superhero-api/.github/workflows/ssh_deploy.yaml at develop · superhero-com/superhero-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
# This workflow is only for inclusion in other workflows.
name: Deploy via ssh
on:
  workflow_call:
    inputs:
      VERSION:
        description: "Version to deploy (dockerhub tag)"
        required: false
        default: "latest"
        type: string
      CONTAINER_NAME:
        description: "Container name"
        default: "superhero-api"
        required: false
        type: string
    secrets:
      DEPLOY_HOST:
        description: "Host to deploy to"
        required: true
      DEPLOY_USERNAME:
        description: "Username to use for ssh"
        required: true
      DEPLOY_KEY:
        description: "SSH key to use for ssh"
        required: true
      AE_NETWORK_ID:
        description: "Aeternity network id (ae_uat, ae_mainnet)"
        required: false
      API_HOST_PORT:
        description: "Host port to expose the API on (3000)"
        required: true
      DB_USER:
        description: "Database user"
        required: true
      DB_PASSWORD:
        description: "Database password"
        required: true
      DB_DATABASE:
        description: "Database name"
        required: true
      DOCKERHUB_USERNAME:
        description: "Dockerhub username"
        required: true
      DOCKERHUB_TOKEN:
        description: "Dockerhub password"
        required: true
      DOCKERHUB_REPO:
        description: "Dockerhub repository"
        required: true
      TRENDING_TAGS_API_KEY:
        description: "Trending tags API key"
        required: true
      GIPHY_API_KEY:
        description: "Giphy API key"
        required: true
      X_CLIENT_ID:
        description: "X-Client-Id for API requests"
        required: false
      X_CLIENT_SECRET:
        description: "X-Client-Secret for API requests"
        required: false
      PROFILE_REGISTRY_CONTRACT_ADDRESS:
        description: "Profile registry contract address"
        required: false
      PROFILE_ATTESTATION_SIGNER_ADDRESS:
        description: "Profile attestation signer address"
        required: false
      PROFILE_ATTESTATION_PRIVATE_KEY:
        description: "Profile attestation signer private key"
        required: false
      PROFILE_CHAIN_NAME_PRIVATE_KEY:
        description: "Private key used to sponsor chain name claims"
        required: false
      PROFILE_X_VERIFICATION_REWARD_PRIVATE_KEY:
        description: "Private key used for verification rewards"
        required: false
      PROFILE_X_INVITE_MILESTONE_REWARD_PRIVATE_KEY:
        description: "Private key used for invite milestone rewards"
        required: false
      PROFILE_X_INVITE_LINK_BASE_URL:
        description: "Base URL for invite links (e.g. https://superhero.com/invite)"
        required: false
      ADDRESS_LINK_SECRET_KEY:
        description: "Secret key for address link"
        required: false
      ADDRESS_LINK_CONTRACT_ADDRESS:
        description: "Contract address for address link"
        required: false
jobs:
  deploy:
    name: Deploy via ssh
    runs-on: ubuntu-latest
    steps:
      - name: Run deploy script
        uses: appleboy/ssh-action@v1.0.0
        env:
          VERSION: "${{ inputs.VERSION }}"
          SHA: "${{ github.sha }}"
          AE_NETWORK_ID: "${{ secrets.AE_NETWORK_ID }}"
          HOST_DATA_DIR: "./${{ inputs.CONTAINER_NAME }}"
          API_HOST_PORT: "${{ secrets.API_HOST_PORT }}"
          DB_USER: "${{ secrets.DB_USER }}"
          DB_PASSWORD: "${{ secrets.DB_PASSWORD }}"
          DB_DATABASE: "${{ secrets.DB_DATABASE }}"
          TRENDING_TAGS_API_KEY: "${{ secrets.TRENDING_TAGS_API_KEY }}"
          X_CLIENT_ID: "${{ secrets.X_CLIENT_ID }}"
          X_CLIENT_SECRET: "${{ secrets.X_CLIENT_SECRET }}"
          PROFILE_REGISTRY_CONTRACT_ADDRESS: "${{ secrets.PROFILE_REGISTRY_CONTRACT_ADDRESS }}"
          PROFILE_ATTESTATION_SIGNER_ADDRESS: "${{ secrets.PROFILE_ATTESTATION_SIGNER_ADDRESS }}"
          PROFILE_ATTESTATION_PRIVATE_KEY: "${{ secrets.PROFILE_ATTESTATION_PRIVATE_KEY }}"
          PROFILE_CHAIN_NAME_PRIVATE_KEY: "${{ secrets.PROFILE_CHAIN_NAME_PRIVATE_KEY }}"
          PROFILE_X_VERIFICATION_REWARD_PRIVATE_KEY: "${{ secrets.PROFILE_X_VERIFICATION_REWARD_PRIVATE_KEY }}"
          PROFILE_X_INVITE_MILESTONE_REWARD_PRIVATE_KEY: "${{ secrets.PROFILE_X_INVITE_MILESTONE_REWARD_PRIVATE_KEY }}"
          PROFILE_X_INVITE_LINK_BASE_URL: "${{ secrets.PROFILE_X_INVITE_LINK_BASE_URL }}"
          ADDRESS_LINK_SECRET_KEY: "${{ secrets.ADDRESS_LINK_SECRET_KEY }}"
          ADDRESS_LINK_CONTRACT_ADDRESS: "${{ secrets.ADDRESS_LINK_CONTRACT_ADDRESS }}"
          GIPHY_API_KEY: "${{ secrets.GIPHY_API_KEY }}"
        with:
          host: "${{ secrets.DEPLOY_HOST }}"
          username: "${{ secrets.DEPLOY_USERNAME }}"
          key: "${{ secrets.DEPLOY_KEY }}"
          envs: >
            AE_NETWORK_ID,
            DB_USER,
            DB_PASSWORD,
            DB_DATABASE,
            API_HOST_PORT,
            HOST_DATA_DIR,
            TRENDING_TAGS_API_KEY,
            X_CLIENT_ID,
            X_CLIENT_SECRET,
            PROFILE_REGISTRY_CONTRACT_ADDRESS,
            PROFILE_ATTESTATION_SIGNER_ADDRESS,
            PROFILE_ATTESTATION_PRIVATE_KEY,
            PROFILE_CHAIN_NAME_PRIVATE_KEY,
            PROFILE_X_VERIFICATION_REWARD_PRIVATE_KEY,
            PROFILE_X_INVITE_MILESTONE_REWARD_PRIVATE_KEY,
            PROFILE_X_INVITE_LINK_BASE_URL,
            ADDRESS_LINK_SECRET_KEY,
            ADDRESS_LINK_CONTRACT_ADDRESS,
            GIPHY_API_KEY,
            SHA
          script: |
            echo $SHA > $HOST_DATA_DIR/REVISION || true
            echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin
            docker pull "${{ secrets.DOCKERHUB_REPO }}:${{ inputs.VERSION }}" || true
            docker stop ${{ inputs.CONTAINER_NAME }} || true
            docker rm ${{ inputs.CONTAINER_NAME }} || true
            docker run -d --name ${{ inputs.CONTAINER_NAME }} \
              --restart=always \
              --log-driver json-file \
              --log-opt max-size=100m \
              --log-opt max-file=30 \
              -p ${{ secrets.API_HOST_PORT }}:3000 \
              -e APP_PORT="3000" \
              -e DB_USER \
              -e DB_PASSWORD \
              -e AE_NETWORK_ID \
              -e DB_DATABASE \
              -e TRENDING_TAGS_API_KEY \
              -e X_CLIENT_ID \
              -e X_CLIENT_SECRET \
              -e PROFILE_REGISTRY_CONTRACT_ADDRESS \
              -e PROFILE_ATTESTATION_SIGNER_ADDRESS \
              -e PROFILE_ATTESTATION_PRIVATE_KEY \
              -e PROFILE_CHAIN_NAME_PRIVATE_KEY \
              -e PROFILE_X_VERIFICATION_REWARD_PRIVATE_KEY \
              -e PROFILE_X_INVITE_MILESTONE_REWARD_PRIVATE_KEY \
              -e PROFILE_X_INVITE_LINK_BASE_URL \
              -e ADDRESS_LINK_SECRET_KEY \
              -e ADDRESS_LINK_CONTRACT_ADDRESS \
              -e GIPHY_API_KEY \
              -e NODE_ENV=production \
              -e REDIS_HOST=${{ inputs.CONTAINER_NAME }}-redis \
              -e REDIS_PORT=6379 \
              -e DB_TYPE=postgres \
              -e DB_HOST=${{ inputs.CONTAINER_NAME }}-db \
              -e DB_PORT=5432 \
              -e DB_SYNC=true \
              --network ${{ inputs.CONTAINER_NAME }}-db \
              ${{ secrets.DOCKERHUB_REPO }}:${{ inputs.VERSION }}