03.Deploy Application to Server #28
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 03.Deploy Application to Server | |
on: | |
workflow_dispatch: | |
inputs: | |
image_name: | |
description: "Docker image name" | |
required: true | |
env: | |
REGISTRY: ghcr.io | |
jobs: | |
deploy: | |
runs-on: ubuntu-latest | |
steps: | |
# Step 1: Checkout del repository | |
- name: Checkout the repo | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
token: ${{ secrets.GITHUB_TOKEN }} | |
- name: Remove old config directory | |
uses: appleboy/ssh-action@v0.1.3 | |
with: | |
host: ${{ secrets.HOST }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.PRIVATE_KEY }} | |
script: | | |
rm -r /opt/config/ | |
# Step 2: Creazione dei file di configurazione | |
- name: Create config directory | |
uses: appleboy/ssh-action@v0.1.3 | |
with: | |
host: ${{ secrets.HOST }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.PRIVATE_KEY }} | |
script: | | |
mkdir -p /opt/config/ | |
- name: Create main config file (django.cfg) | |
uses: appleboy/ssh-action@v0.1.3 | |
with: | |
host: ${{ secrets.HOST }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.PRIVATE_KEY }} | |
script: | | |
echo "DEBUG=${{ secrets.DEBUG }}" >> /opt/config/django.cfg | |
echo "SECRET_KEY=${{ secrets.SECRET_KEY }}" >> /opt/config/django.cfg | |
echo "DJANGO_ALLOWED_HOSTS=${{ secrets.DJANGO_ALLOWED_HOSTS }}" >> /opt/config/django.cfg | |
echo "SQL_ENGINE=${{ secrets.SQL_ENGINE }}" >> /opt/config/django.cfg | |
echo "DATABASE=${{ secrets.DATABASE }}" >> /opt/config/django.cfg | |
echo "POSTGRES_DB=${{ secrets.POSTGRES_DB }}" >> /opt/config/django.cfg | |
echo "POSTGRES_USER=${{ secrets.POSTGRES_USER }}" >> /opt/config/django.cfg | |
echo "POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}" >> /opt/config/django.cfg | |
echo "SQL_HOST=${{ secrets.SQL_HOST }}" >> /opt/config/django.cfg | |
echo "SQL_PORT=${{ secrets.SQL_PORT }}" >> /opt/config/django.cfg | |
echo "GOLD_POSTGRES_DB=${{ secrets.GOLD_POSTGRES_DB }}" >> /opt/config/django.cfg | |
echo "GOLD_POSTGRES_USER=${{ secrets.GOLD_POSTGRES_USER }}" >> /opt/config/django.cfg | |
echo "GOLD_POSTGRES_PASSWORD=${{ secrets.GOLD_POSTGRES_PASSWORD }}" >> /opt/config/django.cfg | |
echo "GOLD_SQL_HOST=${{ secrets.GOLD_SQL_HOST }}" >> /opt/config/django.cfg | |
echo "GOLD_SQL_PORT=${{ secrets.GOLD_SQL_PORT }}" >> /opt/config/django.cfg | |
echo "EMAIL=${{ secrets.EMAIL }}" >> /opt/config/django.cfg | |
echo "DOMAIN=${{ secrets.DOMAIN }}" >> /opt/config/django.cfg | |
- name: Creation of config file for Postgres (db.cfg) | |
uses: appleboy/ssh-action@v0.1.3 | |
with: | |
host: ${{ secrets.HOST }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.PRIVATE_KEY }} | |
script: | | |
echo "POSTGRES_DB=${{ secrets.POSTGRES_DB }}" >> /opt/config/db.cfg | |
echo "POSTGRES_USER=${{ secrets.POSTGRES_USER }}" >> /opt/config/db.cfg | |
echo "POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}" >> /opt/config/db.cfg | |
echo "SQL_HOST=${{ secrets.SQL_HOST }}" >> /opt/config/db.cfg | |
echo "SQL_PORT=${{ secrets.SQL_PORT }}" >> /opt/config/db.cfg | |
- name: Creation of config file for Gold Postgres (gold.cfg) | |
uses: appleboy/ssh-action@v0.1.3 | |
with: | |
host: ${{ secrets.HOST }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.PRIVATE_KEY }} | |
script: | | |
echo "GOLD_POSTGRES_DB=${{ secrets.GOLD_POSTGRES_DB }}" >> /opt/config/gold.cfg | |
echo "GOLD_POSTGRES_USER=${{ secrets.GOLD_POSTGRES_USER }}" >> /opt/config/gold.cfg | |
echo "GOLD_POSTGRES_PASSWORD=${{ secrets.GOLD_POSTGRES_PASSWORD }}" >> /opt/config/gold.cfg | |
echo "GOLD_SQL_HOST=${{ secrets.GOLD_SQL_HOST }}" >> /opt/config/gold.cfg | |
echo "GOLD_SQL_PORT=${{ secrets.GOLD_SQL_PORT }}" >> /opt/config/gold.cfg | |
# Step 3: SCP Docker Compose file al server | |
- name: SCP Docker Compose file | |
uses: appleboy/scp-action@v0.1.7 | |
with: | |
host: ${{ secrets.HOST }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.PRIVATE_KEY }} | |
source: "./docker-compose.prod.yml" | |
target: "/opt/" | |
- name: Pull containers from GHCR | |
uses: appleboy/ssh-action@v0.1.3 | |
with: | |
host: ${{ secrets.HOST }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.PRIVATE_KEY }} | |
script: | | |
echo ${{ secrets.GHCR_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
docker pull ${{ env.REGISTRY }}/${REPO_NAME_LC,,}:latest-test | |
docker compose -f /opt/docker-compose.prod.yml up -d --force-recreate | |
# Step 5: Configurazione di Nginx | |
- name: SCP Nginx configuration | |
uses: appleboy/scp-action@v0.1.7 | |
with: | |
host: ${{ secrets.HOST }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.PRIVATE_KEY }} | |
source: "nginx/" | |
target: "/etc/nginx/sites-available/" | |
strip_components: 1 | |
- name: Update Nginx configuration | |
uses: appleboy/ssh-action@v0.1.3 | |
with: | |
host: ${{ secrets.HOST }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.PRIVATE_KEY }} | |
script: | | |
sed -i "s/localhost/${{ secrets.DOMAIN }}/g" /etc/nginx/sites-available/nginx.conf | |
ln -s /etc/nginx/sites-available/nginx.conf /etc/nginx/sites-enabled | |
nginx -t && sudo systemctl restart nginx | |
# Step 6: Certbot per SSL | |
- name: Setup Certbot for SSL | |
uses: appleboy/ssh-action@v0.1.3 | |
with: | |
host: ${{ secrets.HOST }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.PRIVATE_KEY }} | |
script: | | |
sudo apt-get remove certbot | |
sudo snap install --classic certbot | |
sudo ln -s /snap/bin/certbot /usr/bin/certbot | |
sudo certbot --nginx --non-interactive --agree-tos --email ${{ secrets.EMAIL }} --domains ${{ secrets.DOMAIN }} | |
sudo certbot renew --dry-run |