deploy #690
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: deploy | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- develop | |
- main | |
jobs: | |
messenger-web-deploy: | |
environment: ${{ github.ref_name == 'main' && 'prod' || (github.ref_name == 'develop' && 'staging' || 'testing') }} | |
runs-on: ubuntu-latest | |
env: | |
environment_name: ${{ github.ref_name == 'main' && 'prod' || (github.ref_name == 'develop' && 'staging' || 'testing') }} | |
steps: | |
- uses: actions/checkout@v2 | |
- uses: actions/setup-node@v3 | |
with: | |
registry-url: 'https://npm.pkg.github.com' | |
node-version: 22.0.0 | |
cache: 'yarn' | |
- name: Print environment name | |
run: echo $environment_name | |
- name: Declare some variables | |
shell: bash | |
run: | | |
echo "sha_short=$(git rev-parse --short "$GITHUB_SHA")" >> "$GITHUB_ENV" | |
echo "branch=$(echo ${GITHUB_REF#refs/heads/})" >> "$GITHUB_ENV" | |
echo "now=$(date +'%Y-%m-%dT%H:%M:%S')" >> $GITHUB_ENV | |
echo "unix_now=$(date +%s)" >> "$GITHUB_ENV" | |
- name: Prepare SSH | |
run: | | |
mkdir ~/.ssh | |
echo "${{ secrets.HOST_SSH_PUBLIC_KEY }}" > ~/.ssh/known_hosts | |
echo "${{ secrets.DO_SSH_KEY }}" > ./ssh-key | |
chmod 600 ./ssh-key | |
- name: Create .env file | |
env: | |
TARGET_HOST: ${{ vars.HOST_DOMAIN }} | |
TARGET_IP: ${{ vars.HOST_IP }} | |
run: | | |
echo "REACT_APP_ADDR_ENS_SUBDOMAIN=${{ vars.ADDR_ENS_SUBDOMAIN }}" >> ./.env.react | |
echo "REACT_APP_BACKEND=https://${{ vars.HOST_DOMAIN }}/api" >> ./.env.react | |
echo "REACT_APP_DEFAULT_DELIVERY_SERVICE=${{ vars.DEFAULT_DELIVERY_SERVICE}}" >> ./.env.react | |
echo "REACT_APP_DEFAULT_SERVICE=https://${{ vars.HOST_DOMAIN }}/api" >> ./.env.react | |
echo "REACT_APP_MAINNET_PROVIDER_RPC=${{ secrets.RPC }}" >> ./.env.react | |
echo "REACT_APP_PROFILE_BASE_URL=https://${{ vars.HOST_DOMAIN }}/api" >> ./.env.react | |
echo "REACT_APP_RESOLVER_BACKEND=https://${{ vars.HOST_DOMAIN }}/resolver-handler" >> ./.env.react | |
echo "REACT_APP_USER_ENS_SUBDOMAIN=${{ vars.USER_ENS_SUBDOMAIN }}" >> ./.env.react | |
echo "REACT_APP_PUBLIC_VAPID_KEY=${{ secrets.REACT_APP_PUBLIC_VAPID_KEY}}" >> ./.env.react | |
echo "REACT_APP_WALLET_CONNECT_PROJECT_ID=${{ secrets.REACT_APP_WALLET_CONNECT_PROJECT_ID }}" >> ./.env.react | |
echo "REACT_APP_COMMIT_HASH=${{ env.sha_short }}" >> ./.env.react | |
echo "REACT_APP_BRANCH=${{ env.branch }}" >> ./.env.react | |
echo "REACT_APP_BUILD_TIME=${{ env.now }}" >> ./.env.react | |
echo "REACT_APP_ENVIRONMENT_NAME=${{ env.environment_name }}" >> ./.env.react | |
echo "REACT_APP_MAINNET_PROVIDER_RPC=${{ secrets.MAINNET_PROVIDER_URL}}" >> ./.env.react | |
echo "REACT_APP_CHAIN_ID=${{ vars.CHAIN_ID }}" >> ./.env.react | |
echo "REACT_APP_NONCE=${{ vars.STORAGE_NONCE }}" >> ./.env.react | |
cat ./.env.react >> ./.env | |
echo "RESOLVER_ADDRESS=${{ vars.ERC3668_RESOLVER_ADDRESS }}" >> ./.env | |
echo "SIGNING_PUBLIC_KEY=${{ secrets.SIGNING_PUBLIC_KEY }}" >> ./.env | |
echo "SIGNING_PRIVATE_KEY=${{ secrets.SIGNING_PRIVATE_KEY }}" >> ./.env | |
echo "SIGNER_PRIVATE_KEY=${{ secrets.SIGNER_PRIVATE_KEY }}" >> ./.env | |
echo "SPAM_PROTECTION=${{ secrets.SPAM_PROTECTION }}" >> ./.env | |
echo "ENCRYPTION_PUBLIC_KEY=${{ secrets.ENCRYPTION_PUBLIC_KEY }}" >> ./.env | |
echo "ENCRYPTION_PRIVATE_KEY=${{ secrets.ENCRYPTION_PRIVATE_KEY }}" >> ./.env | |
echo "RPC=${{ secrets.RPC }}" >> ./.env | |
echo "LUKSO_RPC=${{ secrets.LUKSO_RPC }}" >> ./.env | |
echo "URL=${{ vars.HOST_DOMAIN }}" >> ./.env | |
echo "CERT_MAIL=${{ vars.CERT_MAIL }}" >> ./.env | |
echo "DATABASE_URL=${{ secrets.DATABASE_URL }}" >> ./.env | |
echo "RESOLVER_SUPPORTED_ADDR_ENS_SUBDOMAINS=${{ vars.RESOLVER_SUPPORTED_ADDR_ENS_SUBDOMAINS }}" >> ./.env | |
echo "RESOLVER_SUPPORTED_NAME_ENS_SUBDOMAINS=${{ vars.RESOLVER_SUPPORTED_NAME_ENS_SUBDOMAINS }}" >> ./.env | |
echo "PERSISTENCE_DIRECTORY=${{ vars.PERSISTENCE_DIRECTORY }}" >> ./.env | |
envsubst '${TARGET_HOST} ${TARGET_IP}' < ./docker/nginx.conf > ./nginx.conf | |
cat ./.env | |
- name: Prepare docker build environment | |
shell: bash | |
run: | | |
cp ./.env.react packages/messenger-demo/.env | |
cp ./.env.react packages/messenger-web/.env | |
docker build --progress=plain -t build -f ./docker/DockerfileBuild . | |
docker build --progress=plain -t base -f ./docker/DockerfileBase . | |
docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} -p ${{ secrets.DOCKER_HUB_PAT }} | |
# production images will have no special suffix -> they are the real deal | |
if [ $environment_name != "prod" ]; then | |
echo "docker_suffix=.$environment_name" >> "$GITHUB_ENV" | |
fi | |
- name: Build and publish backend docker image | |
shell: bash | |
run: | | |
version=$(NODE_PATH=packages/backend node -p "require('package.json').version") | |
image_name=dm3-backend | |
docker build --progress=plain -f ./docker/DockerfilePackages --build-arg="PACKAGE=backend" \ | |
--tag $image_name:latest \ | |
--tag dm3org/$image_name:latest${{ env.docker_suffix }} \ | |
--tag dm3org/$image_name:$version${{ env.docker_suffix }}.latest \ | |
--tag dm3org/$image_name:$version${{ env.docker_suffix }}.${{ env.unix_now }}.${{ env.sha_short }} . | |
docker save -o ./$image_name.tar $image_name:latest | |
docker push --all-tags dm3org/$image_name | |
- name: Build and publish delivery-service docker image | |
shell: bash | |
run: | | |
version=$(NODE_PATH=packages/delivery-service node -p "require('package.json').version") | |
image_name=dm3-delivery-service | |
docker build --progress=plain -f ./docker/DockerfilePackages --build-arg="PACKAGE=delivery-service" \ | |
--tag $image_name:latest \ | |
--tag dm3org/$image_name:latest${{ env.docker_suffix }} \ | |
--tag dm3org/$image_name:$version${{ env.docker_suffix }}.latest \ | |
--tag dm3org/$image_name:$version${{ env.docker_suffix }}.${{ env.unix_now }}.${{ env.sha_short }} . | |
docker save -o ./$image_name.tar $image_name:latest | |
docker push --all-tags dm3org/$image_name | |
- name: Build offchain-resolver docker image | |
shell: bash | |
run: | | |
version=$(NODE_PATH=packages/delivery-service node -p "require('package.json').version") | |
image_name=dm3-offchain-resolver | |
docker build --progress=plain -f ./docker/DockerfilePackages --build-arg="PACKAGE=offchain-resolver" \ | |
--tag $image_name:latest \ | |
--tag dm3org/$image_name:latest${{ env.docker_suffix }} \ | |
--tag dm3org/$image_name:$version${{ env.docker_suffix }}.latest \ | |
--tag dm3org/$image_name:$version${{ env.docker_suffix }}.${{ env.unix_now }}.${{ env.sha_short }} . | |
docker save -o ./$image_name.tar $image_name:latest | |
docker push --all-tags dm3org/$image_name | |
- name: Build messenger-web docker image | |
shell: bash | |
run: | | |
docker build --progress=plain -f ./docker/DockerfilePackages --tag dm3-messenger-web:latest --build-arg="PACKAGE=messenger-web" . | |
docker save -o ./dm3-messenger-web.tar dm3-messenger-web:latest | |
- name: Send files to server | |
run: | | |
ssh -i ./ssh-key root@${{ vars.HOST_DOMAIN }} "\ | |
rm /home/app/*.tar || true" | |
rsync -avz -e 'ssh -i ./ssh-key' ./.env app@${{ vars.HOST_DOMAIN }}:/home/app/dm3 | |
rsync -avz -e 'ssh -i ./ssh-key' ./dm3-*.tar app@${{ vars.HOST_DOMAIN }}:/home/app/dm3 | |
rsync -avz -e 'ssh -i ./ssh-key' ./nginx.conf app@${{ vars.HOST_DOMAIN }}:/home/app/dm3 | |
rsync -avz -e 'ssh -i ./ssh-key' ./docker/docker-compose.yml app@${{ vars.HOST_DOMAIN }}:/home/app/dm3 | |
- name: Stop docker on server | |
run: | | |
ssh -i ./ssh-key app@${{ vars.HOST_DOMAIN }} "\ | |
cd dm3 && docker compose down" | |
ssh -i ./ssh-key root@${{ vars.HOST_DOMAIN }} "\ | |
systemctl restart docker.service" | |
- name: Load docker images | |
run: | | |
ssh -i ./ssh-key app@${{ vars.HOST_DOMAIN }} "\ | |
cd dm3 && ls |grep -E 'dm3-.*tar' | xargs --no-run-if-empty -L 1 docker load -i; \ | |
rm dm3-*.tar || true" | |
- name: Reset state of testing environment | |
run: | | |
if [ $environment_name == "testing" ]; then | |
ssh -i ./ssh-key root@${{ vars.HOST_DOMAIN }} "\ | |
cd ${{ vars.PERSISTENCE_DIRECTORY }}/db && rm -r * || true; | |
cd ${{ vars.PERSISTENCE_DIRECTORY }}/storage && rm -r * || true" | |
fi | |
- name: Configure Firewall | |
run: | | |
ssh -i ./ssh-key root@${{ vars.HOST_DOMAIN }} "\ | |
ufw allow from 172.18.0.1/16 proto tcp to ${{ vars.HOST_IP}} port 80; | |
ufw allow from 172.18.0.1/16 proto tcp to ${{ vars.HOST_IP }} port 443; | |
ufw enable" | |
- name: Start docker on server | |
run: | | |
ssh -i ./ssh-key app@${{ vars.HOST_DOMAIN }} "\ | |
cd dm3 && docker compose --env-file .env up -d && docker system prune -af" |