-
Notifications
You must be signed in to change notification settings - Fork 18
167 lines (166 loc) · 10.3 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
name: deploy
on:
workflow_dispatch:
push:
branches:
- develop
- main
jobs:
messenger-web-deploy:
environment: ${{ github.ref_name == 'main' && 'prod' || (github.ref_name == 'develop' && 'staging' || 'testing') }}
runs-on: ubuntu-latest
env:
environment_name: ${{ github.ref_name == 'main' && 'prod' || (github.ref_name == 'develop' && 'staging' || 'testing') }}
steps:
- uses: actions/checkout@v2
- uses: actions/setup-node@v3
with:
registry-url: 'https://npm.pkg.github.com'
node-version: 22.0.0
cache: 'yarn'
- name: Print environment name
run: echo $environment_name
- name: Declare some variables
shell: bash
run: |
echo "sha_short=$(git rev-parse --short "$GITHUB_SHA")" >> "$GITHUB_ENV"
echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >> "$GITHUB_ENV"
echo "now=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_ENV
echo "unix_now=$(date +%s)" >> "$GITHUB_ENV"
- name: Prepare SSH
run: |
mkdir ~/.ssh
echo "${{ secrets.HOST_SSH_PUBLIC_KEY }}" > ~/.ssh/known_hosts
echo "${{ secrets.DO_SSH_KEY }}" > ./ssh-key
chmod 600 ./ssh-key
- name: Create .env file
env:
TARGET_HOST: ${{ vars.HOST_DOMAIN }}
TARGET_IP: ${{ vars.HOST_IP }}
run: |
echo "REACT_APP_ADDR_ENS_SUBDOMAIN=${{ vars.ADDR_ENS_SUBDOMAIN }}" >> ./.env.react
echo "REACT_APP_BACKEND=https://${{ vars.HOST_DOMAIN }}/api" >> ./.env.react
echo "REACT_APP_DEFAULT_DELIVERY_SERVICE=${{ vars.DEFAULT_DELIVERY_SERVICE}}" >> ./.env.react
echo "REACT_APP_DEFAULT_SERVICE=https://${{ vars.HOST_DOMAIN }}/api" >> ./.env.react
echo "REACT_APP_MAINNET_PROVIDER_RPC=${{ secrets.RPC }}" >> ./.env.react
echo "REACT_APP_PROFILE_BASE_URL=https://${{ vars.HOST_DOMAIN }}/api" >> ./.env.react
echo "REACT_APP_RESOLVER_BACKEND=https://${{ vars.HOST_DOMAIN }}/resolver-handler" >> ./.env.react
echo "REACT_APP_USER_ENS_SUBDOMAIN=${{ vars.USER_ENS_SUBDOMAIN }}" >> ./.env.react
echo "REACT_APP_PUBLIC_VAPID_KEY=${{ secrets.REACT_APP_PUBLIC_VAPID_KEY}}" >> ./.env.react
echo "REACT_APP_WALLET_CONNECT_PROJECT_ID=${{ secrets.REACT_APP_WALLET_CONNECT_PROJECT_ID }}" >> ./.env.react
echo "REACT_APP_COMMIT_HASH=${{ env.sha_short }}" >> ./.env.react
echo "REACT_APP_BRANCH=${{ env.branch }}" >> ./.env.react
echo "REACT_APP_BUILD_TIME=${{ env.now }}" >> ./.env.react
echo "REACT_APP_ENVIRONMENT_NAME=${{ env.environment_name }}" >> ./.env.react
echo "REACT_APP_MAINNET_PROVIDER_RPC=${{ secrets.MAINNET_PROVIDER_URL}}" >> ./.env.react
echo "REACT_APP_CHAIN_ID=${{ vars.CHAIN_ID }}" >> ./.env.react
echo "REACT_APP_NONCE=${{ vars.STORAGE_NONCE }}" >> ./.env.react
cat ./.env.react >> ./.env
echo "RESOLVER_ADDRESS=${{ vars.ERC3668_RESOLVER_ADDRESS }}" >> ./.env
echo "SIGNING_PUBLIC_KEY=${{ secrets.SIGNING_PUBLIC_KEY }}" >> ./.env
echo "SIGNING_PRIVATE_KEY=${{ secrets.SIGNING_PRIVATE_KEY }}" >> ./.env
echo "SIGNER_PRIVATE_KEY=${{ secrets.SIGNER_PRIVATE_KEY }}" >> ./.env
echo "SPAM_PROTECTION=${{ secrets.SPAM_PROTECTION }}" >> ./.env
echo "ENCRYPTION_PUBLIC_KEY=${{ secrets.ENCRYPTION_PUBLIC_KEY }}" >> ./.env
echo "ENCRYPTION_PRIVATE_KEY=${{ secrets.ENCRYPTION_PRIVATE_KEY }}" >> ./.env
echo "RPC=${{ secrets.RPC }}" >> ./.env
echo "LUKSO_RPC=${{ secrets.LUKSO_RPC }}" >> ./.env
echo "URL=${{ vars.HOST_DOMAIN }}" >> ./.env
echo "CERT_MAIL=${{ vars.CERT_MAIL }}" >> ./.env
echo "DATABASE_URL=${{ secrets.DATABASE_URL }}" >> ./.env
echo "RESOLVER_SUPPORTED_ADDR_ENS_SUBDOMAINS=${{ vars.RESOLVER_SUPPORTED_ADDR_ENS_SUBDOMAINS }}" >> ./.env
echo "RESOLVER_SUPPORTED_NAME_ENS_SUBDOMAINS=${{ vars.RESOLVER_SUPPORTED_NAME_ENS_SUBDOMAINS }}" >> ./.env
echo "PERSISTENCE_DIRECTORY=${{ vars.PERSISTENCE_DIRECTORY }}" >> ./.env
envsubst '${TARGET_HOST} ${TARGET_IP}' < ./docker/nginx.conf > ./nginx.conf
cat ./.env
- name: Prepare docker build environment
shell: bash
run: |
cp ./.env.react packages/messenger-demo/.env
cp ./.env.react packages/messenger-web/.env
docker build --progress=plain -t build -f ./docker/DockerfileBuild .
docker build --progress=plain -t base -f ./docker/DockerfileBase .
docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} -p ${{ secrets.DOCKER_HUB_PAT }}
# production images will have no special suffix -> they are the real deal
if [ $environment_name != "prod" ]; then
echo "docker_suffix=.$environment_name" >> "$GITHUB_ENV"
fi
- name: Build and publish backend docker image
shell: bash
run: |
version=$(NODE_PATH=packages/backend node -p "require('package.json').version")
image_name=dm3-backend
docker build --progress=plain -f ./docker/DockerfilePackages --build-arg="PACKAGE=backend" \
--tag $image_name:latest \
--tag dm3org/$image_name:latest${{ env.docker_suffix }} \
--tag dm3org/$image_name:$version${{ env.docker_suffix }}.latest \
--tag dm3org/$image_name:$version${{ env.docker_suffix }}.${{ env.unix_now }}.${{ env.sha_short }} .
docker save -o ./$image_name.tar $image_name:latest
docker push --all-tags dm3org/$image_name
- name: Build and publish delivery-service docker image
shell: bash
run: |
version=$(NODE_PATH=packages/delivery-service node -p "require('package.json').version")
image_name=dm3-delivery-service
docker build --progress=plain -f ./docker/DockerfilePackages --build-arg="PACKAGE=delivery-service" \
--tag $image_name:latest \
--tag dm3org/$image_name:latest${{ env.docker_suffix }} \
--tag dm3org/$image_name:$version${{ env.docker_suffix }}.latest \
--tag dm3org/$image_name:$version${{ env.docker_suffix }}.${{ env.unix_now }}.${{ env.sha_short }} .
docker save -o ./$image_name.tar $image_name:latest
docker push --all-tags dm3org/$image_name
- name: Build offchain-resolver docker image
shell: bash
run: |
version=$(NODE_PATH=packages/delivery-service node -p "require('package.json').version")
image_name=dm3-offchain-resolver
docker build --progress=plain -f ./docker/DockerfilePackages --build-arg="PACKAGE=offchain-resolver" \
--tag $image_name:latest \
--tag dm3org/$image_name:latest${{ env.docker_suffix }} \
--tag dm3org/$image_name:$version${{ env.docker_suffix }}.latest \
--tag dm3org/$image_name:$version${{ env.docker_suffix }}.${{ env.unix_now }}.${{ env.sha_short }} .
docker save -o ./$image_name.tar $image_name:latest
docker push --all-tags dm3org/$image_name
- name: Build messenger-web docker image
shell: bash
run: |
docker build --progress=plain -f ./docker/DockerfilePackages --tag dm3-messenger-web:latest --build-arg="PACKAGE=messenger-web" .
docker save -o ./dm3-messenger-web.tar dm3-messenger-web:latest
- name: Send files to server
run: |
ssh -i ./ssh-key root@${{ vars.HOST_DOMAIN }} "\
rm /home/app/*.tar || true"
rsync -avz -e 'ssh -i ./ssh-key' ./.env app@${{ vars.HOST_DOMAIN }}:/home/app/dm3
rsync -avz -e 'ssh -i ./ssh-key' ./dm3-*.tar app@${{ vars.HOST_DOMAIN }}:/home/app/dm3
rsync -avz -e 'ssh -i ./ssh-key' ./nginx.conf app@${{ vars.HOST_DOMAIN }}:/home/app/dm3
- name: Stop docker on server
run: |
ssh -i ./ssh-key app@${{ vars.HOST_DOMAIN }} "\
cd dm3 && docker compose down"
ssh -i ./ssh-key root@${{ vars.HOST_DOMAIN }} "\
systemctl restart docker.service"
- name: Send docker compose to server
run: |
rsync -avz -e 'ssh -i ./ssh-key' ./docker/docker-compose.yml app@${{ vars.HOST_DOMAIN }}:/home/app/dm3
- name: Load docker images
run: |
ssh -i ./ssh-key app@${{ vars.HOST_DOMAIN }} "\
cd dm3 && ls |grep -E 'dm3-.*tar' | xargs --no-run-if-empty -L 1 docker load -i; \
rm dm3-*.tar || true"
- name: Reset state of testing environment
run: |
if [ $environment_name == "testing" ]; then
ssh -i ./ssh-key root@${{ vars.HOST_DOMAIN }} "\
cd ${{ vars.PERSISTENCE_DIRECTORY }}/db && rm -r * || true;
cd ${{ vars.PERSISTENCE_DIRECTORY }}/storage && rm -r * || true"
fi
- name: Configure Firewall
run: |
ssh -i ./ssh-key root@${{ vars.HOST_DOMAIN }} "\
ufw allow from 172.18.0.1/16 proto tcp to ${{ vars.HOST_IP}} port 80;
ufw allow from 172.18.0.1/16 proto tcp to ${{ vars.HOST_IP }} port 443;
ufw enable"
- name: Start docker on server
run: |
ssh -i ./ssh-key app@${{ vars.HOST_DOMAIN }} "\
cd dm3 && docker compose --env-file .env up -d && docker system prune -af"