authentication documentation added (#10) #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deployment Workflow | |
| env: | |
| APP_NAME: app-server | |
| IMAGE_NAME: ${{ secrets.DOCKER_REGISTRY }}/app-server | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - development | |
| - 'release-*' | |
| - 'hotfix**' | |
| tags: | |
| - 'dev-*' | |
| jobs: | |
| Setup: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| environment_name: ${{ steps.set_env.outputs.environment }} | |
| steps: | |
| - name: Determine Environment | |
| id: set_env | |
| run: | | |
| if [[ $GITHUB_REF == refs/tags/dev-* ]]; then | |
| echo "::set-output name=environment::dev" | |
| elif [[ $GITHUB_REF == refs/heads/development ]]; then | |
| echo "::set-output name=environment::beta" | |
| elif [[ $GITHUB_REF == refs/heads/release* ]] || [[ $GITHUB_REF == refs/heads/hotfix* ]]; then | |
| echo "::set-output name=environment::uat" | |
| elif [[ $GITHUB_REF == refs/heads/main ]]; then | |
| echo "::set-output name=environment::prod" | |
| else | |
| echo "::set-output name=environment::default" | |
| fi | |
| env: | |
| GITHUB_REF: ${{ github.ref }} | |
| Build: | |
| needs: Setup | |
| environment: | |
| name: ${{ needs.Setup.outputs.environment_name }} | |
| runs-on: self-hosted-staging | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set the IMAGE env variable | |
| run: echo "IMAGE=${{ env.IMAGE_NAME }}:$(echo ${{ github.ref_name }}-${{ github.sha }} | tr '. - /\' '_' )" >> $GITHUB_ENV | |
| - name: Set vault configuration | |
| run: | | |
| sed -i 's|VAULT_HOST|'"${{ vars.VAULT_HOST }}"'|g' ./deployments/config.yml | |
| sed -i 's|VAULT_TOKEN|'"${{ secrets.VAULT_TOKEN }}"'|g' ./deployments/config.yml | |
| sed -i 's|VAULT_BACKEND|'"${{ vars.VAULT_BACKEND }}"'|g' ./deployments/config.yml | |
| - name: Set application's env and app_url to config file | |
| run: | | |
| if [[ "${{github.ref}}" == "refs/tags/dev-"* ]]; then | |
| sed -i 's|APP_URL|'"${{ vars.APP_URL }}/${{github.ref_name}}"'|g' ./deployments/config.yml | |
| sed -i 's|ENVIRONMENT|'"${{ github.ref_name }}"'|g' ./deployments/config.yml | |
| else | |
| sed -i 's|APP_URL|'"${{ vars.APP_URL }}"'|g' ./deployments/config.yml | |
| sed -i 's|ENVIRONMENT|'"${{ needs.Setup.outputs.environment_name }}"'|g' ./deployments/config.yml | |
| fi | |
| - name: Set elastic apm configuration | |
| run: | | |
| sed -i 's|ELASTIC_APM_SERVER_URL|'"${{ secrets.ELASTIC_APM_SERVER_URL }}"'|g' ./src/base/apm.ts | |
| sed -i 's|ELASTIC_APM_ENABLED|'"${{ vars.ELASTIC_APM_ENABLED }}"'|g' ./src/base/apm.ts | |
| if [[ "${{github.ref}}" == "refs/tags/dev-"* ]]; then | |
| sed -i 's|ENVIRONMENT|'"${{ github.ref_name }}"'|g' ./src/base/apm.ts | |
| else | |
| sed -i 's|ENVIRONMENT|'"${{ needs.Setup.outputs.environment_name }}"'|g' ./src/base/apm.ts | |
| fi | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ secrets.DOCKER_REGISTRY }} | |
| username: ${{ secrets.DOCKER_REGISTRY_USERNAME }} | |
| password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} | |
| - name: Build | |
| run: docker build . -t ${{ env.IMAGE }} | |
| - name: Docker push | |
| run: docker push ${{ env.IMAGE }} | |
| Deploy-Dev: | |
| needs: Build | |
| runs-on: self-hosted-staging | |
| environment: dev | |
| if: startsWith(github.ref, 'refs/tags/dev-') | |
| env: | |
| RUNNER_WORKING_DIR: /opt/back-end/dev/ | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set the IMAGE env variable | |
| run: echo "IMAGE=${{ env.IMAGE_NAME }}:$(echo ${{ github.ref_name }}-${{ github.sha }} | tr '. - /\' '_' )" >> $GITHUB_ENV | |
| - name: Set the APP_STACK_NAME environment variable | |
| run: echo "APP_STACK_NAME=$(echo ${{env.APP_NAME}}-${{github.ref_name}} | tr . - | cut -d/ -f2 )" >> $GITHUB_ENV | |
| - name: Set the COMPOSE_FILE_NAME_PATH environment variable | |
| run: echo "COMPOSE_FILE_NAME_PATH=${{ env.RUNNER_WORKING_DIR }}${{ github.ref_name }}/docker-compose-dev.yml" >> $GITHUB_ENV | |
| - name: Create SubDirectory | |
| run: mkdir -p ${{ env.RUNNER_WORKING_DIR }}${{ github.ref_name }}/ | |
| - name: Copy Docker Compose file | |
| run: | | |
| cp .deploy/docker-compose-dev.yml ${{ env.RUNNER_WORKING_DIR }}${{ github.ref_name }}/ | |
| cp ${{ env.RUNNER_WORKING_DIR }}.env ${{ env.RUNNER_WORKING_DIR }}${{ github.ref_name }}/ | |
| - name: Replace PlaceHolders | |
| run: | | |
| sed -i 's|__IMAGE__|'"${{ env.IMAGE }}"'|g' ${{env.COMPOSE_FILE_NAME_PATH}} | |
| sed -i 's|__VERSION__|'"${{ github.ref_name }}"'|g' ${{env.COMPOSE_FILE_NAME_PATH}} | |
| sed -i 's|__VERSION__|'"${{ github.ref_name }}"'|g' ${{ env.RUNNER_WORKING_DIR }}${{ github.ref_name }}/.env | |
| sed -i 's|__APP_STACK_NAME__|'"${{ env.APP_STACK_NAME }}"'|g' ${{env.COMPOSE_FILE_NAME_PATH}} | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ secrets.DOCKER_REGISTRY }} | |
| username: ${{ secrets.DOCKER_REGISTRY_USERNAME }} | |
| password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} | |
| - name: Deploy Stack | |
| run: | | |
| docker stack deploy -c ${{env.COMPOSE_FILE_NAME_PATH}} ${{env.APP_STACK_NAME}} --with-registry-auth | |
| Deploy-Beta: | |
| needs: Build | |
| runs-on: self-hosted-staging | |
| environment: beta | |
| if: github.ref == 'refs/heads/development' | |
| env: | |
| RUNNER_WORKING_DIR: /opt/back-end/beta/ | |
| COMPOSE_FILE_NAME_PATH: /opt/back-end/beta/docker-compose-beta.yml | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set the IMAGE env variable | |
| run: echo "IMAGE=${{ env.IMAGE_NAME }}:$(echo ${{ github.ref_name }}-${{ github.sha }} | tr '. - /\' '_' )" >> $GITHUB_ENV | |
| - name: Set the APP_STACK_NAME environment variable | |
| run: echo "APP_STACK_NAME=${{ env.APP_NAME }}-beta" >> $GITHUB_ENV | |
| - name: Copy Docker Compose file | |
| run: cp .deploy/docker-compose-beta.yml ${{ env.RUNNER_WORKING_DIR }} | |
| - name: Replace placeholders | |
| run: | | |
| sed -i 's|__IMAGE__|'"${{ env.IMAGE }}"'|g' ${{ env.COMPOSE_FILE_NAME_PATH }} | |
| sed -i 's|__APP_STACK_NAME__|'"${{ env.APP_STACK_NAME }}"'|g' ${{ env.COMPOSE_FILE_NAME_PATH }} | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ secrets.DOCKER_REGISTRY }} | |
| username: ${{ secrets.DOCKER_REGISTRY_USERNAME }} | |
| password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} | |
| - name: Deploy Stack | |
| run: docker stack deploy -c ${{ env.COMPOSE_FILE_NAME_PATH }} ${APP_STACK_NAME} --with-registry-auth | |
| Deploy-UAT: | |
| needs: Build | |
| runs-on: self-hosted-staging | |
| environment: uat | |
| if: startsWith(github.ref_name, 'release') || startsWith(github.ref_name, 'hotfix') && github.ref_type == 'branch' | |
| env: | |
| RUNNER_WORKING_DIR: /opt/back-end/uat/ | |
| COMPOSE_FILE_NAME_PATH: /opt/back-end/uat/docker-compose-uat.yml | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set the APP_STACK_NAME environment variable | |
| run: echo "APP_STACK_NAME=${{ env.APP_NAME }}-uat" >> $GITHUB_ENV | |
| - name: Set the IMAGE env variable | |
| run: echo "IMAGE=${{ env.IMAGE_NAME }}:$(echo ${{ github.ref_name }}-${{ github.sha }} | tr '. - /\' '_' )" >> $GITHUB_ENV | |
| - name: Copy Docker Compose file | |
| run: cp .deploy/docker-compose-uat.yml ${{ env.RUNNER_WORKING_DIR }} | |
| - name: Replace placeholders | |
| run: | | |
| sed -i 's|__IMAGE__|'"${{ env.IMAGE }}"'|g' ${{ env.COMPOSE_FILE_NAME_PATH }} | |
| sed -i 's|__APP_STACK_NAME__|'"${{ env.APP_STACK_NAME }}"'|g' ${{ env.COMPOSE_FILE_NAME_PATH }} | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ secrets.DOCKER_REGISTRY }} | |
| username: ${{ secrets.DOCKER_REGISTRY_USERNAME }} | |
| password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} | |
| - name: Deploy | |
| run: docker stack deploy -c ${{ env.COMPOSE_FILE_NAME_PATH }} ${APP_STACK_NAME} --with-registry-auth | |
| Deploy-Production: | |
| needs: Build | |
| runs-on: self-hosted-production | |
| environment: prod | |
| if: startsWith(github.ref_name, 'main') && github.ref_type == 'branch' | |
| env: | |
| RUNNER_WORKING_DIR: /opt/back-end/ | |
| COMPOSE_FILE_NAME_PATH: /opt/back-end/docker-compose-prod.yml | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set the IMAGE env variable | |
| run: echo "IMAGE=${{ env.IMAGE_NAME }}:$(echo ${{ github.ref_name }}-${{ github.sha }} | tr '. - /\' '_' )" >> $GITHUB_ENV | |
| - name: Copy Docker Compose file | |
| run: cp .deploy/docker-compose-prod.yml ${{env.RUNNER_WORKING_DIR}} | |
| - name: Replace placeholders | |
| run: sed -i 's|__IMAGE__|'"${{ env.IMAGE }}"'|g' ${{ env.COMPOSE_FILE_NAME_PATH }} | |
| - name: Log in to the Container registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ secrets.DOCKER_REGISTRY }} | |
| username: ${{ secrets.DOCKER_REGISTRY_USERNAME }} | |
| password: ${{ secrets.DOCKER_REGISTRY_PASSWORD }} | |
| - name: Deploy | |
| run: docker stack deploy -c ${{ env.COMPOSE_FILE_NAME_PATH }} ${{env.APP_NAME}} --with-registry-auth |