03.Deploy Application to Server #19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: 03.Deploy Application to Server | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| image_name: | |
| description: "Docker image name" | |
| required: true | |
| env: | |
| REGISTRY: ghcr.io | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Step 1: Checkout del repository | |
| - name: Checkout the repo | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create main config file (django.cfg) | |
| run: | | |
| echo "DEBUG=${{ secrets.DEBUG }}" >> opt/config/django.cfg | |
| echo "SECRET_KEY=${{ secrets.SECRET_KEY }}" >> opt/config/django.cfg | |
| echo "DJANGO_ALLOWED_HOSTS=${{ secrets.DJANGO_ALLOWED_HOSTS }}" >> opt/config/django.cfg | |
| echo "SQL_ENGINE=${{ secrets.SQL_ENGINE }}" >> opt/config/django.cfg | |
| echo "DATABASE=${{ secrets.DATABASE }}" >> opt/config/django.cfg | |
| echo "POSTGRES_DB=${{ secrets.POSTGRES_DB }}" >> opt/config/django.cfg | |
| echo "POSTGRES_USER=${{ secrets.POSTGRES_USER }}" >> opt/config/django.cfg | |
| echo "POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}" >> opt/config/django.cfg | |
| echo "SQL_HOST=${{ secrets.SQL_HOST }}" >> opt/config/django.cfg | |
| echo "SQL_PORT=${{ secrets.SQL_PORT }}" >> opt/config/django.cfg | |
| echo "GOLD_POSTGRES_DB=${{ secrets.GOLD_POSTGRES_DB }}" >> opt/config/django.cfg | |
| echo "GOLD_POSTGRES_USER=${{ secrets.GOLD_POSTGRES_USER }}" >> opt/config/django.cfg | |
| echo "GOLD_POSTGRES_PASSWORD=${{ secrets.GOLD_POSTGRES_PASSWORD }}" >> opt/config/django.cfg | |
| echo "GOLD_SQL_HOST=${{ secrets.GOLD_SQL_HOST }}" >> opt/config/django.cfg | |
| echo "GOLD_SQL_PORT=${{ secrets.GOLD_SQL_PORT }}" >> opt/config/django.cfg | |
| echo "EMAIL=${{ secrets.EMAIL }}" >> opt/config/django.cfg | |
| echo "DOMAIN=${{ secrets.DOMAIN }}" >> opt/config/django.cfg | |
| - name: Creation of config file for Postgres (db.cfg) | |
| run: | | |
| echo "POSTGRES_DB=${{ secrets.POSTGRES_DB }}" >> opt/config/db.cfg | |
| echo "POSTGRES_USER=${{ secrets.POSTGRES_USER }}" >> opt/config/db.cfg | |
| echo "POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}" >> opt/config/db.cfg | |
| echo "SQL_HOST=${{ secrets.SQL_HOST }}" >> opt/config/db.cfg | |
| echo "SQL_PORT=${{ secrets.SQL_PORT }}" >> opt/config/db.cfg | |
| - name: Creation of config file for Gold Postgres (gold.cfg) | |
| run: | | |
| echo "GOLD_POSTGRES_DB=${{ secrets.GOLD_POSTGRES_DB }}" >> opt/config/gold.cfg | |
| echo "GOLD_POSTGRES_USER=${{ secrets.GOLD_POSTGRES_USER }}" >> opt/config/gold.cfg | |
| echo "GOLD_POSTGRES_PASSWORD=${{ secrets.GOLD_POSTGRES_PASSWORD }}" >> opt/config/gold.cfg | |
| echo "GOLD_SQL_HOST=${{ secrets.GOLD_SQL_HOST }}" >> opt/config/gold.cfg | |
| echo "GOLD_SQL_PORT=${{ secrets.GOLD_SQL_PORT }}" >> opt/config/gold.cfg | |
| # Step 3: SCP Docker Compose file al server | |
| - name: SCP Docker Compose file | |
| uses: appleboy/scp-action@v0.1.7 | |
| with: | |
| host: ${{ secrets.HOST }} | |
| username: ${{ secrets.USERNAME }} | |
| key: ${{ secrets.PRIVATE_KEY }} | |
| source: "./docker-compose.prod.yml" | |
| target: "/opt/${{ github.repository }}/" | |
| # Step 4: Pull dei container da GHCR | |
| - name: Pull containers from GHCR | |
| uses: appleboy/ssh-action@v0.1.3 | |
| with: | |
| host: ${{ secrets.HOST }} | |
| username: ${{ secrets.USERNAME }} | |
| key: ${{ secrets.PRIVATE_KEY }} | |
| script: | | |
| echo ${{ secrets.GHCR_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
| docker-compose -f /opt/${{ github.repository }}/docker-compose.prod.yml pull | |
| docker-compose -f /opt/${{ github.repository }}/docker-compose.prod.yml up -d --force-recreate | |
| # Step 5: Configurazione di Nginx | |
| - name: SCP Nginx configuration | |
| uses: appleboy/scp-action@v0.1.7 | |
| with: | |
| host: ${{ secrets.HOST }} | |
| username: ${{ secrets.USERNAME }} | |
| key: ${{ secrets.PRIVATE_KEY }} | |
| source: "nginx/" | |
| target: "/etc/nginx/sites-available/" | |
| strip_components: 1 | |
| - name: Update Nginx configuration | |
| uses: appleboy/ssh-action@v0.1.3 | |
| with: | |
| host: ${{ secrets.HOST }} | |
| username: ${{ secrets.USERNAME }} | |
| key: ${{ secrets.PRIVATE_KEY }} | |
| script: | | |
| sed -i "s/localhost/${{ secrets.DOMAIN }}/g" /etc/nginx/sites-available/nginx.conf | |
| ln -s /etc/nginx/sites-available/nginx.conf /etc/nginx/sites-enabled | |
| nginx -t && sudo systemctl restart nginx | |
| # Step 6: Certbot per SSL | |
| - name: Setup Certbot for SSL | |
| uses: appleboy/ssh-action@v0.1.3 | |
| with: | |
| host: ${{ secrets.HOST }} | |
| username: ${{ secrets.USERNAME }} | |
| key: ${{ secrets.PRIVATE_KEY }} | |
| script: | | |
| sudo apt-get remove certbot | |
| sudo snap install --classic certbot | |
| sudo ln -s /snap/bin/certbot /usr/bin/certbot | |
| sudo certbot --nginx --non-interactive --agree-tos --email ${{ secrets.EMAIL }} --domains ${{ secrets.DOMAIN }} | |
| sudo certbot renew --dry-run |