-
Notifications
You must be signed in to change notification settings - Fork 7
176 lines (151 loc) · 7.27 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
name: Build and Push Docker Images
on:
workflow_dispatch:
push:
branches:
- main # or your default branch
env:
REGISTRY: ghcr.io
IMAGE_NAME: ${{ github.repository }}
SERVICES_TO_PUSH: remix
ROOT_DIRECTORY: /opt
jobs:
build-and-push:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- name: Checkout repository
uses: actions/checkout@v2
- name: Set up Python
uses: actions/setup-python@v2
with:
python-version: "3.x"
- name: Install dependencies
run: |
python -m pip install --upgrade pip
pip install pyyaml
- name: Log in to the Container registry
uses: docker/login-action@v1
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Parse docker-compose file and build/push images
run: |
import yaml
import os
def parse_docker_compose():
with open('docker-compose.yml', 'r') as file:
return yaml.safe_load(file)
def build_and_push_image(service, config):
context = config.get('build', {}).get('context', '.')
dockerfile = config.get('build', {}).get('dockerfile', 'Dockerfile')
if not os.path.isabs(dockerfile):
dockerfile = os.path.join(context, dockerfile)
print(f"Processing service: {service}")
print(f"Context for {service}: {context}")
print(f"Dockerfile for {service}: {dockerfile}")
registry = os.environ['REGISTRY']
image_name = os.environ['IMAGE_NAME'].lower()
build_cmd = f"docker build -t {registry}/{image_name}/{service}:latest -f {dockerfile} {context}"
push_cmd = f"docker push {registry}/{image_name}/{service}:latest"
print(f"Building image for {service}...")
os.system(build_cmd)
print(f"Pushing image for {service}...")
os.system(push_cmd)
print(f"Completed processing for {service}")
print(f"Image pushed to: {registry}/{image_name}/{service}:latest")
print("-----------------------------------")
docker_compose = parse_docker_compose()
services_to_push = os.environ['SERVICES_TO_PUSH'].split(',')
for service in services_to_push:
if service in docker_compose['services']:
build_and_push_image(service, docker_compose['services'][service])
else:
print(f"Warning: Service {service} not found in docker-compose.yml")
print("\nSummary of pushed images:")
for service in services_to_push:
if service in docker_compose['services']:
print(f"ghcr.io/{os.environ['IMAGE_NAME']}/{service}:latest")
shell: python
- name: Create .env file for host
run: |
echo "ENVIRONMENT=PRODUCTION" >> .env
echo "NODE_ENV=production" >> .env
echo "USE_SSL=true" >> .env
echo "WEB_DOMAIN=${{ secrets.PUBLIC_DOMAIN }}" >> .env
echo "PUBLIC_URL=https://${{ secrets.PUBLIC_DOMAIN }}" >> .env
echo "TRAEFIK_DASHBOARD_DOMAIN=traefik.sill.social" >> .env
echo "ACME_EMAIL=${{ secrets.ACME_EMAIL }}" >> .env
echo "DATABASE_URL=${{ secrets.DATABASE_URL }}" >> .env
echo "DOZZLE_DOMAIN=${{ secrets.DOZZLE_DOMAIN }}" >> .env
echo "HONEYPOT_SECRET=${{ secrets.HONEYPOT_SECRET }}" >> .env
echo "MAILGUN_API_KEY=${{ secrets.MAILGUN_API_KEY }}" >> .env
echo "MASTODON_REDIRECT_URI=${{ secrets.MASTODON_REDIRECT_URI }}" >> .env
echo "POSTGRES_DB=${{ secrets.POSTGRES_DB }}" >> .env
echo "POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}" >> .env
echo "POSTGRES_USER=${{ secrets.POSTGRES_USER }}" >> .env
echo "PRIVATE_KEY_ES256_B64=${{ secrets.PRIVATE_KEY_ES256_B64 }}" >> .env
echo "RESEND_API_KEY=${{ secrets.RESEND_API_KEY }}" >> .env
echo "SESSION_SECRET=${{ secrets.SESSION_SECRET }}" >> .env
echo "TRAEFIK_DASHBOARD_AUTH=${{ secrets.TRAEFIK_DASHBOARD_AUTH }}" >> .env
echo "CRON_API_KEY=${{ secrets.CRON_API_KEY }}" >> .env
echo "UPDATE_BATCH_SIZE=${{ secrets.UPDATE_BATCH_SIZE }}" >> .env
- name: Copy .env and docker-compose-prod files to remote server
uses: appleboy/scp-action@master
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USER }}
key: ${{ secrets.SSH_KEY }}
source: ".env,docker-compose-deploy.yml"
target: "/tmp"
# - name: Create dozzle/data directory and copy user.yml
# uses: appleboy/[email protected]
# with:
# host: ${{ secrets.HOST }}
# username: ${{ secrets.USER }}
# key: ${{ secrets.SSH_KEY }}
# script: |
# sudo mkdir -p ${{ env.ROOT_DIRECTORY }}/dozzle/data
# cat ${{ secrets.DOZZLE_USER_YAML }} > ${{ env.ROOT_DIRECTORY }}/dozzle/data/users.yml
# sudo chown -R ${{ secrets.USER }}:${{ secrets.USER }} ${{ env.ROOT_DIRECTORY }}/dozzle
# sudo chmod 600 ${{ env.ROOT_DIRECTORY }}/dozzle/data/users.yml
- name: Move files to ROOT_DIRECTORY and set permissions
uses: appleboy/[email protected]
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USER }}
key: ${{ secrets.SSH_KEY }}
script: |
sudo mkdir -p /tmp
sudo mv /tmp/.env /tmp/docker-compose-deploy.yml ${{ env.ROOT_DIRECTORY }}/
sudo mv ${{ env.ROOT_DIRECTORY }}/docker-compose-deploy.yml ${{ env.ROOT_DIRECTORY }}/docker-compose.yml
sudo chown ${{ secrets.USER }}:${{ secrets.USER }} ${{ env.ROOT_DIRECTORY }}/.env ${{ env.ROOT_DIRECTORY }}/docker-compose.yml
sudo chmod 600 ${{ env.ROOT_DIRECTORY }}/.env
sudo chmod 644 ${{ env.ROOT_DIRECTORY }}/docker-compose.yml
- name: Deploy with Docker Compose
uses: appleboy/[email protected]
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USER }}
key: ${{ secrets.SSH_KEY }}
script_stop: true
script: |
cd ${{ env.ROOT_DIRECTORY }}
COMPOSE_FILE="docker-compose.yml"
# Authenticate Docker with GitHub Container Registry
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
# Deploy services in SERVICES_TO_PUSH
docker compose -f "$COMPOSE_FILE" pull $(echo ${{ env.SERVICES_TO_PUSH }} | tr ',' ' ')
IFS=',' read -ra SERVICES <<< "${{ env.SERVICES_TO_PUSH }}"
for service in "${SERVICES[@]}"; do
docker rollout -f "$COMPOSE_FILE" "$service"
done
# Remove orphaned Docker containers
docker container prune -f
docker image prune -af
# manually restart worker
docker compose -f "$COMPOSE_FILE" up -d --build worker
echo "🚀 Deployment complete! 🎉 Services are now up and running. 🌟"