update network #278
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD | |
| on: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| IMAGE: ${{ secrets.DOCKER_USERNAME }}/pecuny:latest | |
| jobs: | |
| ci: | |
| secrets: inherit | |
| uses: ./.github/workflows/ci.yml | |
| build-and-publish: | |
| needs: [ci] | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4.1.1 | |
| - name: build docker image | |
| run: docker build --tag=${{ env.IMAGE }} . | |
| - name: login to container registry | |
| uses: docker/login-action@v3.0.0 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_TOKEN }} | |
| - name: publish docker image | |
| run: docker push ${{ env.IMAGE }} | |
| deploy: | |
| needs: [build-and-publish] | |
| runs-on: ubuntu-22.04 | |
| env: | |
| SSH_HOST: webserver | |
| CONTAINER: pecuny | |
| SSH_CMD: ssh -o "StrictHostKeyChecking=no" | |
| steps: | |
| - uses: actions/checkout@v4.1.1 | |
| - name: create ssh dir | |
| run: mkdir --parents ~/.ssh | |
| - name: create ssh key | |
| run: | | |
| set -e | |
| echo '${{ secrets.SSH_KEY }}' > ~/.ssh/id_rsa | |
| chmod 600 ~/.ssh/id_rsa | |
| - name: config ssh | |
| run: echo -e 'Host ${{ env.SSH_HOST }}\n HostName ${{ vars.HOSTNAME }}\n Port 22\n User root\n IdentityFile ~/.ssh/id_rsa' > ~/.ssh/config | |
| - name: copy docker-compose files | |
| run: scp -o "StrictHostKeyChecking=no" docker-compose.prod.yml ${{ env.SSH_HOST }}:docker-compose.yml | |
| - name: create .env file | |
| run: | | |
| set -e | |
| echo 'ENVIRONMENT=${{ vars.ENVIRONMENT }}' > .env | |
| echo 'DOMAIN=${{ vars.DOMAIN }}' >> .env | |
| echo 'REFRESH_TOKEN_EXPIRE_MINUTES=${{ vars.REFRESH_TOKEN_EXPIRE_MINUTES }}' >> .env | |
| echo 'VERIFY_TOKEN_SECRET_KEY=${{ secrets.VERIFY_TOKEN_SECRET_KEY }}' >> .env | |
| echo 'ACCESS_TOKEN_SECRET_KEY=${{ secrets.ACCESS_TOKEN_SECRET_KEY }}' >> .env | |
| echo 'REFRESH_TOKEN_SECRET_KEY=${{ secrets.REFRESH_TOKEN_SECRET_KEY }}' >> .env | |
| echo 'ALGORITHM=HS256' >> .env | |
| echo 'CSRF_SECRET=${{ secrets.CSRF_SECRET }}' >> .env | |
| echo 'SESSION_SECRET_KEY=${{ secrets.SESSION_SECRET_KEY }}' >> .env | |
| echo 'ACCESS_TOKEN_EXPIRE_MINUTES=${{ vars.ACCESS_TOKEN_EXPIRE_MINUTES }}' >> .env | |
| echo 'DB_NAME=${{ secrets.DB_NAME }}' >> .env | |
| echo 'DB_PASSWORD=${{ secrets.DB_PASSWORD }}' >> .env | |
| echo 'DB_HOST=${{ secrets.DB_HOST }}' >> .env | |
| echo 'DB_PORT=${{ secrets.DB_PORT }}' >> .env | |
| echo 'DB_USER=${{ secrets.DB_USER }}' >> .env | |
| echo 'MAIL_USERNAME=${{ secrets.MAIL_USERNAME }}' >> .env | |
| echo 'MAIL_FROM=${{ secrets.MAIL_FROM }}' >> .env | |
| echo 'MAIL_SERVER=${{ secrets.MAIL_SERVER }}' >> .env | |
| echo 'MAIL_PORT=${{ secrets.MAIL_PORT }}' >> .env | |
| echo 'MAIL_PASSWORD=${{ secrets.MAIL_PASSWORD }}' >> .env | |
| echo 'REDIS_PORT=6379' >> .env | |
| echo 'CELERY_BROKER_URL=redis://redis:6379/0' >> .env | |
| echo 'CELERY_RESULT_BACKEND=redis://redis:6379/0' >> .env | |
| - name: copy .env file | |
| run: scp -o "StrictHostKeyChecking=no" .env ${{ env.SSH_HOST }}:.env.prod | |
| - name: deploy pecuny | |
| run: | | |
| ${{ env.SSH_CMD }} ${{ env.SSH_HOST }} docker compose pull | |
| ${{ env.SSH_CMD }} ${{ env.SSH_HOST }} docker compose down | |
| ${{ env.SSH_CMD }} ${{ env.SSH_HOST }} docker compose up -d --build --no-deps | |
| - name: upgrade database | |
| run: ${{ env.SSH_CMD }} ${{ env.SSH_HOST }} docker compose exec ${{ env.CONTAINER }} alembic upgrade head |