-
Notifications
You must be signed in to change notification settings - Fork 0
133 lines (114 loc) · 4.04 KB
/
deploy.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
name: Deployment
on:
push:
tags:
- v*
jobs:
deploy:
name: Deployment
runs-on: ubuntu-latest
environment:
name: Production
url: https://urnik.gimvic.org/
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Enable Corepack
run: corepack enable
- name: Configure Poetry cache
uses: actions/cache@v4
with:
path: |
~/.cache/pip
~/.cache/pypoetry
~/.local/share/pypoetry
~/.local/bin/poetry
key: ${{ runner.os }}-poetry-deploy-${{ hashFiles('**/poetry.lock') }}
restore-keys: ${{ runner.os }}-poetry-
- name: Configure Yarn cache
uses: actions/cache@v4
with:
path: |
~/.cache/yarn
~/.yarn/berry/cache
./website/node_modules/.cache
./website/node_modules/.vite
key: ${{ runner.os }}-yarn-deploy-${{ hashFiles('**/yarn.lock') }}
restore-keys: ${{ runner.os }}-yarn-
- name: Install Python
uses: actions/setup-python@v5
with:
python-version: "3.12"
- name: Install Poetry
run: |
curl -sSL https://install.python-poetry.org | python -
~/.local/bin/poetry config virtualenvs.create false
echo "~/.local/bin" >> $GITHUB_PATH
- name: Install Node.js
uses: actions/setup-node@v4
with:
node-version: "20"
- name: Prepare the SSH configuration
run: |
mkdir ~/.ssh
echo "${{ secrets.SERVER_SSH_CONFIG }}" > ~/.ssh/config
echo "${{ secrets.SERVER_SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts
echo "${{ secrets.SERVER_SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
sudo chmod 600 ~/.ssh/id_rsa
ssh urnik "whoami"
- name: Download the project configuration
uses: actions/checkout@v4
with:
repository: ${{ secrets.CONFIG_REPOSITORY_NAME }}
ssh-key: ${{ secrets.CONFIG_REPOSITORY_PRIVATE_KEY }}
path: configuration
- name: Determine the project version
run: |
VERSION=${GITHUB_REF/refs\/tags\/v}
echo "VERSION=$VERSION" >> $GITHUB_ENV
- name: Build the backend
run: |
cd API
cp -r ../configuration/backend/. .
poetry version "$VERSION"
mkdir dist
cp pyproject.toml poetry.lock README.md dist/
cp -r gimvicurnik/ dist/
- name: Build the frontend
run: |
cd website
cp -r ../configuration/frontend/. .
yarn version "$VERSION"
yarn build
env:
SENTRY_UPLOAD_SOURCEMAPS: true
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
SENTRY_PROJECT: ${{ secrets.SENTRY_FRONTEND_PROJECT }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
- name: Deploy the backend
run: |
cd API
export GIMVICURNIK_ROOT=/var/www/urnik.gimvic.org
ssh urnik "rm -rf $GIMVICURNIK_ROOT/app/*"
scp -r dist/* urnik:$GIMVICURNIK_ROOT/app/
export PREFIX="export VIRTUAL_ENV=$GIMVICURNIK_ROOT/venv PATH=$GIMVICURNIK_ROOT/venv/bin:\$PATH"
export SUFFIX="-C $GIMVICURNIK_ROOT/app --only main -E sentry -E mysql-c --sync"
ssh urnik "$PREFIX; sh -c '/opt/poetry/bin/poetry install $SUFFIX'"
- name: Deploy the frontend
run: |
cd website
cp -r ../configuration/public/. dist/
scp -r dist/* urnik:/var/www/urnik.gimvic.org/html/
- name: Reload the server
run: ssh urnik "sudo systemctl reload apache2.service"
- name: Create a Sentry release
uses: getsentry/action-release@v1
env:
SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
with:
projects: ${{ secrets.SENTRY_BACKEND_PROJECT }} ${{ secrets.SENTRY_FRONTEND_PROJECT }}
version: ${{ env.VERSION }}
environment: production