Merge pull request #142 from Kerosene-Labs/BIL-6-update-fixed #130
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Develop | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| ### | |
| ### BUILD DISTRIBUTABLE(S) | |
| ### | |
| build_backend: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| actions: read | |
| security-events: write | |
| defaults: | |
| run: | |
| working-directory: ./backend | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: "21" | |
| distribution: "corretto" | |
| server-id: github | |
| settings-path: ${{ github.workspace }} | |
| cache: "maven" | |
| - name: Cache Maven dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| - name: Build with Maven | |
| run: ./mvnw -B package --file pom.xml -Dproject.version=${{ github.sha }} | |
| - name: Upload Artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: backend | |
| path: | | |
| target/billtracker-backend-${{ github.sha }}.jar | |
| build_frontend: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| actions: read | |
| security-events: write | |
| defaults: | |
| run: | |
| working-directory: ./frontend | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Cache npm dependencies | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.npm | |
| key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }} | |
| restore-keys: | | |
| ${{ runner.os }}-node- | |
| - name: Navigate and Install Dependencies | |
| run: npm i | |
| - name: Build Distributable | |
| run: npm run build -- --mode develop | |
| - name: Upload Artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: frontend | |
| path: build | |
| ### | |
| ### PUBLISH PACKAGES | |
| ### | |
| publish_backend_oci_image: | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build_backend | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: backend | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.ACCESS_TOKEN }} | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: true | |
| tags: ghcr.io/kerosene-labs/billtracker-backend:${{ github.sha }} | |
| build-args: PROJECT_VERSION=${{ github.sha }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| ### | |
| ### DEPLOYMENT | |
| ### | |
| deploy: | |
| needs: | |
| - publish_backend_oci_image | |
| - build_frontend | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: develop | |
| steps: | |
| - name: Write Keys | |
| run: mkdir -p ~/.ssh && echo "${{secrets.BASTION_PRIVATE_KEY}}" >> ~/.ssh/bastion && echo "${{secrets.DEPLOYMENT_PRIVATE_KEY}}" >> ~/.ssh/deployment | |
| - name: Set Key Permissions | |
| run: chmod 600 ~/.ssh/bastion && chmod 600 ~/.ssh/deployment | |
| - name: Start ssh-agent and add keys | |
| run: | | |
| eval "$(ssh-agent -s)" | |
| ssh-add ~/.ssh/bastion | |
| ssh-add ~/.ssh/deployment | |
| echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >> $GITHUB_ENV | |
| echo "SSH_AGENT_PID=$SSH_AGENT_PID" >> $GITHUB_ENV | |
| - uses: actions/download-artifact@v4 | |
| name: Download Frontend Artifact | |
| with: | |
| name: frontend | |
| - name: Acknowledge Host Key on Bastion | |
| run: ssh -T -i ~/.ssh/bastion -o "StrictHostKeyChecking no" -p 2222 ${{secrets.BASTION_SSH_USER}}@${{secrets.BASTION_HOST}} | |
| - name: Update Frontend | |
| run: scp -o "StrictHostKeyChecking no" -A -r -J ${{secrets.BASTION_SSH_USER}}@${{secrets.BASTION_HOST}}:2222 $PWD/* ${{secrets.DEPLOYMENT_SSH_USER}}@${{secrets.DEPLOYMENT_HOST}}:/home/infra/billtracker/frontend_content | |
| - name: Update Backend | |
| run: ssh -o "StrictHostKeyChecking no" -A -J ${{secrets.BASTION_SSH_USER}}@${{secrets.BASTION_HOST}}:2222 ${{secrets.DEPLOYMENT_SSH_USER}}@${{secrets.DEPLOYMENT_HOST}} "bash -c \"cd billtracker && echo "export BILLTRACKER_VERSION=${{ github.sha }}" >> version.env && source version.env && docker compose pull backend && docker compose up -d backend\"" |