-next-backend' ssh -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker rm ufabc-next-backend' ssh -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker run -d --name ufabc-next-backend -p 3000:3000 ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' From 946b2ea926fc8e6cf69a21a8aecd2bf4aac9ea8e Mon Sep 17 00:00:00 2001 From: Joabesv Date: Fri, 6 Oct 2023 01:43:26 -0300 Subject: [PATCH 07/20] fix please --- .github/workflows/cd.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 2a3335dd..b3f1e918 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -12,7 +12,8 @@ on: jobs: deploy: runs-on: ubuntu-latest - + env: + $PRIVATE_KEY: ${{ secrets.EC2_KEY }} steps: - name: Checkout code uses: actions/checkout@v4 @@ -43,14 +44,14 @@ jobs: - name: SSH into EC2 instance and pull the latest image run: | touch deploy.pem - echo "${{ secrets.EC2_KEY }}"" > deploy.pem + echo "$PRIVATE_KEY" > deploy.pem ssh -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker pull ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' rm deploy.pem - name: SSH into EC2 instance and restart Docker container run: | touch deploy.pem - echo "${{ secrets.EC2_KEY }}"" > deploy.pem + echo "$PRIVATE_KEY" > deploy.pem ssh -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker stop ufabc-next-backend' ssh -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker rm ufabc-next-backend' ssh -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker run -d --name ufabc-next-backend -p 3000:3000 ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' From c584e2cdb0dae3a20a0871fb31ace71aa8c84cf2 Mon Sep 17 00:00:00 2001 From: Joabesv Date: Fri, 6 Oct 2023 01:46:23 -0300 Subject: [PATCH 08/20] fix please --- .github/workflows/cd.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index b3f1e918..568dc58e 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -45,14 +45,14 @@ jobs: run: | touch deploy.pem echo "$PRIVATE_KEY" > deploy.pem - ssh -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker pull ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' + ssh StrictHostKeyChecking=no -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker pull ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' rm deploy.pem - name: SSH into EC2 instance and restart Docker container run: | touch deploy.pem echo "$PRIVATE_KEY" > deploy.pem - ssh -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker stop ufabc-next-backend' - ssh -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker rm ufabc-next-backend' - ssh -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker run -d --name ufabc-next-backend -p 3000:3000 ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' + ssh StrictHostKeyChecking=no -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker stop ufabc-next-backend' + ssh StrictHostKeyChecking=no -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker rm ufabc-next-backend' + ssh StrictHostKeyChecking=no -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker run -d --name ufabc-next-backend -p 3000:3000 ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' rm deploy.pem From feaa4697ebc26d3b45b625ae30c58322f612cc61 Mon Sep 17 00:00:00 2001 From: Joabesv Date: Fri, 6 Oct 2023 09:55:54 -0300 Subject: [PATCH 09/20] try again --- .github/workflows/cd.yml | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 568dc58e..4a17f109 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -25,6 +25,10 @@ jobs: aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ${{ secrets.AWS_REGION }} + - name: Get Github action IP + id: ip + uses: haythem/public-ip@v1.2 + - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v2 @@ -41,18 +45,21 @@ jobs: docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG . docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG - - name: SSH into EC2 instance and pull the latest image + - name: Add Github Actions IP to Security group run: | - touch deploy.pem - echo "$PRIVATE_KEY" > deploy.pem - ssh StrictHostKeyChecking=no -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker pull ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' - rm deploy.pem + aws ec2 authorize-security-group-ingress --group-name ${{ secrets.AWS_SG_NAME }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }} - - name: SSH into EC2 instance and restart Docker container - run: | - touch deploy.pem - echo "$PRIVATE_KEY" > deploy.pem - ssh StrictHostKeyChecking=no -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker stop ufabc-next-backend' - ssh StrictHostKeyChecking=no -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker rm ufabc-next-backend' - ssh StrictHostKeyChecking=no -i deploy.pem ec2-user@${{ secrets.EC2_HOST }} 'docker run -d --name ufabc-next-backend -p 3000:3000 ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' - rm deploy.pem + - name: Deploy to prod server + uses: appleboy/ssh-action@master + with: + host: ${{ secrets.EC2_HOST }} + username: ${{ secrets.EC2_USERNAME }} + key: ${{ secrets.EC2_KEY }} + script: | + ssh ${{ secrets.EC2_USERNAME }}@${{ secrets.EC2_HOST }} 'docker pull ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' + + ssh 'docker run -d --name ufabc-next-backend -p 3000:3000 ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' From e88108c73d83dba9ce1d2c9bfa56cc56c061f220 Mon Sep 17 00:00:00 2001 From: Joabesv Date: Sun, 8 Oct 2023 14:19:17 -0300 Subject: [PATCH 10/20] rerun --- .github/workflows/cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 4a17f109..edca54b4 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -58,7 +58,7 @@ jobs: with: host: ${{ secrets.EC2_HOST }} username: ${{ secrets.EC2_USERNAME }} - key: ${{ secrets.EC2_KEY }} + key: ${{ secrets.SECRET_SSH_KEY }} script: | ssh ${{ secrets.EC2_USERNAME }}@${{ secrets.EC2_HOST }} 'docker pull ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' From fdd144fa0c5702948d2e5e50bf0cc910cc528d04 Mon Sep 17 00:00:00 2001 From: Joabesv Date: Sun, 8 Oct 2023 14:41:34 -0300 Subject: [PATCH 11/20] almost there --- .github/workflows/cd.yml | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index edca54b4..82bd67fc 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -45,13 +45,13 @@ jobs: docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG . docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG - - name: Add Github Actions IP to Security group - run: | - aws ec2 authorize-security-group-ingress --group-name ${{ secrets.AWS_SG_NAME }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }} + # - name: Add Github Actions IP to Security group + # run: | + # aws ec2 authorize-security-group-ingress --group-name ${{ secrets.AWS_SG_NAME }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 + # env: + # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY }} + # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + # AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }} - name: Deploy to prod server uses: appleboy/ssh-action@master @@ -60,6 +60,6 @@ jobs: username: ${{ secrets.EC2_USERNAME }} key: ${{ secrets.SECRET_SSH_KEY }} script: | - ssh ${{ secrets.EC2_USERNAME }}@${{ secrets.EC2_HOST }} 'docker pull ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' + ssh ec2-user@ec2-3-90-140-60.compute-1.amazonaws.com 'docker pull 643837240126.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' - ssh 'docker run -d --name ufabc-next-backend -p 3000:3000 ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' + ssh 'docker run -d --name ufabc-next-backend -p 3000:3000 643837240126.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' From c5987755585d57ed42223c5e445118679896f221 Mon Sep 17 00:00:00 2001 From: Joabesv Date: Sun, 8 Oct 2023 15:01:04 -0300 Subject: [PATCH 12/20] almost there --- .github/workflows/cd.yml | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 82bd67fc..ff1476ff 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -12,8 +12,6 @@ on: jobs: deploy: runs-on: ubuntu-latest - env: - $PRIVATE_KEY: ${{ secrets.EC2_KEY }} steps: - name: Checkout code uses: actions/checkout@v4 @@ -56,8 +54,8 @@ jobs: - name: Deploy to prod server uses: appleboy/ssh-action@master with: - host: ${{ secrets.EC2_HOST }} - username: ${{ secrets.EC2_USERNAME }} + host: ${{ secrets.HOSTNAME }} + username: ${{ secrets.USERNAME }} key: ${{ secrets.SECRET_SSH_KEY }} script: | ssh ec2-user@ec2-3-90-140-60.compute-1.amazonaws.com 'docker pull 643837240126.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' From 354821163a63359f1cca0587b4ef11b4243ba9a9 Mon Sep 17 00:00:00 2001 From: Joabesv Date: Sun, 8 Oct 2023 15:10:25 -0300 Subject: [PATCH 13/20] teste --- .github/workflows/cd.yml | 19 ++++++++----------- 1 file changed, 8 insertions(+), 11 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index ff1476ff..e75f9648 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -43,13 +43,13 @@ jobs: docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG . docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG - # - name: Add Github Actions IP to Security group - # run: | - # aws ec2 authorize-security-group-ingress --group-name ${{ secrets.AWS_SG_NAME }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 - # env: - # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY }} - # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - # AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }} + - name: Add Github Actions IP to Security group + run: | + aws ec2 authorize-security-group-ingress --group-name ${{ secrets.AWS_SG_NAME }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }} - name: Deploy to prod server uses: appleboy/ssh-action@master @@ -57,7 +57,4 @@ jobs: host: ${{ secrets.HOSTNAME }} username: ${{ secrets.USERNAME }} key: ${{ secrets.SECRET_SSH_KEY }} - script: | - ssh ec2-user@ec2-3-90-140-60.compute-1.amazonaws.com 'docker pull 643837240126.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' - - ssh 'docker run -d --name ufabc-next-backend -p 3000:3000 643837240126.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }}' + script: whoami From b297c7b86c7361e7096854304c6c2634e885a43b Mon Sep 17 00:00:00 2001 From: Joabesv Date: Sun, 8 Oct 2023 15:28:03 -0300 Subject: [PATCH 14/20] testemos --- .github/workflows/cd.yml | 15 ++------------- 1 file changed, 2 insertions(+), 13 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index e75f9648..3b797f7e 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -23,10 +23,6 @@ jobs: aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ${{ secrets.AWS_REGION }} - - name: Get Github action IP - id: ip - uses: haythem/public-ip@v1.2 - - name: Login to Amazon ECR id: login-ecr uses: aws-actions/amazon-ecr-login@v2 @@ -43,18 +39,11 @@ jobs: docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG . docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG - - name: Add Github Actions IP to Security group - run: | - aws ec2 authorize-security-group-ingress --group-name ${{ secrets.AWS_SG_NAME }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }} - - name: Deploy to prod server uses: appleboy/ssh-action@master with: host: ${{ secrets.HOSTNAME }} username: ${{ secrets.USERNAME }} key: ${{ secrets.SECRET_SSH_KEY }} - script: whoami + script: | + aws ecr get-login-password From 16d24294b74f6edf9f798fa45d5de39eebb59023 Mon Sep 17 00:00:00 2001 From: Joabesv Date: Sun, 8 Oct 2023 21:37:03 -0300 Subject: [PATCH 15/20] testemos --- .github/workflows/cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 3b797f7e..46de62c5 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -46,4 +46,4 @@ jobs: username: ${{ secrets.USERNAME }} key: ${{ secrets.SECRET_SSH_KEY }} script: | - aws ecr get-login-password + docker pull 643837240126.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }} From 42af64b3297826e65ad12721cac4d0a22aa7e942 Mon Sep 17 00:00:00 2001 From: Joabesv Date: Sun, 8 Oct 2023 23:30:35 -0300 Subject: [PATCH 16/20] make it more secure, maybe --- .github/workflows/cd.yml | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 46de62c5..9934f415 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -39,11 +39,12 @@ jobs: docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG . docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG - - name: Deploy to prod server - uses: appleboy/ssh-action@master + - name: Deploy and start container + uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOSTNAME }} username: ${{ secrets.USERNAME }} key: ${{ secrets.SECRET_SSH_KEY }} script: | - docker pull 643837240126.dkr.ecr.us-east-1.amazonaws.com/ufabc-next-backend:${{ github.sha }} + docker pull ${{ secrets.AWS_ACCOUNT_ID }}.${{ steps.login-ecr.outputs.registry }}/ufabc-next-backend:${{ github.sha }} + docker run -d --name ufabc-next-backend -p ${{ secrets.PORT }}:${{ secrets.PORT }} ${{ secrets.AWS_ACCOUNT_ID }}.${{ steps.login-ecr.outputs.registry }}/ufabc-next-backend:${{ github.sha }} From 41b8ec62c7993ad0851a58f4eb31d503168f8ce8 Mon Sep 17 00:00:00 2001 From: Joabesv Date: Sun, 8 Oct 2023 23:45:03 -0300 Subject: [PATCH 17/20] only run the image pull --- .github/workflows/cd.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 9934f415..5907fe7c 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -1,4 +1,4 @@ -name: Deploy +name: CD on: push: @@ -47,4 +47,4 @@ jobs: key: ${{ secrets.SECRET_SSH_KEY }} script: | docker pull ${{ secrets.AWS_ACCOUNT_ID }}.${{ steps.login-ecr.outputs.registry }}/ufabc-next-backend:${{ github.sha }} - docker run -d --name ufabc-next-backend -p ${{ secrets.PORT }}:${{ secrets.PORT }} ${{ secrets.AWS_ACCOUNT_ID }}.${{ steps.login-ecr.outputs.registry }}/ufabc-next-backend:${{ github.sha }} + # docker run -d --name ufabc-next-backend -p ${{ secrets.PORT }}:${{ secrets.PORT }} ${{ secrets.AWS_ACCOUNT_ID }}.${{ steps.login-ecr.outputs.registry }}/ufabc-next-backend:${{ github.sha }} From 502111ab94544bc7d4f355b39aaf7b3185bdbd48 Mon Sep 17 00:00:00 2001 From: Joabesv Date: Sun, 8 Oct 2023 23:48:23 -0300 Subject: [PATCH 18/20] fix the registry pull --- .github/workflows/cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 5907fe7c..ea6fe9ab 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -46,5 +46,5 @@ jobs: username: ${{ secrets.USERNAME }} key: ${{ secrets.SECRET_SSH_KEY }} script: | - docker pull ${{ secrets.AWS_ACCOUNT_ID }}.${{ steps.login-ecr.outputs.registry }}/ufabc-next-backend:${{ github.sha }} + docker pull ${{ secrets.AWS_ACCOUNT_ID }}.${{ secrets.ECR_REGISTRY }}/ufabc-next-backend:${{ github.sha }} # docker run -d --name ufabc-next-backend -p ${{ secrets.PORT }}:${{ secrets.PORT }} ${{ secrets.AWS_ACCOUNT_ID }}.${{ steps.login-ecr.outputs.registry }}/ufabc-next-backend:${{ github.sha }} From 6b8f2625516c286b2e942c6abf3e119b8d58fbfd Mon Sep 17 00:00:00 2001 From: Joabesv Date: Sun, 8 Oct 2023 23:52:14 -0300 Subject: [PATCH 19/20] it will finally work --- .github/workflows/cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index ea6fe9ab..89dd93f4 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -47,4 +47,4 @@ jobs: key: ${{ secrets.SECRET_SSH_KEY }} script: | docker pull ${{ secrets.AWS_ACCOUNT_ID }}.${{ secrets.ECR_REGISTRY }}/ufabc-next-backend:${{ github.sha }} - # docker run -d --name ufabc-next-backend -p ${{ secrets.PORT }}:${{ secrets.PORT }} ${{ secrets.AWS_ACCOUNT_ID }}.${{ steps.login-ecr.outputs.registry }}/ufabc-next-backend:${{ github.sha }} + docker run -d --name ufabc-next-backend -p ${{ secrets.PORT }}:${{ secrets.PORT }} ${{ secrets.AWS_ACCOUNT_ID }}.${{ secrets.ECR_REGISTRY }}/ufabc-next-backend:${{ github.sha }} From dbe3dec7620778033197944e78862b62a1664684 Mon Sep 17 00:00:00 2001 From: Joabesv Date: Sun, 8 Oct 2023 23:57:30 -0300 Subject: [PATCH 20/20] only run on main --- .github/workflows/cd.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 89dd93f4..77eff8e7 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -4,9 +4,6 @@ on: push: branches: - main - pull_request: - # keep only for debugging - types: [opened, synchronize] workflow_dispatch: jobs: