Deploy LEMS #29
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy LEMS | |
| on: | |
| release: | |
| types: [released] | |
| env: | |
| REGISTRY: 'registry.digitalocean.com/first-israel-registry' | |
| IMAGE_TAG: lems-${{ github.ref_name }} | |
| DIGITALOCEAN_KEY: ${{ secrets.DIGITALOCEAN_KEY }} | |
| DIGITALOCEAN_SECRET: ${{ secrets.DIGITALOCEAN_SECRET }} | |
| DIGITALOCEAN_ENDPOINT: ${{ vars.DIGITALOCEAN_ENDPOINT }} | |
| DIGITALOCEAN_SPACE: ${{ vars.DIGITALOCEAN_SPACE }} | |
| JWT_SECRET: ${{ secrets.JWT_SECRET }} | |
| DASHBOARD_JWT_SECRET: ${{ secrets.DASHBOARD_JWT_SECRET }} | |
| MONGODB_URI: ${{ secrets.MONGODB_URI }} | |
| MONGO_CA_CERTIFICATE: ${{ secrets.MONGO_CA_CERTIFICATE }} | |
| LEMS_DOMAIN: ${{ vars.LEMS_DOMAIN }} | |
| SCHEDULER_URL: ${{ vars.SCHEDULER_URL }} | |
| BASE_URL: ${{ vars.BASE_URL }} | |
| NEXT_PUBLIC_BASE_URL: ${{ vars.NEXT_PUBLIC_BASE_URL }} | |
| WS_URL: ${{ vars.WS_URL }} | |
| NEXT_PUBLIC_WS_URL: ${{ vars.NEXT_PUBLIC_WS_URL }} | |
| RECAPTCHA: ${{ vars.RECAPTCHA }} | |
| RECAPTCHA_SECRET_KEY: ${{ secrets.RECAPTCHA_SECRET_KEY }} | |
| RECAPTCHA_SITE_KEY: ${{ secrets.RECAPTCHA_SITE_KEY }} | |
| NEXT_PUBLIC_RECAPTCHA_SITE_KEY: ${{ secrets.RECAPTCHA_SITE_KEY }} | |
| jobs: | |
| build_and_push: | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| - name: Checkout the repo | |
| uses: actions/checkout@v4 | |
| - name: Install Node Modules | |
| run: npm ci | |
| - name: LEMS Build | |
| run: npm run build | |
| - name: Build container image | |
| run: docker compose build | |
| - name: Install doctl | |
| uses: digitalocean/action-doctl@v2 | |
| with: | |
| token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} | |
| - name: Log in to DigitalOcean Container Registry with short-lived credentials | |
| run: doctl registry login --expiry-seconds 600 | |
| - name: Remove all old images | |
| run: | | |
| # Function to clean up old images for a repository | |
| cleanup_repository() { | |
| local repo_name=$1 | |
| echo "Cleaning up repository: $repo_name" | |
| local tags_and_digests=$(doctl registry repository list-tags "$repo_name" --format Tag,ManifestDigest --no-header 2>/dev/null || true) | |
| if [ -n "$tags_and_digests" ]; then | |
| echo "Found tags and digests to delete:" | |
| echo "$tags_and_digests" | while IFS=',' read -r tag digest; do | |
| tag=$(echo "$tag" | xargs) # Trim spaces | |
| digest=$(echo "$digest" | xargs) # Trim spaces | |
| echo "Tag: $tag, Digest: $digest" | |
| if [ -n "$digest" ]; then | |
| doctl registry repository delete-manifest "$repo_name" "$digest" --force | |
| else | |
| echo "Warning: Empty digest for tag $tag in repository $repo_name" >&2 | |
| fi | |
| done | |
| echo "✓ Cleaned up $repo_name" | |
| else | |
| echo "✓ No old images found in $repo_name" | |
| fi | |
| } | |
| # Clean up all repositories | |
| for repo in lems-frontend lems-backend lems-scheduler lems-portal; do | |
| cleanup_repository "$repo" | |
| done | |
| - name: Push image to DigitalOcean Container Registry | |
| run: docker compose push | |
| - name: Run garbage collection | |
| run: doctl registry garbage-collection start --force | |
| deploy: | |
| runs-on: ubuntu-latest | |
| environment: production | |
| needs: build_and_push | |
| steps: | |
| - name: Deploy to Digital Ocean droplet via SSH action | |
| uses: appleboy/ssh-action@v1.0.0 | |
| with: | |
| host: ${{ secrets.HOST }} | |
| username: ${{ secrets.USERNAME }} | |
| key: ${{ secrets.SSHKEY }} | |
| passphrase: ${{ secrets.PASSPHRASE }} | |
| envs: REGISTRY,IMAGE_TAG,DASHBOARD_JWT_SECRET,LEMS_DOMAIN,SCHEDULER_URL,DIGITALOCEAN_KEY,DIGITALOCEAN_SECRET,DIGITALOCEAN_ENDPOINT,DIGITALOCEAN_SPACE,JWT_SECRET,MONGODB_URI,MONGO_CA_CERTIFICATE,BASE_URL,NEXT_PUBLIC_BASE_URL,WS_URL,NEXT_PUBLIC_WS_URL,RECAPTCHA,RECAPTCHA_SECRET_KEY,RECAPTCHA_SITE_KEY,{{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} | |
| script: | | |
| docker login -u ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} -p ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} registry.digitalocean.com | |
| cd lems | |
| docker compose down | |
| docker compose rm | |
| docker rmi $(docker images | grep 'lems-') | |
| git reset --hard origin/main | |
| git pull origin main | |
| docker compose up -d |