using deploy.yml instead of deploy.sh

Author: git-user-9

.github/workflows/deploy.yml

@@ -5,7 +5,7 @@ on:
     branches:
       - devops/a3
     tags:
-      - 'deploy-*' # deploy-dev, deploy-qa, deploy-prod
+      - 'deploy-*'    # deploy-dev, deploy-qa, deploy-prod
   workflow_dispatch:
     inputs:
       stage:
@@ -26,68 +26,90 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    # ✅ Set Stage
-    - name: Set Stage
-      id: set_stage
-      run: |
-        if [[ "${GITHUB_REF}" == refs/tags/deploy-* ]]; then
-          STAGE="${GITHUB_REF#refs/tags/deploy-}"
-          echo "📦 Tag trigger detected. Stage: $STAGE"
-        elif [[ -n "${{ github.event.inputs.stage }}" ]]; then
-          STAGE="${{ github.event.inputs.stage }}"
-          echo "⚡ Manual trigger. Stage: $STAGE"
-        else
-          STAGE="dev"
-          echo "🌱 Branch push. Defaulting to Stage: $STAGE"
-        fi
-
-        case "$STAGE" in
-          dev|qa|prod)
-            echo "✅ Stage validated: $STAGE"
-            ;;
-          *)
-            echo "❌ Invalid stage: $STAGE. Must be dev, qa, or prod."
-            exit 1
-            ;;
-        esac
-
-        echo "STAGE=$STAGE" >> $GITHUB_ENV
-
-    - name: Checkout Repository
+    # ✅ Checkout Code
+    - name: Checkout repository
       uses: actions/checkout@v4
 
+    # ✅ Configure AWS Credentials
     - name: Configure AWS Credentials
       uses: aws-actions/configure-aws-credentials@v4
       with:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
         aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         aws-region: ${{ env.AWS_REGION }}
 
-    - name: Install Dependencies
-      run: |
-        sudo apt update
-        sudo apt install -y unzip curl
-
+    # ✅ Install Terraform
     - name: Setup Terraform
       uses: hashicorp/setup-terraform@v2
       with:
         terraform_version: 1.6.6
 
-    - name: Setup SSH Private Key
+    # ✅ Terraform Init & Workspace
+    - name: Terraform Init and Workspace
       run: |
-        echo "${{ secrets.SSH_PRIVATE_KEY }}" > ec2_key.pem
-        chmod 400 ec2_key.pem
+        cd terraform
+        terraform init
+        terraform workspace select ${{ github.event.inputs.stage }} || terraform workspace new ${{ github.event.inputs.stage }}
 
-    - name: Make deploy.sh executable
-      run: chmod +x scripts/deploy.sh
+    # ✅ Terraform Apply (Provision EC2)
+    - name: Apply Terraform configuration
+      run: |
+        cd terraform
+        terraform apply -var-file="${{ github.event.inputs.stage }}_config.tfvars" -auto-approve \
+          -var "stage=${{ github.event.inputs.stage }}"
 
-    - name: Run deploy.sh
+    # ✅ Fetch Terraform Outputs (Instance IPs, S3 Bucket)
+    - name: Get Terraform Outputs
+      id: tf_outputs
       run: |
-        export PRIVATE_KEY_PATH="./ec2_key.pem"
-        ./scripts/deploy.sh $STAGE
+        cd terraform
+        APP_IP=$(terraform output -raw instance_public_ip)
+        VERIFIER_IP=$(terraform output -raw verifier_instance_public_ip)
+        S3_BUCKET=$(terraform output -raw s3_bucket_name)
 
-    - name: Upload logs as artifact
-      uses: actions/upload-artifact@v4
-      with:
-        name: ec2-logs-${{ env.STAGE }}
-        path: mylogs/
+        echo "APP_IP=$APP_IP" >> $GITHUB_ENV
+        echo "VERIFIER_IP=$VERIFIER_IP" >> $GITHUB_ENV
+        echo "S3_BUCKET=$S3_BUCKET" >> $GITHUB_ENV
+
+    # ✅ Wait for App & Logs
+    - name: Wait for App & Logs
+      run: |
+        echo "Waiting 90 seconds for EC2 instances to initialize..."
+        sleep 90
+
+    # ✅ Validate App Health
+    - name: Check Application Health
+      run: |
+        echo "Checking app health on http://$APP_IP:80"
+        if curl -fs http://$APP_IP:80; then
+          echo "✅ App is running."
+        else
+          echo "❌ App is not responding."
+          exit 1
+        fi
+
+    # ✅ Verify Logs on Read-Only EC2
+    - name: Verify Logs on EC2-2 (read-only)
+      run: |
+        echo "Connecting to verifier EC2 ($VERIFIER_IP)..."
+        ssh -i ./ec2_key.pem -o StrictHostKeyChecking=no ubuntu@$VERIFIER_IP "
+          if [ -s /mylogs/app/my-app.log ] && [ -s /mylogs/system/cloud-init.log ]; then
+            echo '✅ Logs found on EC2-2.'
+          else
+            echo '❌ Logs missing on EC2-2.'
+            exit 1
+          fi
+        "
+
+    # # ✅ Download Logs from EC2-2
+    # - name: Download Logs from EC2-2
+    #   run: |
+    #     mkdir -p mylogs
+    #     scp -i ./ec2_key.pem -o StrictHostKeyChecking=no -r ubuntu@$VERIFIER_IP:/mylogs/* ./mylogs/
+
+    # # ✅ Upload Logs as Artifact
+    # - name: Upload Logs as Artifact
+    #   uses: actions/upload-artifact@v4
+    #   with:
+    #     name: ec2-logs-${{ github.event.inputs.stage }}
+    #     path: mylogs/

.github/workflows/destroy.yml

@@ -1,4 +1,4 @@
-name: Destroy EC2
+name: Destroy Infrastructure
 
 on:
   workflow_dispatch:
@@ -21,14 +21,7 @@ jobs:
     runs-on: ubuntu-latest
 
     steps:
-    - name: Set Stage
-      id: set_stage
-      run: |
-        STAGE="${{ github.event.inputs.stage }}"
-        echo "Stage selected: $STAGE"
-        echo "STAGE=$STAGE" >> $GITHUB_ENV
-
-    - name: Checkout Repository
+    - name: Checkout repository
       uses: actions/checkout@v4
 
     - name: Configure AWS Credentials
@@ -43,8 +36,14 @@ jobs:
       with:
         terraform_version: 1.6.6
 
-    - name: Destroy Infra
+    - name: Terraform Init and Workspace
       run: |
         cd terraform
         terraform init
-        terraform destroy -var-file="${STAGE}_config.tfvars" -auto-approve
+        terraform workspace select ${{ github.event.inputs.stage }} || terraform workspace new ${{ github.event.inputs.stage }}
+
+    - name: Destroy Terraform Resources
+      run: |
+        cd terraform
+        terraform destroy -var-file="${{ github.event.inputs.stage }}_config.tfvars" -auto-approve \
+          -var "stage=${{ github.event.inputs.stage }}"