some working tests but 1 is still broken (#124) #127
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI-CD | |
| on: | |
| push: | |
| branches: [ main ] | |
| workflow_dispatch: | |
| concurrency: | |
| group: deploy-to-droplet | |
| cancel-in-progress: true | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| env: | |
| # local paths | |
| BACKEND_DIR: backend | |
| FRONTEND_DIR: frontend | |
| # remote paths | |
| REMOTE_APP_DIR: /var/www/tenantfirstaid | |
| SERVICE_NAME: tenantfirstaid-backend | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Node | |
| uses: actions/setup-node@v4 | |
| with: | |
| node-version: 20 | |
| cache: npm | |
| cache-dependency-path: ${{ env.FRONTEND_DIR }}/package-lock.json | |
| - name: Build UI | |
| working-directory: ${{ env.FRONTEND_DIR }} | |
| run: | | |
| npm ci | |
| npm run build | |
| - name: Upload backend code via SCP | |
| uses: appleboy/scp-action@v0.1.7 | |
| with: | |
| host: ${{ secrets.DO_HOST }} | |
| username: ${{ secrets.DO_USER }} | |
| key: ${{ secrets.SSH_KEY }} | |
| source: ${{ env.BACKEND_DIR }}/ | |
| target: ${{ env.REMOTE_APP_DIR }} | |
| rm: true | |
| - name: Upload frontend code via SCP | |
| uses: appleboy/scp-action@v0.1.7 | |
| with: | |
| host: ${{ secrets.DO_HOST }} | |
| username: ${{ secrets.DO_USER }} | |
| key: ${{ secrets.SSH_KEY }} | |
| source: ${{ env.FRONTEND_DIR }}/dist | |
| target: ${{ env.REMOTE_APP_DIR }} | |
| rm: false # Otherwise we wipe out the backend code | |
| - name: Bootstrap on droplet | |
| uses: appleboy/ssh-action@v0.1.7 | |
| with: | |
| host: ${{ secrets.DO_HOST }} | |
| username: ${{ secrets.DO_USER }} | |
| key: ${{ secrets.SSH_KEY }} | |
| script: | | |
| set -e | |
| cd ${{ env.REMOTE_APP_DIR }}/backend/ | |
| # Install uv (fast installer from Astral) if it isn't there | |
| if ! command -v uv >/dev/null 2>&1; then | |
| curl -LsSf https://astral.sh/uv/install.sh | sh | |
| export PATH="$HOME/.local/bin:$PATH" | |
| fi | |
| # Sync dependencies directly from pyproject.toml | |
| uv sync | |
| # Inject environment secrets | |
| sudo mkdir -p /etc/tenantfirstaid | |
| sudo chmod 750 /etc/tenantfirstaid | |
| sudo chown root:root /etc/tenantfirstaid | |
| cat > /etc/tenantfirstaid/env <<EOF | |
| ENV=prod | |
| OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }} | |
| FEEDBACK_PASSWORD=${{ secrets.FEEDBACK_PASSWORD }} | |
| FLASK_SECRET_KEY=${{ secrets.FLASK_SECRET_KEY }} | |
| DB_HOST=${{secrets.DB_HOST}} | |
| DB_PASSWORD=${{secrets.DB_PASSWORD}} | |
| DB_PORT=${{secrets.DB_PORT}} | |
| DB_USER=default | |
| MODEL_REASONING_EFFORT=high | |
| VECTOR_STORE_ID=${{secrets.VECTOR_STORE_ID}} | |
| EOF | |
| chmod 640 /etc/tenantfirstaid/env | |
| # Ownership, restart, reload | |
| sudo chown -R $USER:www-data ${{ env.REMOTE_APP_DIR }} | |
| sudo systemctl restart ${{ env.SERVICE_NAME }} | |
| sudo systemctl reload nginx |