Change duration to be integer (#33) #87
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Deploy to AWS ECR | |
| on: | |
| push: | |
| branches: | |
| - main # Trigger the workflow on pushes to the main branch. | |
| permissions: | |
| id-token: write # This is required for requesting the JWT | |
| contents: read | |
| jobs: | |
| build-and-deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Step 1: Checkout code and submodules | |
| - name: Checkout code and submodules | |
| uses: actions/checkout@v3 | |
| with: | |
| submodules: "true" # Ensure that submodules are checked out. | |
| # Step 3: Set up Make and install dependencies (if needed) | |
| - name: Set up Make | |
| run: | | |
| sudo apt-get update -y | |
| sudo apt-get install -y make | |
| - name: Build Docker image for amd64 using Make | |
| run: | | |
| make build_image | |
| # Step 6: Set up AWS OIDC authentication using GitHub Actions | |
| - name: Authenticate with AWS using OIDC | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE_ARN }} | |
| aws-region: eu-west-2 | |
| role-session-name: GitHubActionsOIDC | |
| # Step 7: Log in to Amazon ECR | |
| - name: Log in to Amazon ECR | |
| run: | | |
| aws ecr get-login-password --region eu-west-2 | docker login --username AWS --password-stdin ${{ secrets.AWS_ECR_URL }} | |
| - name: scp move the docker compose, .env and nginx conf | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "${{ secrets.AWS_EC2_KEY }}" > ~/.ssh/id_rsa | |
| chmod 600 ~/.ssh/id_rsa | |
| ssh-keyscan -H ${{ secrets.AWS_EC2_HOST }} >> ~/.ssh/known_hosts | |
| DOCKER_ENV_FILE="./docker-env" | |
| echo "DB_HOST=${{ secrets.DB_HOST }}" >> $DOCKER_ENV_FILE | |
| echo "DB_PORT=${{ secrets.DB_PORT }}" >> $DOCKER_ENV_FILE | |
| echo "DB_USERNAME=${{ secrets.DB_USERNAME }}" >> $DOCKER_ENV_FILE | |
| echo "DB_PASSWORD=${{ secrets.DB_PASSWORD }}" >> $DOCKER_ENV_FILE | |
| echo "DB_NAME=${{ secrets.DB_NAME }}" >> $DOCKER_ENV_FILE | |
| echo "AWS_ECR_URL=${{ secrets.AWS_ECR_URL }}" >> $DOCKER_ENV_FILE | |
| echo "IMAGE_TAG=${{ github.sha }}" >> $DOCKER_ENV_FILE | |
| echo "BACKEND_URL=${{ secrets.BACKEND_URL }}" >> $DOCKER_ENV_FILE | |
| echo "FRONTEND_URL=${{ secrets.FRONTEND_URL }}" >> $DOCKER_ENV_FILE | |
| echo "MICROSOFT_TENANT_ID=${{ secrets.MICROSOFT_TENANT_ID }}" >> $DOCKER_ENV_FILE | |
| echo "MICROSOFT_CLIENT_ID=${{ secrets.MICROSOFT_CLIENT_ID }}" >> $DOCKER_ENV_FILE | |
| echo "MICROSOFT_CLIENT_SECRET=${{ secrets.MICROSOFT_CLIENT_SECRET }}" >> $DOCKER_ENV_FILE | |
| echo "ACCESS_TOKEN_JWT_SECRET=${{ secrets.ACCESS_TOKEN_JWT_SECRET }}" >> $DOCKER_ENV_FILE | |
| echo "REFRESH_TOKEN_JWT_SECRET=${{ secrets.REFRESH_TOKEN_JWT_SECRET }}" >> $DOCKER_ENV_FILE | |
| echo "NGINX_CONF_PATH=/home/ec2-user/nginx.conf" >> $DOCKER_ENV_FILE | |
| scp -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no $DOCKER_ENV_FILE ec2-user@${{ secrets.AWS_EC2_HOST }}:/home/ec2-user/.env | |
| scp -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no ./shared/docker/compose.prod.yml ec2-user@${{ secrets.AWS_EC2_HOST }}:/home/ec2-user/docker-compose.yml | |
| scp -i ~/.ssh/id_rsa -o StrictHostKeyChecking=no ./shared/nginx/prod.nginx.conf ec2-user@${{ secrets.AWS_EC2_HOST }}:/home/ec2-user/nginx.conf | |
| # Step 8: Tag Docker image and push to ECR | |
| - name: Tag Docker image and push to ECR | |
| run: | | |
| IMAGE_TAG=${{ github.sha }} | |
| docker tag slotify-api:latest ${{ secrets.AWS_ECR_URL }}:$IMAGE_TAG-amd64 | |
| docker push ${{ secrets.AWS_ECR_URL }}:$IMAGE_TAG-amd64 | |
| # Step 9: SSH into EC2 instance and pull the Docker image | |
| - name: SSH into EC2 and pull image from ECR | |
| uses: appleboy/ssh-action@v0.1.5 | |
| with: | |
| host: ${{ secrets.AWS_EC2_HOST }} # EC2 instance public IP or hostname | |
| username: ec2-user | |
| key: ${{ secrets.AWS_EC2_KEY }} # EC2 SSH private key | |
| script: | | |
| # Remove all images | |
| docker rmi $(docker images -q) | |
| # Pull the Docker image from ECR | |
| IMAGE_TAG=${{ github.sha }} | |
| aws ecr get-login-password --region eu-west-2 | docker login --username AWS --password-stdin ${{ secrets.AWS_ECR_URL }} | |
| docker pull ${{ secrets.AWS_ECR_URL }}:$IMAGE_TAG-amd64 | |
| tmux kill-server || true | |
| docker-compose down | |
| # Run the container using Docker Compose | |
| tmux new-session -d "docker-compose up" |