#deploy-to-prod #34
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Docker to EC2 | |
| on: | |
| push: | |
| branches: | |
| - main # This will trigger on any push to the main branch | |
| jobs: | |
| build_and_push: | |
| if: github.event.head_commit.message == '#deploy-to-prod' # Check for commit message | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Build and Push Docker image | |
| run: | | |
| docker compose -f production.yml build django | |
| docker tag failures_production_django:latest ${{ secrets.AWS_ECR_REPOSITORY_URL }}:latest | |
| aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin ${{ secrets.AWS_ECR_REPOSITORY_URL }} | |
| docker push ${{ secrets.AWS_ECR_REPOSITORY_URL }}:latest | |
| deploy_to_ec2: | |
| if: github.event.head_commit.message == '#deploy-to-prod' # Check for commit message | |
| needs: build_and_push | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Start SSH agent and add EC2 private key | |
| run: | | |
| echo "${{ secrets.EC2_PRIVATE_KEY }}" > ec2-key.pem | |
| chmod 600 ec2-key.pem | |
| eval "$(ssh-agent -s)" | |
| ssh-add ec2-key.pem | |
| - name: SSH into EC2 and restart Docker | |
| run: | | |
| ssh -o StrictHostKeyChecking=no -i ec2-key.pem ec2-user@ec2-${{ secrets.AWS_EC2_PUBLIC_IP_WITH_DASHES }}.compute-1.amazonaws.com << 'EOF' | |
| # Stop and remove everything | |
| docker stop $(docker ps -aq) | |
| docker rm $(docker ps -aq) | |
| # Setup environment variables | |
| export DJANGO_ALLOWED_HOSTS="softwarefailures.com,$(ifconfig enX0 | grep 'inet ' | awk '{print $2}'),$(curl -s http://checkip.amazonaws.com)" | |
| export REDIS_URL=redis://redis:6379/0 | |
| export $(aws secretsmanager get-secret-value --secret-id prod/failure/postgres --region us-east-1 --query SecretString --output text | jq -r '. as $secret | "POSTGRES_HOST=\($secret | .host)\nPOSTGRES_PORT=5432\nPOSTGRES_DB=\($secret | .dbname)\nPOSTGRES_USER=\($secret | .username)\nPOSTGRES_PASSWORD=\($secret | .password)\nDATABASE_URL=postgres://\($secret | .username):\($secret | .password)@\($secret | .host):5432/\($secret | .dbname)"') | |
| # Pull the latest image | |
| aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin ${{ secrets.AWS_ECR_REPOSITORY_URL }} | |
| docker pull ${{ secrets.AWS_ECR_REPOSITORY_URL }}:latest | |
| # Start the container with the new image | |
| docker run -d --name redis -p 6379:6379 redis:alpine | |
| docker run -d --name django-prod -p 80:80 -e POSTGRES_HOST -e POSTGRES_PORT -e POSTGRES_DB -e POSTGRES_USER -e POSTGRES_PASSWORD -e DATABASE_URL -e REDIS_URL -e DJANGO_ALLOWED_HOSTS ${{ secrets.AWS_ECR_REPOSITORY_URL }}:latest /start | |
| # Clean up | |
| docker image prune -f --all | |
| docker volume prune -f | |
| docker network prune -f | |
| EOF |