for now, only get the most recent hour of list posts, so we can catch up #321
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Push Docker Images | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main # or your default branch | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| SERVICES_TO_PUSH: remix | |
| ROOT_DIRECTORY: /opt | |
| jobs: | |
| build-and-push: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v2 | |
| - name: Set up Python | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: "3.x" | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install pyyaml | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Parse docker-compose file and build/push images | |
| run: | | |
| import yaml | |
| import os | |
| def parse_docker_compose(): | |
| with open('docker-compose.yml', 'r') as file: | |
| return yaml.safe_load(file) | |
| def build_and_push_image(service, config): | |
| context = config.get('build', {}).get('context', '.') | |
| dockerfile = config.get('build', {}).get('dockerfile', 'Dockerfile') | |
| if not os.path.isabs(dockerfile): | |
| dockerfile = os.path.join(context, dockerfile) | |
| print(f"Processing service: {service}") | |
| print(f"Context for {service}: {context}") | |
| print(f"Dockerfile for {service}: {dockerfile}") | |
| registry = os.environ['REGISTRY'] | |
| image_name = os.environ['IMAGE_NAME'].lower() | |
| build_cmd = f"docker build -t {registry}/{image_name}/{service}:latest -f {dockerfile} {context}" | |
| push_cmd = f"docker push {registry}/{image_name}/{service}:latest" | |
| print(f"Building image for {service}...") | |
| os.system(build_cmd) | |
| print(f"Pushing image for {service}...") | |
| os.system(push_cmd) | |
| print(f"Completed processing for {service}") | |
| print(f"Image pushed to: {registry}/{image_name}/{service}:latest") | |
| print("-----------------------------------") | |
| docker_compose = parse_docker_compose() | |
| services_to_push = os.environ['SERVICES_TO_PUSH'].split(',') | |
| for service in services_to_push: | |
| if service in docker_compose['services']: | |
| build_and_push_image(service, docker_compose['services'][service]) | |
| else: | |
| print(f"Warning: Service {service} not found in docker-compose.yml") | |
| print("\nSummary of pushed images:") | |
| for service in services_to_push: | |
| if service in docker_compose['services']: | |
| print(f"ghcr.io/{os.environ['IMAGE_NAME']}/{service}:latest") | |
| shell: python | |
| - name: Create .env file for host | |
| run: | | |
| echo "ENVIRONMENT=PRODUCTION" >> .env | |
| echo "NODE_ENV=production" >> .env | |
| echo "USE_SSL=true" >> .env | |
| echo "WEB_DOMAIN=${{ secrets.PUBLIC_DOMAIN }}" >> .env | |
| echo "PUBLIC_URL=https://${{ secrets.PUBLIC_DOMAIN }}" >> .env | |
| echo "TRAEFIK_DASHBOARD_DOMAIN=traefik.sill.social" >> .env | |
| echo "ACME_EMAIL=${{ secrets.ACME_EMAIL }}" >> .env | |
| echo "DATABASE_URL=${{ secrets.DATABASE_URL }}" >> .env | |
| echo "DOZZLE_DOMAIN=${{ secrets.DOZZLE_DOMAIN }}" >> .env | |
| echo "HONEYPOT_SECRET=${{ secrets.HONEYPOT_SECRET }}" >> .env | |
| echo "MAILGUN_API_KEY=${{ secrets.MAILGUN_API_KEY }}" >> .env | |
| echo "MASTODON_REDIRECT_URI=${{ secrets.MASTODON_REDIRECT_URI }}" >> .env | |
| echo "POSTGRES_DB=${{ secrets.POSTGRES_DB }}" >> .env | |
| echo "POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}" >> .env | |
| echo "POSTGRES_USER=${{ secrets.POSTGRES_USER }}" >> .env | |
| echo "PRIVATE_KEY_ES256_B64=${{ secrets.PRIVATE_KEY_ES256_B64 }}" >> .env | |
| echo "RESEND_API_KEY=${{ secrets.RESEND_API_KEY }}" >> .env | |
| echo "SESSION_SECRET=${{ secrets.SESSION_SECRET }}" >> .env | |
| echo "TRAEFIK_DASHBOARD_AUTH=${{ secrets.TRAEFIK_DASHBOARD_AUTH }}" >> .env | |
| echo "CRON_API_KEY=${{ secrets.CRON_API_KEY }}" >> .env | |
| echo "UPDATE_BATCH_SIZE=${{ secrets.UPDATE_BATCH_SIZE }}" >> .env | |
| - name: Copy .env and docker-compose-prod files to remote server | |
| uses: appleboy/scp-action@master | |
| with: | |
| host: ${{ secrets.HOST }} | |
| username: ${{ secrets.USER }} | |
| key: ${{ secrets.SSH_KEY }} | |
| source: ".env,docker-compose-deploy.yml" | |
| target: "/tmp" | |
| # - name: Create dozzle/data directory and copy user.yml | |
| # uses: appleboy/[email protected] | |
| # with: | |
| # host: ${{ secrets.HOST }} | |
| # username: ${{ secrets.USER }} | |
| # key: ${{ secrets.SSH_KEY }} | |
| # script: | | |
| # sudo mkdir -p ${{ env.ROOT_DIRECTORY }}/dozzle/data | |
| # cat ${{ secrets.DOZZLE_USER_YAML }} > ${{ env.ROOT_DIRECTORY }}/dozzle/data/users.yml | |
| # sudo chown -R ${{ secrets.USER }}:${{ secrets.USER }} ${{ env.ROOT_DIRECTORY }}/dozzle | |
| # sudo chmod 600 ${{ env.ROOT_DIRECTORY }}/dozzle/data/users.yml | |
| - name: Move files to ROOT_DIRECTORY and set permissions | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ secrets.HOST }} | |
| username: ${{ secrets.USER }} | |
| key: ${{ secrets.SSH_KEY }} | |
| script: | | |
| sudo mkdir -p /tmp | |
| sudo mv /tmp/.env /tmp/docker-compose-deploy.yml ${{ env.ROOT_DIRECTORY }}/ | |
| sudo mv ${{ env.ROOT_DIRECTORY }}/docker-compose-deploy.yml ${{ env.ROOT_DIRECTORY }}/docker-compose.yml | |
| sudo chown ${{ secrets.USER }}:${{ secrets.USER }} ${{ env.ROOT_DIRECTORY }}/.env ${{ env.ROOT_DIRECTORY }}/docker-compose.yml | |
| sudo chmod 600 ${{ env.ROOT_DIRECTORY }}/.env | |
| sudo chmod 644 ${{ env.ROOT_DIRECTORY }}/docker-compose.yml | |
| - name: Deploy with Docker Compose | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ secrets.HOST }} | |
| username: ${{ secrets.USER }} | |
| key: ${{ secrets.SSH_KEY }} | |
| script_stop: true | |
| script: | | |
| cd ${{ env.ROOT_DIRECTORY }} | |
| COMPOSE_FILE="docker-compose.yml" | |
| # Authenticate Docker with GitHub Container Registry | |
| echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
| # Deploy services in SERVICES_TO_PUSH | |
| docker compose -f "$COMPOSE_FILE" pull $(echo ${{ env.SERVICES_TO_PUSH }} | tr ',' ' ') | |
| IFS=',' read -ra SERVICES <<< "${{ env.SERVICES_TO_PUSH }}" | |
| for service in "${SERVICES[@]}"; do | |
| docker rollout -f "$COMPOSE_FILE" "$service" | |
| done | |
| # Remove orphaned Docker containers | |
| docker container prune -f | |
| docker image prune -af | |
| echo "🚀 Deployment complete! 🎉 Services are now up and running. 🌟" |