Deploy LEMS Staging #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy LEMS Staging | |
| on: workflow_dispatch | |
| env: | |
| REGISTRY: 'registry.digitalocean.com/first-israel-registry' | |
| IMAGE_TAG: staging-${{ github.sha }} | |
| DIGITALOCEAN_KEY: ${{ secrets.DIGITALOCEAN_KEY }} | |
| DIGITALOCEAN_SECRET: ${{ secrets.DIGITALOCEAN_SECRET }} | |
| DIGITALOCEAN_ENDPOINT: ${{ vars.DIGITALOCEAN_ENDPOINT }} | |
| DIGITALOCEAN_SPACE: ${{ vars.DIGITALOCEAN_SPACE }} | |
| JWT_SECRET: ${{ secrets.JWT_SECRET }} | |
| DASHBOARD_JWT_SECRET: ${{ secrets.DASHBOARD_JWT_SECRET }} | |
| MONGODB_URI: ${{ secrets.MONGODB_URI }} | |
| MONGO_CA_CERTIFICATE: ${{ secrets.MONGO_CA_CERTIFICATE }} | |
| LEMS_DOMAIN: ${{ vars.LEMS_DOMAIN }} | |
| SCHEDULER_URL: ${{ vars.SCHEDULER_URL }} | |
| BASE_URL: ${{ vars.BASE_URL }} | |
| NEXT_PUBLIC_BASE_URL: ${{ vars.NEXT_PUBLIC_BASE_URL }} | |
| WS_URL: ${{ vars.WS_URL }} | |
| NEXT_PUBLIC_WS_URL: ${{ vars.NEXT_PUBLIC_WS_URL }} | |
| RECAPTCHA: ${{ vars.RECAPTCHA }} | |
| NEXT_PUBLIC_RECAPTCHA_SITE_KEY: ${{ secrets.RECAPTCHA_SITE_KEY }} | |
| jobs: | |
| build_and_push: | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| steps: | |
| - name: Checkout the repo | |
| uses: actions/checkout@v4 | |
| - name: Install Node Modules | |
| run: npm ci | |
| - name: LEMS Build | |
| run: npm run build | |
| - name: Build container image | |
| run: docker compose build | |
| - name: Install doctl | |
| uses: digitalocean/action-doctl@v2 | |
| with: | |
| token: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} | |
| - name: Log in to DigitalOcean Container Registry with short-lived credentials | |
| run: doctl registry login --expiry-seconds 600 | |
| - name: Remove all old staging images | |
| run: | | |
| # Function to clean up old images for a repository | |
| cleanup_repository() { | |
| local repo_name=$1 | |
| echo "Cleaning up repository: $repo_name" | |
| local tags_and_digests=$(doctl registry repository list-tags "$repo_name" --format Tag,ManifestDigest --no-header 2>/dev/null || true) | |
| echo "Debug: Raw output of list-tags command for $repo_name:" | |
| echo "$tags_and_digests" | |
| if [ -n "$tags_and_digests" ]; then | |
| echo "Found tags and digests to delete:" | |
| echo "$tags_and_digests" | while read -r line; do | |
| tag=$(echo "$line" | awk '{print $1}') # Extract tag from the first column | |
| digest=$(echo "$line" | awk '{print $2}') # Extract digest from the second column | |
| if [[ "$tag" == staging-* ]]; then # Only process tags starting with 'staging-' | |
| echo "Tag: $tag, Digest: $digest" | |
| if [ -n "$digest" ]; then | |
| doctl registry repository delete-manifest "$repo_name" "$digest" --force | |
| else | |
| echo "Warning: Empty digest for tag $tag in repository $repo_name" >&2 | |
| fi | |
| else | |
| echo "Skipping tag $tag as it does not start with 'staging-'" | |
| fi | |
| done | |
| echo "✓ Cleaned up $repo_name" | |
| else | |
| echo "✓ No old images found in $repo_name" | |
| fi | |
| } | |
| # Clean up all repositories | |
| for repo in lems-frontend lems-backend lems-scheduler lems-portal; do | |
| cleanup_repository "$repo" | |
| done | |
| - name: Push image to DigitalOcean Container Registry | |
| run: docker compose push | |
| - name: Run garbage collection | |
| run: doctl registry garbage-collection start --force | |
| deploy: | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| needs: build_and_push | |
| steps: | |
| - name: Deploy to Digital Ocean droplet via SSH action | |
| uses: appleboy/ssh-action@v1.0.0 | |
| with: | |
| host: ${{ secrets.HOST }} | |
| username: ${{ secrets.USERNAME }} | |
| key: ${{ secrets.SSHKEY }} | |
| passphrase: ${{ secrets.PASSPHRASE }} | |
| envs: REGISTRY,IMAGE_TAG,DASHBOARD_JWT_SECRET,LEMS_DOMAIN,SCHEDULER_URL,DIGITALOCEAN_KEY,DIGITALOCEAN_SECRET,DIGITALOCEAN_ENDPOINT,DIGITALOCEAN_SPACE,JWT_SECRET,MONGODB_URI,MONGO_CA_CERTIFICATE,BASE_URL,NEXT_PUBLIC_BASE_URL,WS_URL,NEXT_PUBLIC_WS_URL,RECAPTCHA,{{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} | |
| script: | | |
| docker login -u ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} -p ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} registry.digitalocean.com | |
| cd lems | |
| docker compose down | |
| docker compose rm | |
| docker rmi $(docker images | grep 'lems-') | |
| git fetch origin | |
| git reset --hard origin/${{ github.sha }} | |
| docker compose up -d |