frontend/.github/workflows/deploy.yml at dev · Camus-chat/frontend · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
name: CI/CD Pipeline

on:
  push:
    branches:
      - main

jobs:
  build:
    runs-on: ubuntu-latest

    permissions:
      contents: read

    steps:
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Checkout config repository
        uses: actions/checkout@v4
        with:
          repository: Camus-chat/config
          path: config
          token: ${{ secrets.GH_PAT }}

      - name: Copy .env file
        run: cp config/frontend/.env .env

      - name: Build Docker image
        run: |
          docker build -t camus-frontend:latest .

      - name: Log in to Amazon ECR
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_ECR_URL: ${{ secrets.AWS_ECR_URL }}
          AWS_REGION: ${{ secrets.AWS_REGION }}
        run: |
          aws ecr get-login-password --region $AWS_REGION | docker login --username AWS --password-stdin $AWS_ECR_URL

      - name: Tag & Push Docker image to ECR
        env:
          ECR_REPO_URI: ${{ secrets.AWS_ECR_URL }}/camus-fe
        run: |
          docker tag camus-frontend:latest $ECR_REPO_URI:latest
          docker push $ECR_REPO_URI:latest

  deploy:
    runs-on: ubuntu-latest
    needs: build

    steps:
      - name: Get Public IP
        id: ip
        uses: haythem/public-ip@v1.3

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ secrets.AWS_REGION }}

      - name: Add GitHub Actions IP
        run: |
          aws ec2 authorize-security-group-ingress \
          --group-id ${{ secrets.SECURITY_GROUP_ID }} \
          --protocol tcp \
          --port 22 \
          --cidr ${{ steps.ip.outputs.ipv4 }}/32

      - name: Deploy Docker container to EC2
        uses: appleboy/ssh-action@v1.2.0
        with:
          host: ${{ secrets.EC2_HOST }}
          username: ${{ secrets.EC2_USER }}
          key: ${{ secrets.EC2_KEY }}
          script: |
            aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | docker login --username AWS --password-stdin ${{ secrets.AWS_ECR_URL }}
            docker pull ${{ secrets.AWS_ECR_URL }}/camus-fe:latest
            docker stop frontend || true
            docker rm frontend || true
            docker run -d \
              -p 3000:3000 \
              --name frontend \
              --network ${{ secrets.DOCKER_NETWORK }} \
              ${{ secrets.AWS_ECR_URL }}/camus-fe:latest

      - name: Remove GitHub Actions IP
        if: always()
        run: |
          aws ec2 revoke-security-group-ingress \
              --group-id ${{ secrets.SECURITY_GROUP_ID }} \
              --protocol tcp \
              --port 22 \
              --cidr ${{ steps.ip.outputs.ipv4 }}/32