fix Update and Deploy.yml #83
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Blogify to EC2 | |
| on: | |
| push: | |
| branches: [ main ] | |
| env: | |
| AWS_REGION: ${{ secrets.AWS_REGION }} | |
| ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} | |
| EC2_HOST: ${{ secrets.EC2_HOST }} | |
| EC2_USER: ${{ secrets.EC2_USER }} | |
| jobs: | |
| build-and-deploy: | |
| runs-on: ubuntu-latest | |
| environment: Blogapp | |
| steps: | |
| - name: Checkout latest code | |
| uses: actions/checkout@v2 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Prune previous images | |
| run: | | |
| retain=2 | |
| repo=${{ secrets.ECR_REPOSITORY }} | |
| images=$(aws ecr describe-images --repository-name $repo --query 'imageDetails[*].{imagePushedAt:imagePushedAt,imageDigest:imageDigest}' --output json | jq -r 'sort_by(.imagePushedAt) | reverse | .['${retain}':] | .[].imageDigest') | |
| if [ -n "$images" ]; then | |
| echo "Deleting old images: $images" | |
| for digest in $images; do | |
| aws ecr batch-delete-image --repository-name $repo --image-ids imageDigest=$digest | |
| done | |
| else | |
| echo "No images to prune." | |
| fi | |
| - name: Build, tag, and push images to Amazon ECR | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| VITE_API_BACKEND_URL: ${{ secrets.VITE_API_BACKEND_URL }} | |
| VITE_GOOGLE_CLIENT_ID: ${{ secrets.VITE_GOOGLE_CLIENT_ID }} | |
| GITHUB_SHA: ${{ github.sha }} | |
| run: | | |
| # Build and push API image | |
| docker build --no-cache -t $ECR_REGISTRY/$ECR_REPOSITORY:api-${GITHUB_SHA} ./api | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:api-${GITHUB_SHA} | |
| # Build and push Client image | |
| docker build --no-cache -t $ECR_REGISTRY/$ECR_REPOSITORY:client-${GITHUB_SHA} \ | |
| --build-arg VITE_API_BACKEND_URL=$VITE_API_BACKEND_URL \ | |
| --build-arg VITE_GOOGLE_CLIENT_ID=$VITE_GOOGLE_CLIENT_ID \ | |
| ./client | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:client-${GITHUB_SHA} | |
| - name: Update docker-compose.yml | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| VITE_API_BACKEND_URL: ${{ secrets.VITE_API_BACKEND_URL }} | |
| GITHUB_SHA: ${{ github.sha }} | |
| run: | | |
| cat > docker-compose.yml <<EOL | |
| version: '3.8' | |
| services: | |
| client: | |
| image: ${ECR_REGISTRY}/${ECR_REPOSITORY}:client-${GITHUB_SHA} | |
| ports: | |
| - "5173:80" | |
| depends_on: | |
| - api | |
| environment: | |
| - VITE_API_BACKEND_URL=\${VITE_API_BACKEND_URL} | |
| - VITE_GOOGLE_CLIENT_ID=\${VITE_GOOGLE_CLIENT_ID} | |
| env_file: | |
| - .env | |
| api: | |
| image: ${ECR_REGISTRY}/${ECR_REPOSITORY}:api-${GITHUB_SHA} | |
| ports: | |
| - "4000:4000" | |
| env_file: | |
| - .env | |
| nginx: | |
| image: nginx:alpine | |
| ports: | |
| - "80:80" | |
| - "443:443" | |
| volumes: | |
| - ./nginx.conf:/etc/nginx/nginx.conf:ro | |
| - ./ssl:/etc/nginx/ssl:ro | |
| depends_on: | |
| - client | |
| - api | |
| EOL | |
| echo "Updated docker-compose.yml:" | |
| cat docker-compose.yml | |
| - name: Deploy to EC2 | |
| env: | |
| PRIVATE_KEY: ${{ secrets.EC2_SSH_PRIVATE_KEY }} | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| run: | | |
| echo "$PRIVATE_KEY" > private_key && chmod 600 private_key | |
| scp -i private_key -o StrictHostKeyChecking=no docker-compose.yml $EC2_USER@$EC2_HOST:~/ | |
| scp -i private_key -o StrictHostKeyChecking=no nginx.conf $EC2_USER@$EC2_HOST:~/ | |
| ssh -i private_key -o StrictHostKeyChecking=no $EC2_USER@$EC2_HOST " | |
| aws ecr get-login-password --region ${{ env.AWS_REGION }} | docker login --username AWS --password-stdin $ECR_REGISTRY | |
| docker compose pull | |
| docker compose up -d | |
| docker system prune -af | |
| " | |
| - name: Cleanup | |
| if: always() | |
| run: rm -f private_key |