Release #36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Prod backend build and deploy | |
| concurrency: | |
| group: prod_deploy | |
| cancel-in-progress: true | |
| on: | |
| pull_request: | |
| branches: | |
| - master | |
| types: [closed] | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: lubimovka_backend | |
| DEPLOY_PATH: /LUBIMOVKA | |
| defaults: | |
| run: | |
| working-directory: . | |
| jobs: | |
| tests: | |
| name: Run tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - | |
| name: Check out the repo | |
| uses: actions/checkout@v2 | |
| - | |
| name: Set up Python | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: 3.9 | |
| - | |
| name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install -r requirements/dev.txt | |
| - | |
| name: Test with pytest | |
| run: pytest | |
| build-and-push-image-to-github-packages: | |
| name: Push Docker image to GitHub Packages | |
| runs-on: ubuntu-latest | |
| needs: tests | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v2 | |
| with: | |
| ref: master | |
| - | |
| name: Docker login | |
| uses: docker/login-action@v1 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - | |
| name: Set variables | |
| run: | | |
| echo REP_OWNER=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV | |
| - | |
| name: Build and push | |
| uses: docker/build-push-action@v2 | |
| with: | |
| context: . | |
| file: Dockerfile_prod | |
| labels: runnumber=${GITHUB_RUN_ID} | |
| push: true | |
| tags: | | |
| ${{ env.REGISTRY }}/${{ env.REP_OWNER }}/${{ env.IMAGE_NAME }}:prod, | |
| ${{ env.REGISTRY }}/${{ env.REP_OWNER }}/${{ env.IMAGE_NAME }}:latest, | |
| ${{ env.REGISTRY }}/${{ env.REP_OWNER }}/${{ env.IMAGE_NAME }}:${{ github.sha }} | |
| deploy: | |
| name: Deploy changes on server | |
| runs-on: ubuntu-latest | |
| environment: | |
| name: prod_deploy | |
| needs: build-and-push-image-to-github-packages | |
| steps: | |
| - | |
| name: Checkout | |
| uses: actions/checkout@v2 | |
| with: | |
| ref: master | |
| - | |
| name: Create SSH key | |
| # (SSH_KNOWN_HOSTS=ssh-keyscan -H сервер, SSH_PRIVATE_KEY - ключ с ПК, которому разрешен вход) | |
| run: | | |
| mkdir -p ~/.ssh | |
| chmod 700 ~/.ssh | |
| echo "${{ secrets.SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts | |
| chmod 644 ~/.ssh/known_hosts | |
| echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa | |
| chmod 600 ~/.ssh/id_rsa | |
| - | |
| name: Create folder for application | |
| run: ssh ${{ secrets.USERNAME }}@${{ secrets.HOST }} mkdir -p ${{ env.DEPLOY_PATH }} | |
| - | |
| name: Deploy with scp | |
| run: scp -r infra_deploy/prod/ ${{ secrets.USERNAME }}@${{ secrets.HOST }}:${{ env.DEPLOY_PATH }} | |
| - | |
| name: Copy postfix setup | |
| run: scp -r infra_deploy/postfix/ ${{ secrets.USERNAME }}@${{ secrets.HOST }}:${{ env.DEPLOY_PATH }}/prod/ | |
| - | |
| name: executing remote ssh commands to deploy | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.HOST }} | |
| username: ${{ secrets.USERNAME }} | |
| key: ${{ secrets.SSH_PRIVATE_KEY }} | |
| passphrase: ${{ secrets.PASSPHRASE }} | |
| script: | | |
| cd ${{ env.DEPLOY_PATH }}/prod/ | |
| # GitHub variables | |
| echo "IMAGE_BACK=${{ secrets.IMAGE_BACK }}" > .github_vars | |
| echo "IMAGE_BACK_TAG=${{ secrets.IMAGE_BACK_TAG }}" >> .github_vars | |
| echo "IMAGE_FRONT=${{ secrets.IMAGE_FRONT }}" >> .github_vars | |
| echo "IMAGE_FRONT_TAG=${{ secrets.IMAGE_FRONT_TAG }}" >> .github_vars | |
| echo "FRONT_BASE_URL=${{ secrets.FRONT_BASE_URL }}" >> .github_vars | |
| echo "API_BASE_URL=${{ secrets.API_BASE_URL }}" >> .github_vars | |
| # PostgreSQL environment variables | |
| echo POSTGRES_DB=${{ secrets.POSTGRES_DB }} > .env-prod | |
| echo POSTGRES_USER=${{ secrets.POSTGRES_USER }} >> .env-prod | |
| echo POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} >> .env-prod | |
| echo POSTGRES_HOST=${{ secrets.POSTGRES_HOST }} >> .env-prod | |
| echo POSTGRES_PORT=${{ secrets.POSTGRES_PORT }} >> .env-prod | |
| # Postfix settings | |
| echo POSTFIX_DB_PASSWORD=${{ secrets.POSTFIX_DB_PASSWORD }} >> .env-prod | |
| echo POSTFIX_HOSTNAME=${{ secrets.POSTFIX_HOSTNAME }} >> .env-prod | |
| echo POSTFIX_MAIL_DOMAIN=${{ secrets.POSTFIX_MAIL_DOMAIN }} >> .env-prod | |
| # Django environment variables | |
| echo DJANGO_SETTINGS_MODULE=${{ secrets.DJANGO_SETTINGS_MODULE }} >> .env-prod | |
| echo DJANGO_SECRET_KEY=${{ secrets.DJANGO_SECRET_KEY }} >> .env-prod | |
| echo DJANGO_ALLOWED_HOSTS=${{ secrets.DJANGO_ALLOWED_HOSTS }} >> .env-prod | |
| echo DJANGO_EMAIL_BACKEND=${{ secrets.DJANGO_EMAIL_BACKEND }} >> .env-prod | |
| echo DJANGO_SUPERUSER_USERNAME=${{ secrets.DJANGO_SUPERUSER_USERNAME }} >> .env-prod | |
| echo DJANGO_SUPERUSER_EMAIL=${{ secrets.DJANGO_SUPERUSER_EMAIL }} >> .env-prod | |
| echo DJANGO_SUPERUSER_PASSWORD=${{ secrets.DJANGO_SUPERUSER_PASSWORD }} >> .env-prod | |
| echo SERVER_EMAIL=${{ secrets.SERVER_EMAIL }} >> .env-prod | |
| echo MAILJET_API_KEY=${{ secrets.MAILJET_API_KEY }} >> .env-prod | |
| echo MAILJET_SECRET_KEY=${{ secrets.MAILJET_SECRET_KEY }} >> .env-prod | |
| echo MAILJET_TEMPLATE_ID_QUESTION=${{ secrets.MAILJET_TEMPLATE_ID_QUESTION }} >> .env-prod | |
| echo MAILJET_TEMPLATE_ID_REGISTRATION_USER=${{ secrets.MAILJET_TEMPLATE_ID_REGISTRATION_USER }} >> .env-prod | |
| echo MAILJET_TEMPLATE_ID_PARTICIPATION_APPLICATION=${{ secrets.MAILJET_TEMPLATE_ID_PARTICIPATION_APPLICATION }} >> .env-prod | |
| echo MAILJET_TEMPLATE_ID_RESET_PASSWORD_USER=${{ secrets.MAILJET_TEMPLATE_ID_RESET_PASSWORD_USER }} >> .env-prod | |
| # Secrets variables for google sheets in Django: | |
| echo GOOGLE_PRIVATE_KEY_ID=${{ secrets.GOOGLE_PRIVATE_KEY_ID }} >> .env-prod | |
| echo GOOGLE_PRIVATE_KEY=${{ secrets.GOOGLE_PRIVATE_KEY }} >> .env-prod | |
| # Swag environment variables | |
| echo PUID=${{ secrets.PUID }} >> .env-prod | |
| echo PGID=${{ secrets.PGID }} >> .env-prod | |
| echo URL=${{ secrets.URL }} >> .env-prod | |
| echo EMAIL=${{ secrets.SSL_EMAIL }} >> .env-prod | |
| # Token for yandex disk | |
| echo YNDX_DISK_TOKEN=${{ secrets.YNDX_DISK_TOKEN }} >> .env-prod | |
| # Очистка неиспользуемых контейнеров, образов, сетей | |
| docker system prune --force | |
| docker network create prod_db_network || true | |
| docker network create prod_swag_network || true | |
| # Установка приложения - backend | |
| cp -rf ${{ env.DEPLOY_PATH }}/prod/lubimovka-backend.service /etc/systemd/system/lubimovka-backend.service | |
| systemctl daemon-reload | |
| systemctl restart lubimovka-backend.service | |
| # Установка приложения - frontend | |
| cp -rf ${{ env.DEPLOY_PATH }}/prod/lubimovka-frontend.service /etc/systemd/system/lubimovka-frontend.service | |
| systemctl daemon-reload | |
| systemctl restart lubimovka-frontend.service | |
| # После установки удаляем файлы | |
| rm ${{ env.DEPLOY_PATH }}/prod/lubimovka-backend.service | |
| rm ${{ env.DEPLOY_PATH }}/prod/lubimovka-frontend.service |