Build and Deploy #134
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Deploy | |
| on: | |
| # Push includes PR merge | |
| push: | |
| branches: | |
| - main | |
| - staging | |
| - develop | |
| paths: | |
| # Workflow is triggered only if src changes | |
| - src/** | |
| # Allow manual trigger | |
| workflow_dispatch: | |
| jobs: | |
| backend-build: | |
| uses: hotosm/gh-workflows/.github/workflows/[email protected] | |
| with: | |
| context: ./src/backend | |
| build_target: service | |
| image_name: ghcr.io/${{ github.repository }}/backend | |
| dockerfile: Dockerfile | |
| secrets: inherit | |
| encode-envs: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| BASE64_ENCODED_ENV: ${{ steps.vars_and_secrets_to_b64.outputs.BASE64_ENCODED_ENV }} | |
| environment: ${{ github.ref_name }} | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Create .env file | |
| run: | | |
| EXAMPLE_DOTENV='.env.example' | |
| echo "Checking if ${EXAMPLE_DOTENV} exists" | |
| if [ -f ${EXAMPLE_DOTENV} ]; then | |
| # Get a8m/envsubst (required for default vals syntax ${VAR:-default}) | |
| echo "Downloading envsubst" | |
| curl -L https://github.com/a8m/envsubst/releases/download/v1.2.0/envsubst-`uname -s`-`uname -m` -o envsubst | |
| if [ $? -ne 0 ]; then | |
| echo "Failed to download envsubst" | |
| exit 1 | |
| fi | |
| chmod +x envsubst | |
| echo "Substituting variables from ${EXAMPLE_DOTENV} --> .env" | |
| ./envsubst < "${EXAMPLE_DOTENV}" > .env | |
| else | |
| echo "${EXAMPLE_DOTENV} not found, creating empty .env" | |
| touch .env | |
| fi | |
| echo "GIT_BRANCH=${GIT_BRANCH}" >> .env | |
| echo "TAG_OVERRIDE=${TAG_OVERRIDE}" >> .env | |
| - id: vars_and_secrets_to_b64 | |
| name: Vars and Secrets to base64 encoded | |
| env: | |
| VARS_CONTEXT: ${{ toJson(vars) }} | |
| SECRETS_CONTEXT: ${{ toJson(secrets) }} | |
| shell: bash | |
| run: | | |
| set -e | |
| ENCODED_ENV=$(cat .env | base64 | tr -d '[:space:]') | |
| echo $ENCODED_ENV | |
| echo "BASE64_ENCODED_ENV=${ENCODED_ENV}" >> $GITHUB_OUTPUT | |
| frontend-build: | |
| uses: hotosm/gh-workflows/.github/workflows/[email protected] | |
| needs: | |
| - encode-envs | |
| with: | |
| context: ./src/frontend | |
| build_target: live | |
| image_name: ghcr.io/${{ github.repository }}/frontend | |
| dockerfile: Dockerfile | |
| extra_build_args: B64_ARGS_TO_ENV=${{ needs.encode-envs.outputs.BASE64_ENCODED_ENV }} | |
| secrets: inherit | |
| postgres-vol-creation: | |
| runs-on: ubuntu-latest | |
| name: Create database volume | |
| needs: | |
| - backend-build | |
| environment: ${{ github.ref_name }} | |
| steps: | |
| - name: Setup SSH Key | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: "${{ secrets.SSH_PRIVATE_KEY }}" | |
| - name: Add host keys to known_hosts | |
| run: | | |
| ssh-keyscan "${{ vars.SSH_HOST }}" >> ~/.ssh/known_hosts | |
| - name: Deploy to VM | |
| run: | | |
| # Create db data volume if not exists | |
| docker volume create drone-tm-db-data-${{ github.ref_name }} || true | |
| env: | |
| DOCKER_HOST: "ssh://${{ vars.SSH_USER }}@${{ vars.SSH_HOST }}" | |
| deploy_to_vm: | |
| name: Deploy to VM | |
| needs: | |
| - postgres-vol-creation | |
| - frontend-build | |
| uses: hotosm/gh-workflows/.github/workflows/[email protected] | |
| with: | |
| docker_compose_file: docker-compose.vm.yml | |
| environment: ${{ github.ref_name }} | |
| secrets: inherit |