-
Notifications
You must be signed in to change notification settings - Fork 47
137 lines (130 loc) Β· 4.3 KB
/
github-cicd.yml
File metadata and controls
137 lines (130 loc) Β· 4.3 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
---
name: Clean Architecture the template CI/CD
on:
push:
branches:
- main
pull_request:
branches:
- main
env:
DOTNET_INSTALL_DIR: "./.dotnet"
NUGET_PACKAGES: ${{ github.workspace }}/.nuget/packages
DOCKER_BUILDKIT: "1"
jobs:
build:
name: π οΈ Restore β’ Build β’ Test β’ Publish
runs-on: self-hosted
permissions:
contents: read
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: "10.0.103"
cache: true
cache-dependency-path: |
src/*/packages.lock.json
tests/*/packages.lock.json
- name: Clean the solution
run: dotnet clean
# my vm server got a problem with ipv6
#I use "export DOTNET_SYSTEM_NET_DISABLEIPV6=1" command to disable it if you don't remove this
- name: Install dependencies
run: |
export DOTNET_SYSTEM_NET_DISABLEIPV6=1
dotnet restore --locked-mode
- name: Build
run: dotnet build --configuration Release --no-restore
- name: App Settings Variable Substitution
uses: iamazeem/substitute-action@v1
env:
DB_CONNECTION: ${{ secrets.DB_CONNECTION_STRING }}
S3_KEY: ${{ secrets.S3_KEY }}
S3_SECRET: ${{ secrets.S3_SECRET }}
JWT_SECRET: ${{ secrets.JWT_SECRET }}
S3_BUCKET: ${{ secrets.S3_BUCKET }}
URLS: ${{ secrets.URLS }}
with:
input-files: ${{ github.workspace }}/${{vars.SUBSTITUTE_FILE_PATH}}
- name: Test
run: dotnet test --no-restore --verbosity normal -e ASPNETCORE_ENVIRONMENT=Deployment
- name: Publish Application
run: dotnet publish -c Release --property:PublishDir=${{ github.workspace }}/app/publish
- name: Upload artifact
uses: actions/upload-artifact@v4
with:
name: app-build
path: |
${{ github.workspace }}/app/publish
retention-days: 3
docker:
name: π³ Build & Push Docker Image
needs: build
runs-on: self-hosted
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
# Download the artifact from the build job
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: app-build
path: |
${{ github.workspace }}/app/publish
# Set up Docker Buildx
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
version: latest
# Login to GitHub Container Registry
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ vars.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.PWD_TOKEN }}
# add tag for docker sha and latest
- name: Docker metadata
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ vars.REGISTRY }}/${{ github.actor }}/${{ vars.IMAGE_NAME }}
tags: |
type=raw,value=${{ github.ref_name }}-${{ github.sha }}
type=raw,value=${{ github.ref_name }}
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
push: ${{ github.event_name != 'pull_request' }}
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
cache-from: type=gha
cache-to: type=gha,mode=max
deploy:
name: π Deploy to Production Server
needs: docker
runs-on: self-hosted
permissions:
contents: read
environment: production
steps:
- name: Deploy to Server
uses: appleboy/ssh-action@v1.2.0
with:
host: ${{ vars.SSH_HOST }}
username: ${{ secrets.SSH_USER }}
key: ${{ secrets.SERVER_SSH_KEY }}
port: 22
script: |
echo "${{ secrets.PWD_TOKEN }}" | docker login ${{ vars.REGISTRY }} -u ${{ github.actor }} --password-stdin
docker pull ${{ vars.REGISTRY }}/${{ github.actor }}/${{ vars.IMAGE_NAME }}:${{ github.ref_name }}
cd ${{ secrets.APP_PATH }}
docker compose up -d
docker image prune -f
docker logout ${{ vars.REGISTRY }}