Update GHA deploy

Author: tsabados

.github/workflows/deploy-ec2.yml

@@ -1,79 +1,114 @@
-name: Deploy stryng
-run-name: ${{ github.event_name == 'workflow_dispatch' && format('[{1}] - {0}', github.workflow, github.event.inputs.environment) || format('[uat] - {0}', github.event.head_commit.message)  }}
+name: Deploy to EC2
+
+run-name: ${{ github.event_name == 'workflow_dispatch' && format('[{0}] - {1}', github.event.inputs.environment, github.workflow) || format('[uat] - {0}', github.event.head_commit.message) }}
 
 on:
-  # push:
-  #   branches:
-  #     - main
+  push:
+    branches:
+      - main
   workflow_dispatch:
     inputs:
       environment:
         description: 'Environment'
         type: choice
         options:
-        - uat
-        - prod
+          - uat
+          - prod
         required: true
 
 jobs:
   deploy:
     runs-on: ubuntu-latest
+    environment: ${{ github.event.inputs.environment || 'uat' }}
     concurrency:
-      group: deploy-stryng-${{ github.event_name }}
-
-    container:
-      image: modul8it/stryng_devops_devcontainer:latest
-      options: --user 0:0
-      credentials:
-        username: ${{ secrets.DOCKERHUB_USERNAME }}
-        password: ${{ secrets.DOCKERHUB_TOKEN }}
+      group: deploy-ec2-${{ github.event.inputs.environment || 'uat' }}
+      cancel-in-progress: false
 
     env:
-      HOME: /home/coder
-      AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
-      AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-      AWS_REGION: ${{ secrets.AWS_REGION }}
+      TARGET_ENV: ${{ github.event.inputs.environment || 'uat' }}
 
     steps:
-      - name: Prepare env (inside container)
-        shell: bash
-        run: |
-          set -euo pipefail
-          if [[ "$GITHUB_EVENT_NAME" = "workflow_dispatch" ]]; then
-            TARGET_ENV="${{ github.event.inputs.environment }}"
-          else
-            TARGET_ENV="uat"
-          fi
-          echo "TARGET_ENV=$TARGET_ENV" >> "$GITHUB_ENV"
-          echo "TARGET_ENV_UPPERCASE=${TARGET_ENV^^}" >> "$GITHUB_ENV"
-          echo "TARGET_ENV=$TARGET_ENV"
-          echo "TARGET_ENV_UPPERCASE=${TARGET_ENV^^}"
-
-      - name: Checkout devops
+      - name: Checkout repository
         uses: actions/checkout@v4
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Export secrets from AWS Secrets Manager
+        uses: say8425/aws-secrets-manager-actions@v2
         with:
-          repository: modul8dev/devops
-          token: ${{ secrets.GH_TOKEN }}
-          path: devops
-          ref: main
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }}
+          SECRET_NAME: ${{ vars.AWS_SECRET_NAME }}
+          OUTPUT_PATH: '.env'
+
+      - name: List files for debugging
+        run: ls -la && cat .env
+
+      - name: Install jinjanator
+        run: pip install jinjanator
 
-      - name: Deploy (inside container)
-        shell: bash
+      - name: Template nginx configuration
         run: |
-          set -eux
-          whoami
-          echo "TARGET_ENV=$TARGET_ENV"
-          echo "TARGET_ENV_UPPERCASE=$TARGET_ENV_UPPERCASE"
-
-          mkdir -p "$HOME/.ssh"
-          echo "${{ secrets[format('SSH_PRIVATE_KEY_{0}', env.TARGET_ENV_UPPERCASE)] }}" > "$HOME/.ssh/m8_admin"
-          chmod 600 "$HOME/.ssh/m8_admin"
-
-          cd devops/ansible
-          ansible-playbook \
-            -i "inventories/aws/$TARGET_ENV" \
-            -u ubuntu \
-            --private-key "$HOME/.ssh/m8_admin" \
-            --tags install \
-            deploy-stryng5.yml \
-            -e "git_ref=${{ github.ref_name }}"
+          jinjanate deploy/nginx/nginx.conf.j2 .env --format=env  -o deploy/nginx/nginx.conf
+          jinjanate deploy/docker-compose.yml.j2 .env --format=env  -o deploy/docker-compose.yml
+
+      - name: Copy files to EC2
+        uses: appleboy/scp-action@v1
+        with:
+          host: ${{ secrets.SSH_HOST }}
+          username: ${{ secrets.SSH_USERNAME }}
+          key: ${{ secrets.SSH_PRIVATE_KEY }}
+          source: ".env,deploy/nginx/nginx.conf,deploy/docker-compose.yml"
+          target: "~/repo/scp/"
+
+      - name: Deploy on EC2
+        uses: appleboy/ssh-action@v1
+        env:
+          GITHUB_SSH_KEY: ${{ secrets.M8_GIHUB_SSH_KEY }}
+        with:
+          host: ${{ secrets.SSH_HOST }}
+          username: ${{ secrets.SSH_USERNAME }}
+          key: ${{ secrets.SSH_PRIVATE_KEY }}
+          envs: GITHUB_SSH_KEY
+          script: |
+            set -euo pipefail
+
+            # Ensure GitHub SSH key is in place
+            mkdir -p ~/.ssh
+            echo "$GITHUB_SSH_KEY" > ~/.ssh/modul8_github_ssh_key
+            chmod 600 ~/.ssh/modul8_github_ssh_key
+
+            # Start ssh-agent and add the GitHub SSH key
+            if [ -z "${SSH_AUTH_SOCK:-}" ] || [ ! -S "${SSH_AUTH_SOCK:-}" ]; then
+                eval "$(ssh-agent -s)"
+            fi
+            ssh-add ~/.ssh/modul8_github_ssh_key
+
+            mkdir -p ~/repo
+
+            # Clone or pull the latest code
+            if [ ! -d ~/repo/stryng5 ]; then
+              # Clone directly into the folder
+              git clone git@github.com:modul8dev/stryng5.git ~/repo/stryng5
+            else
+              # Pull updates
+              git -C ~/repo/stryng5 pull
+            fi
+
+            cd ~/repo/stryng5
+
+            # Put rendered files in place
+            mv ~/repo/scp/deploy/nginx/nginx.conf deploy/nginx/nginx.conf
+            mv ~/repo/scp/deploy/docker-compose.yml deploy/docker-compose.yml
+            mv ~/repo/scp/.env .env
+
+            # Pull latest images and (re)start services
+            cd deploy
+            docker compose up -d
+            docker compose up -d --force-recreate stryng_app qcluster

.github/workflows/deploy.yml

@@ -47,6 +47,8 @@ services:
     depends_on:
       - redis
     restart: unless-stopped
+    networks:
+      - stryng
 
   nginx:
     image: nginx