Frontend/.github/workflows/cd-workflow.yml at main · KernelSquare/Frontend · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
name: AWS EC2 Deploy
on:
  pull_request_target:
    branches:
      - main
    types:
      - closed
permissions:
  id-token: write
  contents: read
jobs:
  deploy:
    if: github.repository == 'Kernel360/f1-KernelSquare-frontend' && github.event.pull_request.merged == true
    name: ec2Deploy
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4
      - name: Node.js20
        uses: actions/setup-node@v2
        with:
          node-version: "20"
      - name: Get Github Actions IP
        id: ip
        uses: haythem/public-ip@v1.3
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-region: ${{ secrets.AWS_REGION }}
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
      - name: Add Github Actions IP to Security Group
        run: |
          aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
      - name: Pull Image and Run
        uses: appleboy/ssh-action@v1.0.3
        with:
          host: ${{ secrets.EC2_HOST }}
          username: ${{ secrets.EC2_USER }}
          password: ${{ secrets.EC2_PASSWORD }}
          script_stop: true
          script: |
            docker pull ${{ secrets.DOCKER_TAG }}
            if docker ps --format '{{.Names}}' | grep -q "kernel_frontend_app"; then
            docker stop kernel_frontend_app
            docker rm kernel_frontend_app
            fi
            docker run --name kernel_frontend_app --restart=always -itd -p 3000:3000 ${{ secrets.DOCKER_TAG }}
            docker rmi $(docker images -q -f "dangling=true")
      - name: Remove Github Actions IP From Security Group
        if: always()
        run: |
          aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
  notify:
    needs: deploy
    if: github.repository == 'Kernel360/f1-KernelSquare-frontend'
    runs-on: ubuntu-latest
    steps:
      - name: Slack Notification
        uses: slackapi/slack-github-action@v1.25.0
        with:
          payload: |
            {
              "text": "ec2 deploy result: ${{ job.status }}",
              "blocks": [
                {
                  "type": "section",
                  "text": {
                    "type": "mrkdwn",
                    "text": "ec2 deploy result: ${{ job.status }}\n${{ github.event.pull_request.html_url || github.event.head_commit.url }}"
                  }
                }
              ]
            }
        env:
          SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
          SLACK_WEBHOOK_TYPE: INCOMING_WEBHOOK