1.4.0.1 #17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: deploy-master | |
on: | |
push: | |
branches: | |
- master | |
jobs: | |
preinstall-client: | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
node-version: [16] | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: pnpm/action-setup@v2 | |
with: | |
version: 8 | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'pnpm' | |
cache-dependency-path: packages/client/pnpm-lock.yaml | |
- name: Get pnpm store directory | |
id: pnpm-cache | |
shell: bash | |
run: | | |
echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT | |
- uses: actions/cache@v3 | |
name: Setup pnpm cache | |
with: | |
path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} | |
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('packages/client/pnpm-lock.yaml') }} | |
restore-keys: | | |
${{ runner.os }}-pnpm-store- | |
- name: Install dependencies | |
run: | | |
cd packages/client | |
pnpm install --frozen-lockfile | |
build-client-production: | |
needs: [preinstall-client] | |
runs-on: ubuntu-20.04 | |
strategy: | |
matrix: | |
node-version: [16] | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: pnpm/action-setup@v2 | |
with: | |
version: 8 | |
- name: Use Node.js ${{ matrix.node-version }} | |
uses: actions/setup-node@v3 | |
with: | |
node-version: ${{ matrix.node-version }} | |
cache: 'pnpm' | |
cache-dependency-path: packages/client/pnpm-lock.yaml | |
- name: Get pnpm store directory | |
id: pnpm-cache | |
shell: bash | |
run: | | |
echo "STORE_PATH=$(pnpm store path)" >> $GITHUB_OUTPUT | |
- uses: actions/cache@v3 | |
name: Setup pnpm cache | |
with: | |
path: ${{ steps.pnpm-cache.outputs.STORE_PATH }} | |
key: ${{ runner.os }}-pnpm-store-${{ hashFiles('packages/client/pnpm-lock.yaml') }} | |
restore-keys: | | |
${{ runner.os }}-pnpm-store- | |
- name: Install dependencies | |
run: | | |
cd packages/client | |
pnpm install --frozen-lockfile | |
- name: Create env file for client | |
run: | | |
touch packages/client/env/.env.production | |
echo "$CLIENT_ENV" >> packages/client/env/.env.production | |
env: | |
CLIENT_ENV: ${{secrets.CLIENT_ENV_PRODUCTION}} | |
- name: Set current date as env variable | |
run: echo "BUILD_TIMESTAMP=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_ENV | |
- name: Build | |
run: | | |
cd packages/client | |
pnpm build:production | |
- uses: actions/cache@v3 | |
with: | |
path: packages/client/dist | |
key: client-production-${{ github.sha }} | |
build-production: | |
needs: [build-client-production] | |
name: Build the production docker image | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- uses: actions/cache@v3 | |
with: | |
path: packages/client/dist | |
key: client-production-${{ github.sha }} | |
- name: Generate certificates | |
run: | | |
mkdir -p ./packages/server/secret | |
openssl req -x509 -newkey rsa:2048 -nodes -out ./packages/server/secret/cert.pem -keyout ./packages/server/secret/key.pem -days 365 -subj "/C=FR/O=krkr/OU=Domain Control Validated/CN=*" | |
- name: Run docker build task | |
run: docker build -f Dockerfile.cached -t inkvisitor:production . | |
- name: Save docker-compose stack | |
run: docker save inkvisitor:production | gzip > inkvisitor-production.tar.gz | |
- name: Cache image.tar | |
uses: actions/cache@v2 | |
with: | |
path: inkvisitor-production.tar.gz | |
key: inkvisitor-production-${{ github.sha }}.tar.gz | |
deploy: | |
needs: [build-production] | |
name: Deploy | |
runs-on: ubuntu-latest | |
timeout-minutes: 10 | |
steps: | |
- name: Checkout InkVisitor | |
uses: actions/checkout@v2 | |
- name: Restore cached production | |
uses: actions/cache@v2 | |
with: | |
path: inkvisitor-production.tar.gz | |
key: inkvisitor-production-${{ github.sha }}.tar.gz | |
- name: Install SSH Key | |
uses: shimataro/ssh-key-action@v2 | |
with: | |
key: ${{ secrets.SSH_PRIVATE_KEY }} | |
known_hosts: ${{ secrets.KNOWN_HOSTS }} | |
- name: Update packages | |
run: | | |
sudo apt-get update | |
- name: Install OpenVPN | |
run: | | |
sudo apt install -y openvpn openvpn-systemd-resolved | |
- name: Prepare OpenVPN creds file | |
run: | | |
touch pass.txt | |
echo ${{ secrets.VPN_USER }} >> pass.txt | |
echo ${{ secrets.VPN_PASS }} >> pass.txt | |
- name: Pull OpenVPN Config | |
run: curl https://it.muni.cz/media/3404274/muni-main-linux.ovpn -o muni-linux.ovpn | |
- name: Connect to VPN and deploy | |
run: sudo openvpn --config muni-linux.ovpn --auth-user-pass pass.txt --daemon | |
- name: Wait for a VPN connection | |
timeout-minutes: 2 | |
run: until ping -w 2 ${{ secrets.SSH_HOST }}; do sleep 2; done | |
- name: Upload image production | |
run: scp inkvisitor-production.tar.gz ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }}:/var/www/html/apps | |
- name: Restart containers | |
run: | | |
ssh -tt ${{ secrets.SSH_USER }}@${{ secrets.SSH_HOST }} -- "sh -c ' | |
podman container prune -f && | |
podman image prune -f && | |
rm -rf /var/tmp/docker-tar* && | |
podman rm inkvisitor-production --force || true && | |
podman load -i /var/www/html/apps/inkvisitor-production.tar.gz && | |
podman-compose -f /var/www/html/apps/docker-compose.yml up -d inkvisitor-production | |
'" |