Create deploy.yaml #34
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Django CI & Deploy | |
on: | |
push: | |
branches: | |
- '**' # Trigger on push to any branch | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
strategy: | |
max-parallel: 4 | |
matrix: | |
python-version: [3.12] | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Set up Python ${{ matrix.python-version }} | |
uses: actions/setup-python@v3 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install Dependencies | |
run: | | |
python -m pip install --upgrade pip | |
pip install -r requirements-dev.txt | |
- name: Start PostgreSQL service | |
run: | | |
docker run --name postgres-db -d \ | |
-e POSTGRES_USER=${{ secrets.DB_USERNAME }} \ | |
-e POSTGRES_PASSWORD=${{ secrets.DB_PASSWORD }} \ | |
-e POSTGRES_DB=${{ secrets.DB_NAME }} \ | |
-p 5432:5432 postgres:13 | |
# Wait until PostgreSQL is ready | |
until docker exec postgres-db pg_isready -U ${{ secrets.DB_USERNAME }}; do | |
echo "Waiting for PostgreSQL to be ready..."; | |
sleep 5; | |
done | |
- name: Create .env file on git machine | |
run: | | |
echo "SECRET_KEY=${{ secrets.SECRET_KEY }}" >> .env | |
echo "DB_USER=${{ secrets.DB_USERNAME }}" >> .env | |
echo "DB_PASSWORD=${{ secrets.DB_PASSWORD }}" >> .env | |
echo "DB_NAME=${{ secrets.DB_NAME }}" >> .env | |
echo "DB_HOST=localhost" >> .env | |
echo "DB_PORT=${{ secrets.DB_PORT }}" >> .env | |
- name: Apply Django Migrations | |
run: | | |
python src/tupan/manage.py makemigrations | |
python src/tupan/manage.py migrate | |
- name: Run Tests | |
run: | | |
cd src/tupan && pytest | |
- name: Stop PostgreSQL container | |
run: | | |
docker stop postgres-db | |
docker rm postgres-db | |
# Job for deploying to AWS EC2, only if the build job is successful | |
deploy: | |
runs-on: ubuntu-24.04 | |
needs: build # This job will only run if the build job is successful | |
if: github.ref == 'refs/heads/main' # Run only on push to the main branch | |
env: | |
AWS_PRIVATE_KEY: ${{ secrets.KEYAWS }} | |
SSH_OPTIONS: '-o StrictHostKeyChecking=no -i key.pem ubuntu@98.80.44.121' | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
- name: Set permissions for private key | |
run: | | |
echo "${{ env.AWS_PRIVATE_KEY }}" > key.pem | |
chmod 600 key.pem | |
- name: Stop running containers | |
run: | | |
ssh ${{ env.SSH_OPTIONS }} 'if [ -d /home/ubuntu/tupan-back/ ]; then cd /home/ubuntu/tupan-back/ && sudo docker-compose down; fi' | |
- name: Create target directory on AWS instance | |
run: | | |
ssh ${{ env.SSH_OPTIONS }} 'mkdir -p /home/ubuntu/tupan-back/' | |
- name: Create .env file | |
run: | | |
echo "SECRET_KEY=${{ secrets.SECRET_KEY }}" >> .env | |
echo "DB_USER=${{ secrets.DB_USERNAME }}" >> .env | |
echo "DB_PASSWORD=${{ secrets.DB_PASSWORD }}" >> .env | |
echo "DB_NAME=${{ secrets.DB_NAME }}" >> .env | |
echo "DB_HOST=${{ secrets.DB_HOST }}" >> .env | |
echo "DB_PORT=${{ secrets.DB_PORT }}" >> .env | |
- name: Transfer code to AWS instance | |
run: | | |
rsync -av --delete --exclude='.git' --exclude='.github' --exclude='.husky' -e "ssh -o StrictHostKeyChecking=no -i key.pem" --rsync-path="sudo rsync" ./ ubuntu@98.80.44.121:/home/ubuntu/tupan-back | |
- name: Set permissions for entrypoint | |
run: | | |
ssh ${{ env.SSH_OPTIONS }} 'cd /home/ubuntu/tupan-back/ && sudo chmod +x entrypoint.sh' | |
- name: Build Docker Compose | |
run: | | |
ssh ${{ env.SSH_OPTIONS }} 'cd /home/ubuntu/tupan-back/ && sudo docker-compose build' | |
- name: Run Docker Compose | |
run: | | |
ssh ${{ env.SSH_OPTIONS }} 'cd /home/ubuntu/tupan-back/ && sudo docker-compose up -d' | |
- name: Cleanup SSH key | |
run: | | |
rm -f key.pem |