about #116
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Production | |
| on: | |
| push: | |
| branches: [main, devOps] # Added devOps branch | |
| workflow_dispatch: | |
| env: | |
| AWS_REGION: ap-southeast-1 | |
| ECR_FRONTEND: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/myblog/frontend | |
| ECR_BACKEND: ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/myblog/backend | |
| jobs: | |
| build-and-deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| # --- ADDED STEP --- | |
| # This step ensures the AWS CLI is installed and available. | |
| # It handles the case where it might already be present. | |
| - name: Ensure AWS CLI is installed and in PATH | |
| run: | | |
| if ! command -v aws &> /dev/null; then | |
| echo "AWS CLI not found, installing..." | |
| curl -sL "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" | |
| unzip awscliv2.zip | |
| sudo ./aws/install | |
| else | |
| echo "AWS CLI is already installed." | |
| # If already installed, ensure the path is correct for this step's shell | |
| export PATH="/usr/local/aws-cli/v2/current/bin:$PATH" | |
| fi | |
| aws --version # Verify installation and availability in this step | |
| # --- END OF ADDED STEP --- | |
| - name: Build and push backend image | |
| run: | | |
| docker build -f apps/backend/Dockerfile -t $ECR_BACKEND:$GITHUB_SHA . | |
| docker tag $ECR_BACKEND:$GITHUB_SHA $ECR_BACKEND:latest | |
| docker push $ECR_BACKEND:$GITHUB_SHA | |
| docker push $ECR_BACKEND:latest | |
| - name: Build and push frontend image | |
| run: | | |
| docker build -f apps/frontend/Dockerfile \ | |
| --build-arg NEXT_PUBLIC_BACKEND_BASE_URL=https://${{ secrets.DOMAIN_NAME }} \ | |
| --build-arg NEXT_PUBLIC_GOOGLE_CLIENT_ID=${{ secrets.GOOGLE_CLIENT_ID }} \ | |
| --build-arg NEXT_PUBLIC_TINYMCE_API_KEY=${{ secrets.TINYMCE_API_KEY }} \ | |
| -t $ECR_FRONTEND:$GITHUB_SHA . | |
| docker tag $ECR_FRONTEND:$GITHUB_SHA $ECR_FRONTEND:latest | |
| docker push $ECR_FRONTEND:$GITHUB_SHA | |
| docker push $ECR_FRONTEND:latest | |
| - name: Deploy to EC2 via SSM | |
| run: | | |
| aws ssm send-command \ | |
| --instance-ids ${{ secrets.EC2_INSTANCE_ID }} \ | |
| --document-name "AWS-RunShellScript" \ | |
| --parameters commands="[ | |
| \"set -e\", | |
| \"echo 'Starting deployment at \$(date)...'\", | |
| \"cd /home/ubuntu\", | |
| \"echo 'Installing AWS CLI...'\", | |
| \"sudo apt-get update\", | |
| \"sudo apt-get install -y snapd\", | |
| \"sudo snap install aws-cli --classic\", | |
| \"export PATH=/snap/bin:\$PATH\", | |
| \"echo 'Cleaning up disk space...'\", | |
| \"sudo apt-get autoremove -y\", | |
| \"sudo apt-get autoclean -y\", | |
| \"sudo rm -rf /var/lib/apt/lists/*\", | |
| \"docker system prune -f\", | |
| \"docker image prune -f\", | |
| \"echo 'Cloning repository...'\", | |
| \"sudo rm -rf MyBlog\", | |
| \"git clone https://oauth2:${{ secrets.DEPLOY_TOKEN }}@github.com/BlockAce01/MyBlog.git MyBlog\", | |
| \"cd MyBlog\", | |
| \"echo 'Setting up environment...'\", | |
| \"cat > .env << EOF\", | |
| \"AWS_ACCOUNT_ID=${{ secrets.AWS_ACCOUNT_ID }}\", | |
| \"MONGODB_URI=${{ secrets.MONGODB_URI }}\", | |
| \"JWT_SECRET=${{ secrets.JWT_SECRET }}\", | |
| \"GOOGLE_CLIENT_ID=${{ secrets.GOOGLE_CLIENT_ID }}\", | |
| \"GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET }}\", | |
| \"ADMIN_API_KEY=${{ secrets.ADMIN_API_KEY }}\", | |
| \"ADMIN_SETUP_TOKEN=${{ secrets.ADMIN_SETUP_TOKEN }}\", | |
| \"NEXTAUTH_SECRET=${{ secrets.NEXTAUTH_SECRET }}\", | |
| \"NEXT_PUBLIC_TINYMCE_API_KEY=${{ secrets.TINYMCE_API_KEY }}\", | |
| \"PROD_URL=${{ secrets.PROD_URL }}\", | |
| \"EOF\", | |
| \"export \$(cat .env | xargs)\", | |
| \"aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }}\", | |
| \"aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }}\", | |
| \"aws configure set region us-east-1\", | |
| \"aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com\", | |
| \"docker pull ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/myblog/frontend:latest\", | |
| \"docker pull ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.us-east-1.amazonaws.com/myblog/backend:latest\", | |
| \"docker compose -f docker-compose.prod.yml down || echo 'Compose down failed'\", | |
| \"docker compose -f docker-compose.prod.yml up -d\", | |
| \"sleep 30\", | |
| \"if curl -f --connect-timeout 10 http://localhost:3000/api/health; then echo '✅ Frontend OK'; else echo '❌ Frontend failed'; exit 1; fi\", | |
| \"if curl -f --connect-timeout 10 http://localhost:3003/health; then echo '✅ Backend OK'; else echo '❌ Backend failed'; exit 1; fi\", | |
| \"echo '🎉 Deployment completed successfully!'\" | |
| ]" \ | |
| --region ap-southeast-1 |