-
Notifications
You must be signed in to change notification settings - Fork 44
148 lines (137 loc) · 4.83 KB
/
BuildAndDeploy.yml
File metadata and controls
148 lines (137 loc) · 4.83 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
name: Build and Deploy
on:
push:
branches: ["master"]
workflow_dispatch:
jobs:
frontend-check:
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./frontend
steps:
- uses: actions/checkout@v3
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: ${{ vars.NODE_VERSION }}
- name: Install & Lint
run: |
npm install -g yarn
yarn
yarn lint
- name: Testing
run: |
export karmaBrowser=ChromeHeadless
yarn test --watch=false
- name: Building
run: yarn build
backend-check:
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./backend
steps:
- uses: actions/checkout@v3
- name: Use Node.js
uses: actions/setup-node@v3
with:
node-version: ${{ vars.NODE_VERSION }}
- name: Install & Lint
run: |
npm install -g yarn
yarn
yarn eslint
- name: Testing
run: |
yarn test-coverage
- name: Building
run: yarn build
security:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
ref: ${{ github.head_ref }}
- name: trufflehog-actions-scan
uses: edplato/trufflehog-actions-scan@master
build-and-push-image:
needs:
- frontend-check
- backend-check
- security
runs-on: ubuntu-latest
permissions:
id-token: write
contents: read
steps:
- name: Checkout repo
uses: actions/checkout@v3
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_GITHUB_ACTION_ROLE }}
aws-region: ${{ secrets.AWS_REGION}}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push for Backend
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
REPOSITORY: heartbeat_backend
IMAGE_TAG: latest
run: |
docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG ./ -f ./infra/Dockerfile.backend
docker build -t $REGISTRY/$REPOSITORY:${{ github.run_number }} ./ -f ./infra/Dockerfile.backend
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
docker push $REGISTRY/$REPOSITORY:${{ github.run_number }}
- name: Build, tag, and push for Frontend
env:
REGISTRY: ${{ steps.login-ecr.outputs.registry }}
REPOSITORY: heartbeat_frontend
IMAGE_TAG: latest
run: |
docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG ./ -f ./infra/Dockerfile.frontend
docker build -t $REGISTRY/$REPOSITORY:${{ github.run_number }} ./ -f ./infra/Dockerfile.frontend
docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG
docker push $REGISTRY/$REPOSITORY:${{ github.run_number }}
deploy:
runs-on: ubuntu-latest
needs:
- build-and-push-image
steps:
- name: Checkout repo
uses: actions/checkout@v3
- name: Update docker-compose.yaml
run: |
sed -i -e 's/heartbeat_backend:latest/${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_HOST }}\/heartbeat_backend:${{ github.run_number }}/g' infra/docker-compose-old.yml
sed -i -e 's/heartbeat_frontend:latest/${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_HOST }}\/heartbeat_frontend:${{ github.run_number }}/g' infra/docker-compose-old.yml
- name: Copy docker-compose to ec2
uses: appleboy/scp-action@master
with:
host: ${{ secrets.AWS_EC2_IP }}
username: ${{ secrets.AWS_USERNAME }}
key: ${{ secrets.AWS_PRIVATE_KEY }}
port: ${{ secrets.AWS_SSH_PORT }}
source: "./infra/docker-compose-old.yml"
target: "./"
strip_components: 1
- name: Deploy
uses: appleboy/ssh-action@master
env:
REGISTRY: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_HOST }}
IMAGE_TAG: ${{ github.run_number }}
with:
host: ${{ secrets.AWS_EC2_IP }}
username: ${{ secrets.AWS_USERNAME }}
key: ${{ secrets.AWS_PRIVATE_KEY }}
port: ${{ secrets.AWS_SSH_PORT }}
script: |
aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | docker login --username AWS --password-stdin ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_HOST }}
cp "./infra/docker-compose-old.yml" ./
# docker-compose down
docker rmi -f $(docker images -f label=app=HeartBeat-old -q)
docker pull $REGISTRY/heartbeat_backend:$IMAGE_TAG
docker pull $REGISTRY/heartbeat_frontend:$IMAGE_TAG
docker-compose -f docker-compose-old.yml up -d frontend-old