Merge pull request #591 from the-hideout/update-deployments

Update deployments

.github/workflows/branch-deploy.yml

@@ -31,89 +31,7 @@ jobs:
         if: ${{ steps.branch-deploy.outputs.continue == 'true' }}
         uses: actions/checkout@v4
         with:
-          ref: ${{ steps.branch-deploy.outputs.ref }}
-
-      # - uses: azure/login@cb79c773a3cfa27f31f25eb3f677781210c9ce3d # [email protected]
-      #   if: ${{ steps.branch-deploy.outputs.continue == 'true' }}
-      #   with:
-      #     creds: ${{ secrets.AZURE_CREDENTIALS }}
-
-      # - uses: hashicorp/setup-terraform@a1502cd9e758c50496cc9ac5308c4843bcd56d36 # [email protected]
-      #   if: ${{ steps.branch-deploy.outputs.continue == 'true' }}
-      #   with:
-      #     terraform_version: 1.1.7
-      #     cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
-
-      # - name: Terraform init
-      #   id: init
-      #   if: ${{ steps.branch-deploy.outputs.continue == 'true' }}
-      #   working-directory: terraform/
-      #   run: terraform init
-
-      # ### NOOP DEPLOY ###
-
-      # - name: Terraform fmt
-      #   if: ${{ steps.branch-deploy.outputs.continue == 'true' && steps.branch-deploy.outputs.noop == 'true' }}
-      #   working-directory: terraform/
-      #   id: fmt
-      #   run: terraform fmt -check
-      #   continue-on-error: true
-
-      # - name: Terraform validate
-      #   if: ${{ steps.branch-deploy.outputs.continue == 'true' && steps.branch-deploy.outputs.noop == 'true' }}
-      #   working-directory: terraform/
-      #   id: validate
-      #   run: terraform validate -no-color
-
-      # - name: Terraform plan
-      #   if: ${{ steps.branch-deploy.outputs.continue == 'true' && steps.branch-deploy.outputs.noop == 'true' }}
-      #   working-directory: terraform/
-      #   id: plan
-      #   env:
-      #     TF_VAR_CLIENT_ID: ${{ secrets.CLIENT_ID }}
-      #     TF_VAR_CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
-      #     TF_VAR_SUBSCRIPTION_ID: ${{ secrets.SUBSCRIPTION_ID }}
-      #     TF_VAR_TENANT_ID: ${{ secrets.TENANT_ID }}
-      #   run: terraform plan -no-color
-      #   continue-on-error: true
-
-      # # Post comment on PR with development plan info
-      # - uses: thollander/actions-comment-pull-request@v2
-      #   if: ${{ steps.branch-deploy.outputs.continue == 'true' && steps.branch-deploy.outputs.noop == 'true' }}
-      #   env:
-      #     PLAN: "terraform ${{ steps.plan.outputs.stdout }}"
-      #   with:
-      #     message: |
-      #       `### Terraform Plan - Production (noop) 🪐
-      #       - Terraform Format and Style 🖌: \`${{ steps.fmt.outcome }}\`
-      #       - Terraform Initialization ⚙️: \`${{ steps.init.outcome }}\`
-      #       - Terraform Validation 🤖: \`${{ steps.validate.outcome }}\`
-      #       - Terraform Plan 📖: \`${{ steps.plan.outcome }}\`
-
-      #       <details><summary>Show Plan</summary>
-
-      #       \`\`\`${process.env.PLAN}\`\`\`
-
-      #       </details>
-
-      #       In addition to the plan, the branch: \`${{ steps.branch-deploy.outputs.ref }}\` would have been deployed
-
-      #       > Pusher: @${{ github.actor }}, Action: \`${{ github.event_name }}\`, Working Directory: \`terraform/\`, Workflow: \`${{ github.workflow }}\``;
-
-      # #####################
-
-      # ### BRANCH DEPLOY ###
-
-      # - name: Terraform apply
-      #   if: ${{ steps.branch-deploy.outputs.continue == 'true' && steps.branch-deploy.outputs.noop != 'true' }}
-      #   working-directory: terraform/
-      #   env:
-      #     # Creds
-      #     TF_VAR_CLIENT_ID: ${{ secrets.CLIENT_ID }}
-      #     TF_VAR_CLIENT_SECRET: ${{ secrets.CLIENT_SECRET }}
-      #     TF_VAR_SUBSCRIPTION_ID: ${{ secrets.SUBSCRIPTION_ID }}
-      #     TF_VAR_TENANT_ID: ${{ secrets.TENANT_ID }}
-      #   run: terraform apply -auto-approve
+          ref: ${{ steps.branch-deploy.outputs.sha }}
 
       - name: SSH Remote Deploy
         if: ${{ steps.branch-deploy.outputs.continue == 'true' && steps.branch-deploy.outputs.noop != 'true' }}
@@ -124,17 +42,4 @@ jobs:
           key: ${{ secrets.SSH_KEY }}
           port: ${{ secrets.SSH_PORT }}
           script_stop: true
-          script: ~/tarkov-data-manager/script/deploy -r="${{ steps.branch-deploy.outputs.ref }}" -f="${{ steps.branch-deploy.outputs.fork_checkout }}" -d="tarkov-data-manager" -n="${{ steps.branch-deploy.outputs.fork_full_name }}"
-
-      # - uses: actions/setup-python@0a5c61591373683505ea898e09a3ea4f39ef2b9c # [email protected]
-      #   if: ${{ steps.branch-deploy.outputs.continue == 'true' && steps.branch-deploy.outputs.noop != 'true' }}
-      #   with:
-      #     python-version: '3.10'
-      #     cache: 'pip'
-
-      # - name: health
-      #   if: ${{ steps.branch-deploy.outputs.continue == 'true' && steps.branch-deploy.outputs.noop != 'true' }}
-      #   working-directory: script/health
-      #   run: |
-      #     pip install -r requirements.txt
-      #     python health.py
+          script: ~/tarkov-data-manager/script/deploy -r "${{ steps.branch-deploy.outputs.sha }}" -f "${{ steps.branch-deploy.outputs.fork_checkout }}" -d "/home/tdm/tarkov-data-manager" -n "${{ steps.branch-deploy.outputs.fork_full_name }}"

.github/workflows/deploy.yml

@@ -0,0 +1,34 @@
+name: deploy
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deploy:
+    if: github.event_name == 'push'
+    environment: production
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: deployment check
+        uses: github/[email protected]
+        id: deployment-check
+        with:
+          merge_deploy_mode: "true"
+          environment: production
+
+      - uses: actions/checkout@v4
+        if: ${{ steps.deployment-check.outputs.continue == 'true' }}
+
+      - name: SSH Remote Deploy
+        if: ${{ steps.deployment-check.outputs.continue == 'true' }}
+        uses: appleboy/ssh-action@7eaf76671a0d7eec5d98ee897acda4f968735a17 # [email protected]
+        with:
+          host: ${{ secrets.SSH_HOST }}
+          username: ${{ secrets.SSH_USERNAME }}
+          key: ${{ secrets.SSH_KEY }}
+          port: ${{ secrets.SSH_PORT }}
+          script_stop: true
+          script: ~/tarkov-data-manager/script/deploy -r "main" -d "/home/tdm/tarkov-data-manager"

script/deploy

@@ -6,66 +6,112 @@ set -e
 
 BASE_BRANCH="main"
 
-function usage()
-{
-    echo -e "\t ============================== script/deploy usage =============================="
-    echo -e "\t-h --help               : displays help message"
-    echo -e "\t-f --fork               : the checkout command to use if a fork"
-    echo -e "\t-n --fork-full-name     : the full name of the fork source in 'org/repo' format"
-    echo -e "\t-d --dir                : the directory to enter for the deployment"
-    echo -e "\t-r --ref                : ref to deploy"
+function usage() {
+  echo -e "\t ============================== script/deploy usage =============================="
+  echo -e "\t-h --help               : displays help message"
+  echo -e "\t-f --fork               : the checkout command to use if a fork"
+  echo -e "\t-n --fork-full-name     : the full name of the fork source in 'org/repo' format"
+  echo -e "\t-d --dir                : the directory to enter for the deployment"
+  echo -e "\t-r --ref                : ref to deploy - best practice is to use the full sha"
+  echo -e "\texample: script/deploy --ref sha123deadbeef123 --dir /path/to/repo"
 }
 
-while [ "$1" != "" ]; do
-    PARAM=`echo $1 | awk -F= '{print $1}'`
-    VALUE=`echo $1 | awk -F= '{print $2}'`
-    case $PARAM in
-      -h | --help)
-        usage
-        exit
-        ;;
-      -f | --fork)
-        fork=$VALUE
-        ;;
-      -n | --fork-full-name)
-        fork_full_name=$VALUE
-        ;;
-      -d | --dir)
-        dir=$VALUE
-        ;;
-      -r | --ref)
-        ref=$VALUE
-        ;;
-      *)
-      echo "ERROR: unknown parameter \"$PARAM\""
-      usage
-      exit 1
-      ;;
+function parse_args() {
+  while [[ "$#" -gt 0 ]]; do
+    case $1 in
+      -h|--help) usage; exit 0 ;;
+      -f|--fork) fork="$2"; shift ;;
+      -n|--fork-full-name) fork_full_name="$2"; shift ;;
+      -d|--dir) dir="$2"; shift ;;
+      -r|--ref) ref="$2"; shift ;;
+      *) echo "ERROR: unknown parameter: $1"; usage; exit 1 ;;
     esac
     shift
-done
+  done
+}
 
-# If a deployment dir is specified, enter it
-if [[ -n $dir ]]; then
-  cd ~/$dir
-fi
+function checkout_fork() {
+  echo "[i] fork deployment requested: $fork"
+  git fetch --all
 
-# If a fork deployment is requested use the fork branch
-if [[ -n $fork ]]; then
-  echo "fork deployment requested"
   forkarray=($fork)
-  git checkout -b $fork || git fetch --all && git reset --hard origin/$BASE_BRANCH && git branch -D $fork && git checkout -b $fork
-  git pull "https://github.com/$fork_full_name.git" ${forkarray[1]}
-else
-  echo "branch deployment requested"
+  fork_branch_local_name="${forkarray[0]}"
+  fork_branch_remote_name="${forkarray[1]}"
+
+  # check if the branch already exists
+  if git show-ref --verify --quiet refs/heads/$fork_branch_local_name; then
+    echo "[i] fork branch $fork_branch_local_name already exists - checking it out"
+    git checkout $fork_branch_local_name
+  else
+    echo "[i] creating and checking out new fork branch $fork_branch_local_name"
+    git checkout -b $fork_branch_local_name $BASE_BRANCH
+  fi
+
+  # check if the branch exists in the remote repository
+  if git ls-remote --exit-code --heads "https://github.com/$fork_full_name.git" $fork_branch_remote_name; then
+    # pull the latest changes from the fork repository
+    git pull "https://github.com/$fork_full_name.git" $fork_branch_remote_name
+  else
+    echo "[i] remote fork branch $fork_branch_remote_name does not exist - exiting"
+    exit 1
+  fi
+
+  # checkout the specific SHA for safety
+  if [[ -n $ref ]]; then
+    echo "[i] checking out specific fork SHA: $ref"
+    git checkout $ref
+  else
+    echo "[i] no specific SHA provided - exiting due to safety"
+    exit 1
+  fi
+}
+
+function checkout_ref() {
+  echo "[i] requested deployment to: $ref"
   git fetch --all
-  git reset --hard origin/$ref
-fi
+  git checkout $ref
+
+  # If the ref is exactly equal to the base branch, run a git pull
+  if [[ $ref == $BASE_BRANCH ]]; then
+    echo "[i] pulling $BASE_BRANCH changes since it is the stable branch"
+    git pull origin $BASE_BRANCH
+  fi
+}
 
-echo "[-] Killing old docker processes"
-sudo -E bash -c 'source ~/.profile && docker-compose -f docker-compose.yml -f docker-compose.prod.yml down -v -t 1'
+function main() {
+  parse_args "$@"
 
-echo "[i] Building docker containers"
-sudo -E bash -c 'source ~/.profile && docker-compose -f docker-compose.yml -f docker-compose.prod.yml up --build -d'
+  # If a deployment dir is specified, enter it
+  if [[ -n $dir ]]; then
+    cd $dir || { echo "ERROR: failed to change directory to $dir"; exit 1; }
+  fi
+
+  # debug info for deployments
+  echo "[i] current working directory: $(pwd)"
+  echo "[i] current commit SHA: $(git rev-parse HEAD)"
+
+  # Determine deployment type
+  if [[ -n $fork ]]; then
+    checkout_fork
+  elif [[ -n $ref ]]; then
+    checkout_ref
+  else
+    echo "[i] deployment requested"
+  fi
+
+  echo "[i] checked out commit SHA to deploy: $(git rev-parse HEAD)"
+
+  ############################
+  # DEPLOYMENT LOGIC
+  ############################
+
+  echo "[-] Killing old docker processes"
+  sudo -E bash -c 'source ~/.profile && docker-compose -f docker-compose.yml -f docker-compose.prod.yml down -v -t 1'
+
+  echo "[i] Building docker containers"
+  sudo -E bash -c 'source ~/.profile && docker-compose -f docker-compose.yml -f docker-compose.prod.yml up --build -d'
+
+  echo "[+] Containers are now running!"
+}
 
-echo "[+] Containers are now running!"
+main "$@"