feature: implement half of service deployment workflow

ristekoss · Jun 17, 2024 · b290b07 · b290b07
1 parent 4661bf7
commit b290b07
Show file tree

Hide file tree

Showing 4 changed files with 107 additions and 32 deletions.
diff --git a/.github/workflows/deploy-staging.yaml b/.github/workflows/deploy-staging.yaml
@@ -33,41 +33,62 @@ jobs:
           context: .
           file: ./Dockerfile
           push: true
-          tags: ristekoss/susunjadwal-backend
-          labels: staging
+          tags: ristekoss/susunjadwal-backend:staging
 
-  # deploy_service:
-  #   name: Deploy Service
-  #   runs-on: ubuntu-22.04
-  #   steps:
-  #     - name: Checkout sources
-  #       uses: actions/checkout@v4
+  deploy_service:
+    needs: build_and_push
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout sources
+        uses: actions/checkout@v4
+
+      - name: Setup Python
+        uses: actions/setup-python@v5
+        with:
+          python-version: 3.11.3
 
-  #     - name: Setup Python
-  #       uses: actions/setup-python@v5
-  #       with:
-  #         python-version: 3.11.3
+      - name: Install dependencies
+        run: |
+          python -m pip install --upgrade pip
+          pip install -r requirements.txt
 
-  #     - name: Install dependencies
-  #       run: |
-  #         python -m pip install --upgrade pip
-  #         pip install -r requirements.txt
+      - name: Setup Infisical
+        run: |
+          curl -1sLf \
+            'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' \
+            | sudo -E bash
+          sudo apt-get update && sudo apt-get install -y infisical
 
-  #     - name: Setup Infisical
-  #       run: |
-  #         curl -1sLf \
-  #           'https://dl.cloudsmith.io/public/infisical/infisical-cli/setup.deb.sh' \
-  #           | sudo -E bash
-  #         sudo apt-get update && sudo apt-get install -y infisical
+      - name: Get Infisical Token
+        id: get-infisical-token
+        run: |
+          INFISICAL_TOKEN=$(infisical login --method universal-auth --client-id ${{ secrets.INFISICAL_CLIENT_ID }} --client-secret ${{ secrets.INFISICAL_CLIENT_SECRET }} --silent --plain)
+          echo "infisical-token=$INFISICAL_TOKEN" >> "$GITHUB_OUTPUT"
 
-  #     - name: Get Infisical Token
-  #       id: get-infisical-token
-  #       run: |
-  #         INFISICAL_TOKEN=$(infisical login --method universal-auth --client-id ${{ secrets.INFISICAL_CLIENT_ID }} --client-secret ${{ secrets.INFISICAL_CLIENT_SECRET }} --silent --plain)
-  #         echo "infisical-token=$INFISICAL_TOKEN" >> "$GITHUB_OUTPUT"
+      - name: Load Infisical Secrets
+        run: python3 ./deploy-stg/new_setup.py
+        env:
+          INFISICAL_TOKEN: ${{ steps.get-infisical-token.outputs.infisical-token }}
+          SSH_TIMEOUT: 20
+
+      - name: SSH and Prepare Working Directory
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.SSH_IP_ADDRESS }}
+          username: ${{ secrets.SSH_USER }}
+          key: ${{ secrets.SSH_KEY}}
+          port: ${{ secrets.SSH_PORT }}
+          script: |
+            ls -al
+            mkdir -pv susunjadwal/susunjadwal-backend-stg
+
+      - name: RSync Files to Server
+        uses: burnett01/[email protected]
+        with:
+          switches: -avzr --progress
+          path: deploy-stg/
+          remote_path: susunjadwal/susunjadwal-backend-stg
+          remote_host: ${{ secrets.SSH_IP_ADDRESS }}
+          remote_user: ${{ secrets.SSH_USER }}
+          remote_key: ${{ secrets.SSH_KEY }}
 
-  #     - name: Execute Setup
-  #       run: python3 ./deploy/setup.py susunjadwal-backend-stg
-  #       env:
-  #         INFISICAL_TOKEN: ${{ steps.get-infisical-token.outputs.infisical-token }}
-  #         SSH_TIMEOUT: 30
diff --git a/deploy-stg/docker-compose.yml b/deploy-stg/docker-compose.yml
@@ -0,0 +1,50 @@
+version: "3.9"
+
+services:
+  susunjadwal-rmq-stg:
+    restart: unless-stopped
+    image: rabbitmq:management-alpine
+    ports:
+      - "15671-15672:15671-15672"
+
+  susunjadwal-mongo-stg:
+    image: mongo:7
+    restart: unless-stopped
+    environment:
+      MONGO_INITDB_ROOT_USERNAME: ${MONGODB_USERNAME}
+      MONGO_INITDB_ROOT_PASSWORD: ${MONGODB_PASSWORD}
+      MONGO_INITDB_USERNAME: ${MONGODB_USERNAME}
+      MONGO_INITDB_PASSWORD: ${MONGODB_PASSWORD}
+      MONGO_INITDB_DATABASE: ${MONGODB_DB}
+    volumes:
+      - susunjadwal-mongo-stg:/data/db
+    ports:
+      - 27017:27017
+    networks:
+      - public-web
+
+  susunjadwal-backend-stg:
+    image: 638207107223.dkr.ecr.ap-southeast-1.amazonaws.com/susunjadwal-backend:latest
+    container_name: "${APP_NAME}_app"
+    labels:
+      caddy: stg.api.susunjadwal.ristek.cs.ui.ac.id
+      caddy.handle: /v1/*
+      caddy.handle.reverse_proxy: "{{upstreams 8005}}"
+    restart: unless-stopped
+    env_file:
+      - .env
+    ports:
+      - 8005:8000
+    networks:
+      - public-web
+    depends_on:
+      - susunjadwal-mongo-stg
+      - susunjadwal-rmq-stg
+
+networks:
+  public-web:
+    external: true
+
+volumes:
+  susunjadwal-mongo-stg:
+    external: true
diff --git a/deploy-stg/infisical.yml b/deploy-stg/infisical.yml
@@ -0,0 +1,4 @@
+infisical:
+  project_id: d49b238f-40b9-46fb-9863-21f79ce751fb
+  env: staging
+  path: /projects/susunjadwal/susunjadwal-backend
diff --git a/deploy-stg/new_setup.py b/deploy-stg/new_setup.py