deploy.yml updated to add ec2 in known host list #3
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to EC2 | |
| on: | |
| pull_request: | |
| types: [closed] | |
| branches: [ main ] | |
| workflow_dispatch: | |
| env: | |
| AWS_REGION: ${{ secrets.AWS_REGION }} | |
| EC2_HOST: ${{ secrets.EC2_HOST }} | |
| DOCKER_IMAGE_TAG: ${{ github.sha }} | |
| S3_CONFIG_BUCKET: ${{ secrets.S3_CONFIG_BUCKET }} | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| if: github.event.pull_request.merged == true | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Download Vault Files from S3 | |
| run: | | |
| mkdir -p db_handler/vault | |
| aws s3 sync s3://${{ env.S3_CONFIG_BUCKET }}/vault/ db_handler/vault/ | |
| - name: Setup SSH | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "${{ secrets.EC2_SSH_KEY }}" > ~/.ssh/id_rsa | |
| chmod 600 ~/.ssh/id_rsa | |
| cat >>~/.ssh/config <<END | |
| Host * | |
| StrictHostKeyChecking no | |
| END | |
| - name: Add EC2 to Known Hosts | |
| run: | | |
| ssh-keyscan -H ${{ secrets.EC2_HOST }} >> ~/.ssh/known_hosts | |
| chmod 644 ~/.ssh/known_hosts | |
| - name: Copy Application Code to EC2 | |
| run: | | |
| # Create a deployment package | |
| tar -czf deploy.tar.gz . | |
| # Copy files to EC2 | |
| scp -i ~/.ssh/ec2_key.pem deploy.tar.gz ec2-user@${{ env.EC2_HOST }}:~/ | |
| # Create deploy script | |
| echo '#!/bin/bash | |
| cd ~ | |
| tar -xzf deploy.tar.gz | |
| # Create vault directory if it doesn't exist | |
| mkdir -p /data/newsletter/vault | |
| # Sync latest vault files from S3 | |
| aws s3 sync s3://${{ env.S3_CONFIG_BUCKET }}/vault/ /data/newsletter/vault/ | |
| # Build and run Docker container | |
| docker build -t ailert-newsletter:${{ env.DOCKER_IMAGE_TAG }} . | |
| docker stop ailert-newsletter || true | |
| docker rm ailert-newsletter || true | |
| docker run -d \ | |
| --name ailert-newsletter \ | |
| -p 5000:5000 \ | |
| -v /data/newsletter/vault:/app/db_handler/vault \ | |
| --restart unless-stopped \ | |
| -e AWS_ACCESS_KEY_ID="${{ secrets.AWS_ACCESS_KEY_ID }}" \ | |
| -e AWS_SECRET_ACCESS_KEY="${{ secrets.AWS_SECRET_ACCESS_KEY }}" \ | |
| -e AWS_REGION="${{ env.AWS_REGION }}" \ | |
| -e SMTP_USERNAME="${{ secrets.SMTP_USERNAME }}" \ | |
| -e SMTP_PASSWORD="${{ secrets.SMTP_PASSWORD }}" \ | |
| -e JWT_SECRET="${{ secrets.JWT_SECRET }}" \ | |
| ailert-newsletter:${{ env.DOCKER_IMAGE_TAG }} | |
| # Cleanup | |
| rm -rf deploy.tar.gz | |
| docker system prune -f' > deploy.sh | |
| chmod +x deploy.sh | |
| - name: Deploy to EC2 | |
| run: | | |
| scp -i ~/.ssh/id_rsa deploy.sh ec2-user@${{ secrets.EC2_HOST }}:~/deploy.sh | |
| ssh -i ~/.ssh/id_rsa ec2-user@${{ secrets.EC2_HOST }} "./deploy.sh" | |
| - name: Cleanup | |
| if: always() | |
| run: | | |
| rm -f ~/.ssh/id_rsa | |
| rm -f deploy.sh |