Docs update and other refactor (#324) #30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Email Worker to Production | |
| on: | |
| push: | |
| branches: | |
| - master | |
| paths: | |
| - 'apps/api/**' | |
| - 'infra/docker-compose.api.yml' | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| packages: write | |
| jobs: | |
| build-and-push: | |
| name: Build and Push Docker Image to GHCR | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push Docker image | |
| run: | | |
| docker build \ | |
| --target prod \ | |
| -f ./apps/api/cmd/email_worker/Dockerfile \ | |
| -t ghcr.io/${{ github.repository_owner }}/core-email-worker:latest \ | |
| ./apps/api | |
| docker push ghcr.io/${{ github.repository_owner }}/core-email-worker:latest | |
| run-migrations: | |
| name: Run Goose Migrations | |
| runs-on: ubuntu-latest | |
| needs: build-and-push | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Install Goose | |
| run: | | |
| curl -fsSL https://raw.githubusercontent.com/pressly/goose/master/install.sh | sh | |
| - name: Run migrations | |
| run: | | |
| goose -dir ./apps/api/internal/db/migrations postgres "${{ secrets.DEV_DB_URL }}" up | |
| deploy: | |
| name: Deploy to Production Server | |
| runs-on: ubuntu-latest | |
| needs: [build-and-push, run-migrations] | |
| steps: | |
| - name: SSH proxy commmand | |
| uses: appleboy/ssh-action@v1 | |
| with: | |
| host: ${{ secrets.API_HOST }} | |
| username: root | |
| password: ${{ secrets.API_PASSWORD }} | |
| script: | | |
| cd /root/core/infra | |
| git fetch | |
| git checkout main | |
| git reset --hard origin/main | |
| git pull | |
| export INFISICAL_TOKEN=$(infisical login \ | |
| --method=universal-auth \ | |
| --client-id='${{ secrets.INFISICAL_CLIENT_ID }}' \ | |
| --client-secret='${{ secrets.INFISICAL_CLIENT_SECRET }}' \ | |
| --silent \ | |
| --plain) | |
| infisical export \ | |
| --token=$INFISICAL_TOKEN \ | |
| --env=prod \ | |
| --format=dotenv \ | |
| --path="/api" \ | |
| --projectId='${{ secrets.INFISICAL_PROJECT_ID }}' \ | |
| > ./secrets/.env.api | |
| docker compose -f docker-compose.api.yml pull email-worker | |
| docker compose -f docker-compose.api.yml up -d --no-deps --force-recreate email-worker |