-
Notifications
You must be signed in to change notification settings - Fork 0
150 lines (128 loc) · 4.43 KB
/
production.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
name: Production
on:
release:
types:
- created
jobs:
###
### BUILD DISTRIBUTABLE(S)
###
build_backend:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
actions: read
security-events: write
steps:
- uses: actions/checkout@v4
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'corretto'
server-id: github
settings-path: ${{ github.workspace }}
cache: 'maven'
- name: Cache Maven dependencies
uses: actions/cache@v3
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Build with Maven
run: ./mvnw -B package --file pom.xml -Dproject.version=${{ github.ref_name }}
- name: Upload Artifact
uses: actions/upload-artifact@v4
with:
name: backend
path: |
target/billtracker-backend-${{ github.ref_name }}.jar
build_frontend:
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
actions: read
security-events: write
steps:
- uses: actions/checkout@v4
- name: Cache npm dependencies
uses: actions/cache@v3
with:
path: ~/.npm
key: ${{ runner.os }}-node-${{ hashFiles('**/package-lock.json') }}
restore-keys: |
${{ runner.os }}-node-
- name: Navigate and Install Dependencies
run: cd src/main/svelte && npm i
- name: Build Distributable
run: bash -c "cd src/main/svelte && npm run build -- --mode production"
- name: Upload Artifact
uses: actions/upload-artifact@v4
with:
name: frontend
path: |
src/main/svelte/build
###
### PUBLISH PACKAGES
###
publish_backend_oci_image:
runs-on: ubuntu-latest
needs:
- build_backend
steps:
- uses: actions/checkout@v4
- uses: actions/download-artifact@v4
with:
name: backend
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.ACCESS_TOKEN }}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
context: .
push: true
tags: ghcr.io/kerosene-labs/billtracker-backend:${{ github.ref_name }}
build-args: PROJECT_VERSION=${{ github.ref_name }}
cache-from: type=gha
cache-to: type=gha,mode=max
###
### DEPLOYMENT
###
deploy:
needs:
- publish_backend_oci_image
- build_frontend
runs-on: ubuntu-latest
environment:
name: production
steps:
- name: Write Keys
run: mkdir -p ~/.ssh && echo "${{secrets.BASTION_PRIVATE_KEY}}" >> ~/.ssh/bastion && echo "${{secrets.DEPLOYMENT_PRIVATE_KEY}}" >> ~/.ssh/deployment
- name: Set Key Permissions
run: chmod 600 ~/.ssh/bastion && chmod 600 ~/.ssh/deployment
- name: Start ssh-agent and add keys
run: |
eval "$(ssh-agent -s)"
ssh-add ~/.ssh/bastion
ssh-add ~/.ssh/deployment
echo "SSH_AUTH_SOCK=$SSH_AUTH_SOCK" >> $GITHUB_ENV
echo "SSH_AGENT_PID=$SSH_AGENT_PID" >> $GITHUB_ENV
- uses: actions/download-artifact@v4
name: Download Frontend Artifact
with:
name: frontend
- name: Acknowledge Host Key on Bastion
run: ssh -T -i ~/.ssh/bastion -o "StrictHostKeyChecking no" -p 2222 ${{secrets.BASTION_SSH_USER}}@${{secrets.BASTION_HOST}}
- name: Update Frontend
run: scp -o "StrictHostKeyChecking no" -A -r -J ${{secrets.BASTION_SSH_USER}}@${{secrets.BASTION_HOST}}:2222 $PWD/* ${{secrets.DEPLOYMENT_SSH_USER}}@${{secrets.DEPLOYMENT_HOST}}:/home/infra/billtracker/frontend_content
- name: Update Backend
run: ssh -o "StrictHostKeyChecking no" -A -J ${{secrets.BASTION_SSH_USER}}@${{secrets.BASTION_HOST}}:2222 ${{secrets.DEPLOYMENT_SSH_USER}}@${{secrets.DEPLOYMENT_HOST}} "bash -c \"cd billtracker && echo "export BILLTRACKER_VERSION=${{ github.ref_name }}" >> version.env && source version.env && docker compose pull backend && docker compose up -d backend\""