-
Notifications
You must be signed in to change notification settings - Fork 9
101 lines (87 loc) · 3.07 KB
/
deploy-staging.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
name: Deploy (Staging)
on:
workflow_dispatch:
push:
branches:
- "devops-fix"
jobs:
build_and_push:
name: Build and Push Image to Dockerhub
runs-on: ubuntu-latest
steps:
- name: Check out the repository
uses: actions/checkout@v4
- name: Log in to Dockerhub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
# - name: Extract metadata (tags, labels) for Docker
# id: meta
# uses: docker/metadata-action@9ec57ed1fcdbf14dcef7dfbe97b2010124a938b7
# with:
# images: my-docker-hub-namespace/my-docker-hub-repository
- name: Build and push Image
id: push
uses: docker/build-push-action@v4
with:
context: .
file: ./Dockerfile
push: true
tags: ristekoss/susunjadwal-backend:staging
deploy_service:
name: Load Secrets and Deploy Service
needs: build_and_push
runs-on: ubuntu-latest
steps:
- name: Checkout sources
id: checkout-sources
uses: actions/checkout@v4
- name: Setup Python
id: setup-python
uses: actions/setup-python@v5
with:
python-version: 3.11.3
- name: Install Python Dependencies
id: install-py-dependencies
run: |
python -m pip install --upgrade pip
pip install -r deploy-stg/requirements.txt
- name: Setup Infisical
id: setup-infisical
run: |
curl -1sLf \
'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' \
| sudo -E bash
sudo apt-get update && sudo apt-get install -y infisical
- name: Get Infisical Token
id: get-infisical-token
run: |
INFISICAL_TOKEN=$(infisical login --method universal-auth --client-id ${{ secrets.INFISICAL_CLIENT_ID }} --client-secret ${{ secrets.INFISICAL_CLIENT_SECRET }} --silent --plain)
echo "infisical-token=$INFISICAL_TOKEN" >> "$GITHUB_OUTPUT"
- name: Load Infisical Secrets
id: load-infisical-secrets
run: python3 ./deploy-stg/infisical.py
env:
INFISICAL_TOKEN: ${{ steps.get-infisical-token.outputs.infisical-token }}
SSH_TIMEOUT: 20
- name: SSH and Prepare Working Directory
id: ssh-prep-directory
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.SSH_IP_ADDRESS }}
username: ${{ secrets.SSH_USER }}
key: ${{ secrets.SSH_KEY_OVERRIDE }}
port: ${{ secrets.SSH_PORT }}
script: |
mkdir -pv susunjadwal/susunjadwal-backend-stg
- name: RSync Files to Server
id: rsync-to-server
uses: burnett01/[email protected]
with:
switches: -avzr --progress
path: deploy-stg/
remote_path: susunjadwal/susunjadwal-backend-stg
remote_host: ${{ secrets.SSH_IP_ADDRESS }}
remote_user: ${{ secrets.SSH_USER }}
remote_key: ${{ secrets.SSH_KEY_OVERRIDE }}