Merge pull request #83 from dump-hr/privacy-policy #45
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy | |
on: | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
jobs: | |
docker_image_build: | |
name: Build Docker image | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Setup Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v2 | |
with: | |
registry: ghcr.io | |
username: ${{ github.actor }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push | |
uses: docker/build-push-action@v4 | |
with: | |
context: ./backend | |
push: true | |
tags: ghcr.io/${{ github.repository }}-api:latest, | |
ghcr.io/${{ github.repository }}-api:${{ github.sha }} | |
cache-from: type=gha | |
cache-to: type=gha,mode=max | |
ansible_playbook: | |
name: Run Ansible playbook | |
runs-on: ubuntu-latest | |
needs: | |
- docker_image_build | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Setup Python | |
uses: actions/setup-python@v4 | |
with: | |
python-version: "3.10" | |
cache: "pip" | |
cache-dependency-path: "./infrastructure/ansible/requirements.txt" | |
- name: Install Ansible | |
run: | | |
pip install -r ./infrastructure/ansible/requirements.txt | |
- name: Install Ansible dependencies | |
run: | | |
ansible-galaxy install -r ./infrastructure/ansible/requirements.yml | |
- name: Setup sops | |
uses: mdgreenwald/[email protected] | |
- name: Login to AWS | |
run: | | |
aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} --profile safetynet | |
aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} --profile safetynet | |
- name: Run Ansible playbook | |
run: | | |
eval $(ssh-agent) | |
./infrastructure/scripts/ansible-playbook.sh production api | |
vite_static_build: | |
name: Vite static build and deploy | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Setup Node | |
uses: actions/setup-node@v3 | |
with: | |
node-version: 18.x | |
cache: "yarn" | |
cache-dependency-path: ./frontend/yarn.lock | |
- name: Login to AWS | |
run: | | |
aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} --profile safetynet | |
aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} --profile safetynet | |
- name: Set API endpoint in .env file | |
run: | | |
echo "VITE_APP_API_ENDPOINT=https://safetynet-api-production.dump.hr" >> frontend/.env | |
- name: Run build and deploy script | |
run: | | |
./infrastructure/scripts/static-build-deploy.sh ./frontend safetynet-web-production | |
env: | |
AWS_PROFILE: safetynet | |
AWS_REGION: us-east-1 |