Deploy to EC2 #95
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to EC2 | |
| on: | |
| workflow_run: | |
| workflows: ["Run Tests"] | |
| types: | |
| - completed | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Create EC2 private key file | |
| shell: bash | |
| env: | |
| EC2_PRIVATE_KEY: ${{ secrets.EC2_PRIVATE_KEY }} | |
| run: | | |
| echo "$EC2_PRIVATE_KEY" > ec2_private_key.pem | |
| chmod 400 "ec2_private_key.pem" | |
| - name: Create env file | |
| shell: bash | |
| env: | |
| EC2_ENV_FILE: ${{ secrets.CODE_ENV_FILE }} | |
| run: | | |
| echo "$EC2_ENV_FILE" > .env.production.local | |
| - name: Copy Files to EC2 | |
| shell: bash | |
| env: | |
| REPO_NAME: ${{ github.event.repository.name }} | |
| EC2_PRIVATE_KEY: ${{ secrets.EC2_PRIVATE_KEY }} | |
| FULL_CHAIN_CERTIFICATE_PEM_FILE: ${{ secrets.FULL_CHAIN_CERTIFICATE_PEM_FILE }} | |
| PRIV_KEY_CERTIFICATE_PEM_FILE: ${{ secrets.PRIV_KEY_CERTIFICATE_PEM_FILE }} | |
| run: | | |
| ssh -i ec2_private_key.pem -o StrictHostKeyChecking=no ${{ secrets.EC2_USER }}@${{ secrets.EC2_HOST }} "mkdir -p $REPO_NAME" | |
| rsync -avz --exclude='.git/' --exclude='ec2_private_key.pem' --exclude='node_modules/' -e 'ssh -i ec2_private_key.pem -o StrictHostKeyChecking=no' $(pwd)/ ${{ secrets.EC2_USER }}@${{ secrets.EC2_HOST }}:~/$REPO_NAME | |
| ssh -i ec2_private_key.pem -o StrictHostKeyChecking=no ${{ secrets.EC2_USER }}@${{ secrets.EC2_HOST }} "cd $REPO_NAME && mkdir -p certs && cd certs && echo \"$FULL_CHAIN_CERTIFICATE_PEM_FILE\" > fullchain.pem && echo \"$PRIV_KEY_CERTIFICATE_PEM_FILE\" > privkey.pem && chmod 644 fullchain.pem && chmod 600 privkey.pem" | |
| ssh -i ec2_private_key.pem -o StrictHostKeyChecking=no ${{ secrets.EC2_USER }}@${{ secrets.EC2_HOST }} "cd $REPO_NAME && mkdir -p credentials && cd credentials && echo '${{ secrets.SERVICE_ACCOUNT_KEY_JSON_BASE64_ENCODED }}' | base64 --decode > credentials.json" | |
| - name: Deploy to EC2 | |
| env: | |
| REPO_NAME: ${{ github.event.repository.name }} | |
| EC2_PRIVATE_KEY: ${{ secrets.EC2_PRIVATE_KEY }} | |
| run: | | |
| ssh -i ec2_private_key.pem -o StrictHostKeyChecking=no ${{ secrets.EC2_USER }}@${{ secrets.EC2_HOST }} "cd $REPO_NAME && sudo docker compose down && sudo docker image prune -f && sudo docker builder prune -f && sudo docker compose up -d --build && echo 'Done'" |