Skip to content
Build and Deploy

fix for issues/2 #33

Sign in to view logs

fix for issues/2

fix for issues/2 #33

Workflow file for this run

.github/workflows/gtw_stack_deploy.yaml at 05972d5
# I know, I should be using a proper deployment pipeline, like Ansible.
# But honestly, I'm too lazy to wrestle with those annoying Ansible bugs for days.
# Sorry, not sorry.
name: Build and Deploy
on:
push:
branches:
- main
jobs:
build-and-push:
runs-on: ubuntu-latest
env:
SERVER_DOMAIN: waze.papko.org
ADMIN_EMAIL: [email protected]
IMAGE_NAME: papko26/gtw
DEPLOY_DIR: /etc/gtw
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Get commit hash
id: commit
run: echo "COMMIT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
- name: Log in to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push Docker images
run: |
# Build the image
docker build -t ${{ env.IMAGE_NAME }}:latest -t ${{ env.IMAGE_NAME }}:${{ env.COMMIT_SHA }} ./app
# Push both tags
docker push ${{ env.IMAGE_NAME }}:latest
docker push ${{ env.IMAGE_NAME }}:${{ env.COMMIT_SHA }}
deploy:
runs-on: ubuntu-latest
needs: build-and-push
env:
SERVER_DOMAIN: waze.papko.org
ADMIN_EMAIL: [email protected]
IMAGE_NAME: papko26/gtw
DEPLOY_DIR: /etc/gtw
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Ensure necessary directories exist
uses: appleboy/[email protected]
with:
host: ${{ env.SERVER_DOMAIN }}
username: root
key: ${{ secrets.SSH_PRIVATE_KEY }}
script: |
mkdir -p /etc/nginx/certs
mkdir -p /etc/nginx/certs-data
mkdir -p /var/www/certbot
mkdir -p ${{ env.DEPLOY_DIR }}
- name: Copy NGINX configuration to the server
uses: appleboy/[email protected]
with:
host: ${{ env.SERVER_DOMAIN }}
username: root
key: ${{ secrets.SSH_PRIVATE_KEY }}
source: nginx/nginx.conf
target: /etc
- name: First-time Certbot run (with temporary NGINX container)
uses: appleboy/[email protected]
with:
host: ${{ env.SERVER_DOMAIN }}
username: root
key: ${{ secrets.SSH_PRIVATE_KEY }}
script: |
# Check if the certificate already exists
if [ -f /etc/nginx/certs/live/${{ env.SERVER_DOMAIN }}/fullchain.pem ]; then
echo "Certificate already exists. Skipping Certbot step."
exit 0
fi
# Ensure the ACME challenge directory exists
mkdir -p /var/www/certbot
# Start a temporary NGINX container to handle the challenge
docker run -d --name temp-nginx \
-p 80:80 \
-v /var/www/certbot:/var/www/certbot:ro \
--entrypoint "/bin/sh" nginx:latest -c "
echo '
server {
listen 80;
server_name ${{ env.SERVER_DOMAIN }};
location /.well-known/acme-challenge/ {
root /var/www/certbot;
}
location / {
return 404;
}
}
' > /etc/nginx/conf.d/default.conf && nginx -g 'daemon off;'"
# Wait for the container to start
sleep 5
# Run Certbot to obtain certificates
docker run --rm \
-v /etc/nginx/certs:/etc/letsencrypt \
-v /var/www/certbot:/var/www/certbot \
certbot/certbot certonly --webroot \
--webroot-path=/var/www/certbot \
--email ${{ env.ADMIN_EMAIL }} --agree-tos --no-eff-email \
-d ${{ env.SERVER_DOMAIN }}
# Stop and remove the temporary NGINX container
docker stop temp-nginx && docker rm temp-nginx
- name: Copy docker-compose.yml to the server
uses: appleboy/[email protected]
with:
host: ${{ env.SERVER_DOMAIN }}
username: root
key: ${{ secrets.SSH_PRIVATE_KEY }}
source: docker-compose.yml
target: ${{ env.DEPLOY_DIR }}
- name: Deploy via SSH
uses: appleboy/[email protected]
with:
host: ${{ env.SERVER_DOMAIN }}
username: root
key: ${{ secrets.SSH_PRIVATE_KEY }}
script: |
echo "${{ secrets.ENV_FILE }}" > ${{ env.DEPLOY_DIR }}/gtw.env
cd ${{ env.DEPLOY_DIR }}
docker compose pull
docker compose up -d --force-recreate