pickple/.github/workflows/user-auth-cd.yml at develop · easyxun/pickple · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
name: Deploy User, Auth to AWS ECR

on:
  push:
    branches: [ "main" ]
    paths:
      - 'auth-service/**'
      - 'user-service/**'

jobs:
  build:
    name: Deploy to ECR
    runs-on: ubuntu-latest
    steps:
      - name: Check out main repository
        uses: actions/checkout@v4

      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: 'temurin'

      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.0.0

      - name: Grant execute permission for Gradle Wrapper in root directory
        run: chmod +x ./gradlew

      - name: Grant execute permission for Gradle Wrapper in user directory
        run: chmod +x user-service/gradlew

      - name: Build user-service with Gradle Wrapper
        working-directory: user-service
        run: ./gradlew bootJar

      - name: Grant execute permission for Gradle Wrapper in auth-service directory
        run: chmod +x auth-service/gradlew

      - name: Build auth-server with Gradle Wrapper
        working-directory: auth-service
        run: ./gradlew bootJar

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.AWS_REGION }}

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1

      - name: Download .env file from private repo
        uses: actions/checkout@v4
        with:
          repository: pickple-ecommerce/config-secrets
          token: ${{ secrets.ACCESS_TOKEN }}
          path: temp-config-secrets

      - name: Move .env file to docker folder
        run: |
          cp temp-config-secrets/.env docker/.env

      - name: Build, Tag and Push docker image to AWS ECR
        run: |
          docker compose -f docker/docker-compose.user-auth.yml --env-file docker/.env build
          services=("auth" "user")
          for service in "${services[@]}"; do
            docker tag ${ECR_REGISTRY}/${ECR_NAMESPACE}/$service:latest $ECR_REGISTRY/${ECR_NAMESPACE}/$service:$IMAGE_TAG
            docker push $ECR_REGISTRY/${ECR_NAMESPACE}/$service:$IMAGE_TAG
            echo "$service image is built and pushed to AWS ECR"
          done
        env:
          ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }}
          ECR_NAMESPACE: ${{ secrets.ECR_NAMESPACE }}
          IMAGE_TAG: "latest"
  deploy:
    name: Deploy
    needs: build
    runs-on: ubuntu-latest

    steps:
      - name: Check out main repository
        uses: actions/checkout@v4

      - name: Download .env file from private repo
        uses: actions/checkout@v4
        with:
          repository: pickple-ecommerce/config-secrets
          token: ${{ secrets.ACCESS_TOKEN }}
          path: temp-config-secrets

      - name: Move .env file to docker folder
        run: |
          cp temp-config-secrets/.env docker/.env

      - name: Copy Docker compose file to EC2
        uses: appleboy/scp-action@v0.1.7
        with:
          host: ${{ secrets.AWS_USER_AUTH_HOST }}
          username: ec2-user
          key: ${{ secrets.EC2_KEY }}
          source: "./docker/docker-compose.user-auth.yml"
          target: "/home/ec2-user"

      - name: Copy .env file to EC2
        uses: appleboy/scp-action@v0.1.7
        with:
          host: ${{ secrets.AWS_USER_AUTH_HOST }}
          username: ec2-user
          key: ${{ secrets.EC2_KEY }}
          source: "./docker/.env"
          target: "/home/ec2-user"

      - name: Deploy to EC2
        uses: appleboy/ssh-action@v1.0.3
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_REGION: ${{ secrets.AWS_REGION }}
          ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }}
        with:
          host: ${{ secrets.AWS_USER_AUTH_HOST }}
          username: ec2-user
          key: ${{ secrets.EC2_KEY }}
          port: 22
          envs: AWS_ACCESS_KEY_ID, AWS_SECRET_ACCESS_KEY, AWS_REGION, ECR_REGISTRY, ECR_NAMESPACE
          script: |
            aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | docker login --username AWS --password-stdin ${{ secrets.ECR_REGISTRY }}
            docker compose -f ./docker/docker-compose.user-auth.yml down
            docker compose -f ./docker/docker-compose.user-auth.yml pull
            docker compose -f ./docker/docker-compose.user-auth.yml up -d