Skip to content
Deploy to Production

Fix @angular-eslint peer dependency conflict (#125) #12

Sign in to view logs

Fix @angular-eslint peer dependency conflict (#125)

Fix @angular-eslint peer dependency conflict (#125) #12

Workflow file for this run

.github/workflows/deploy.yml at e28ed9f
name: Deploy to Production
on:
push:
branches: [main]
workflow_dispatch:
inputs:
force_deploy:
description: "Force deploy backend + frontend"
type: boolean
default: false
concurrency:
group: deploy-main
cancel-in-progress: false
env:
REGISTRY: ghcr.io
DEPLOY_DIR: /opt/banktracker/BankTrackerGraphQL
jobs:
changes:
runs-on: ubuntu-latest
permissions:
actions: read
contents: read
pull-requests: read
steps:
- uses: actions/checkout@v6
with:
sparse-checkout: |
.github/pr-filter.yml
- uses: dorny/paths-filter@v3
id: filter
with:
filters: .github/pr-filter.yml
outputs:
frontend: ${{ steps.filter.outputs.frontend }}
backend: ${{ steps.filter.outputs.backend }}
backendLibrary: ${{ steps.filter.outputs.backendLibrary }}
backendData: ${{ steps.filter.outputs.backendData }}
build-backend-image:
name: Build and Push Backend Image
uses: ./.github/workflows/build-backend-image.yml
needs: changes
if: ${{ inputs.force_deploy == true || needs.changes.outputs.backend == 'true' || needs.changes.outputs.backendLibrary == 'true' || needs.changes.outputs.backendData == 'true' }}
permissions:
contents: read
packages: write
build-frontend-image:
name: Build and Push Frontend Image
uses: ./.github/workflows/build-frontend-image.yml
needs: changes
if: ${{ inputs.force_deploy == true || needs.changes.outputs.frontend == 'true' }}
permissions:
contents: read
packages: write
deploy:
name: Deploy to Production
runs-on: ubuntu-latest
needs: [build-backend-image, build-frontend-image]
if: always() && (needs.build-backend-image.result == 'success' || needs.build-frontend-image.result == 'success' || needs.build-backend-image.result == 'skipped' || needs.build-frontend-image.result == 'skipped')
permissions:
contents: read
packages: read
steps:
- name: Checkout
uses: actions/checkout@v6
- name: Connect to Tailscale
uses: tailscale/github-action@v4
with:
oauth-client-id: ${{ secrets.TAILSCALE_OAUTH_CLIENTID }}
oauth-secret: ${{ secrets.TAILSCALE_OAUTH_CLIENT_SECRET }}
tags: tag:ci
hostname: banktracker-ci-${{ github.run_id }}
- name: Configure SSH target
id: ssh
run: |
TARGET="${{ secrets.TAILSCALE_SSH_TARGET }}"
if [[ -z "$TARGET" ]]; then
echo "::error::TAILSCALE_SSH_TARGET secret is not set"
exit 1
fi
echo "target=$TARGET" >> "$GITHUB_OUTPUT"
- name: Test connectivity
run: |
tailscale ssh "${{ steps.ssh.outputs.target }}" "echo 'Connected'"
- name: Clean up old Docker images
run: |
tailscale ssh "${{ steps.ssh.outputs.target }}" \
"docker system prune -af --filter 'until=24h'"
- name: Log in to GitHub Container Registry
run: |
echo "${{ secrets.GITHUB_TOKEN }}" | tailscale ssh "${{ steps.ssh.outputs.target }}" \
"docker login ghcr.io -u ${{ github.actor }} --password-stdin"
- name: Pull latest images
run: |
tailscale ssh "${{ steps.ssh.outputs.target }}" \
"cd $DEPLOY_DIR && docker compose pull"
- name: Deploy all services
run: |
tailscale ssh "${{ steps.ssh.outputs.target }}" \
"cd $DEPLOY_DIR && docker compose up -d --wait"
- name: Verify deployment
if: success()
run: |
tailscale ssh "${{ steps.ssh.outputs.target }}" "cd $DEPLOY_DIR && docker compose ps"
# this job is the required branch protection rule
completed:
runs-on: ubuntu-latest
if: always()
needs: # list all the required jobs here!
- changes
- build-backend-image
- build-frontend-image
- deploy
steps:
- name: Fail
run: echo "::error::A required deployment step failed" && exit 1
if: ${{ contains(needs.*.result, 'cancelled') || contains(needs.*.result, 'failure') || contains(needs.*.result, 'error') }}