pmlugato deploys A2rchi to prod #18
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy A2rchi Prod | |
| run-name: ${{ github.actor }} deploys A2rchi to prod | |
| on: | |
| push: | |
| branches: | |
| - release | |
| jobs: | |
| deploy-prod-system: | |
| runs-on: ubuntu-latest | |
| env: | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| steps: | |
| # boilerplate message and pull repository to CI runner | |
| - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." | |
| - uses: actions/checkout@v3 | |
| - run: echo "The ${{ github.repository }} repository has been cloned to the runner." | |
| # setup SSH | |
| - name: Setup SSH | |
| run: | | |
| mkdir -p /home/runner/.ssh/ | |
| echo "${{ secrets.SSH_PRIVATE_KEY_MDRUSSO }}" > /home/runner/.ssh/id_rsa_submit | |
| chmod 600 /home/runner/.ssh/id_rsa_submit | |
| echo "${{ secrets.SSH_SUBMIT_KNOWN_HOSTS }}" > ~/.ssh/known_hosts | |
| cp ${{ github.workspace }}/deploy/ssh_config /home/runner/.ssh/config | |
| ssh-agent -a $SSH_AUTH_SOCK > /dev/null | |
| ssh-add /home/runner/.ssh/id_rsa_submit | |
| # create secrets files for docker-compose | |
| - name: Create Secrets Files | |
| run: | | |
| mkdir -p ${{ github.workspace }}/deploy/prod/secrets/ | |
| touch ${{ github.workspace }}/deploy/prod/secrets/imap_user.txt | |
| echo "${{ secrets.PROD_IMAP_USER }}" >> ${{ github.workspace }}/deploy/prod/secrets/imap_user.txt | |
| chmod 400 ${{ github.workspace }}/deploy/prod/secrets/imap_user.txt | |
| touch ${{ github.workspace }}/deploy/prod/secrets/imap_pw.txt | |
| echo "${{ secrets.PROD_IMAP_PW }}" >> ${{ github.workspace }}/deploy/prod/secrets/imap_pw.txt | |
| chmod 400 ${{ github.workspace }}/deploy/prod/secrets/imap_pw.txt | |
| touch ${{ github.workspace }}/deploy/prod/secrets/cleo_url.txt | |
| echo "${{ secrets.PROD_CLEO_URL }}" >> ${{ github.workspace }}/deploy/prod/secrets/cleo_url.txt | |
| chmod 400 ${{ github.workspace }}/deploy/prod/secrets/cleo_url.txt | |
| touch ${{ github.workspace }}/deploy/prod/secrets/cleo_user.txt | |
| echo "${{ secrets.PROD_CLEO_USER }}" >> ${{ github.workspace }}/deploy/prod/secrets/cleo_user.txt | |
| chmod 400 ${{ github.workspace }}/deploy/prod/secrets/cleo_user.txt | |
| touch ${{ github.workspace }}/deploy/prod/secrets/cleo_pw.txt | |
| echo "${{ secrets.PROD_CLEO_PW }}" >> ${{ github.workspace }}/deploy/prod/secrets/cleo_pw.txt | |
| chmod 400 ${{ github.workspace }}/deploy/prod/secrets/cleo_pw.txt | |
| touch ${{ github.workspace }}/deploy/prod/secrets/cleo_project.txt | |
| echo "${{ secrets.PROD_CLEO_PROJECT }}" >> ${{ github.workspace }}/deploy/prod/secrets/cleo_project.txt | |
| chmod 400 ${{ github.workspace }}/deploy/prod/secrets/cleo_project.txt | |
| touch ${{ github.workspace }}/deploy/prod/secrets/sender_server.txt | |
| echo "${{ secrets.PROD_SENDER_SERVER }}" >> ${{ github.workspace }}/deploy/prod/secrets/sender_server.txt | |
| chmod 400 ${{ github.workspace }}/deploy/prod/secrets/sender_server.txt | |
| touch ${{ github.workspace }}/deploy/prod/secrets/sender_port.txt | |
| echo "${{ secrets.PROD_SENDER_PORT }}" >> ${{ github.workspace }}/deploy/prod/secrets/sender_port.txt | |
| chmod 400 ${{ github.workspace }}/deploy/prod/secrets/sender_port.txt | |
| touch ${{ github.workspace }}/deploy/prod/secrets/sender_replyto.txt | |
| echo "${{ secrets.PROD_SENDER_REPLYTO }}" >> ${{ github.workspace }}/deploy/prod/secrets/sender_replyto.txt | |
| chmod 400 ${{ github.workspace }}/deploy/prod/secrets/sender_replyto.txt | |
| touch ${{ github.workspace }}/deploy/prod/secrets/sender_user.txt | |
| echo "${{ secrets.PROD_SENDER_USER }}" >> ${{ github.workspace }}/deploy/prod/secrets/sender_user.txt | |
| chmod 400 ${{ github.workspace }}/deploy/prod/secrets/sender_user.txt | |
| touch ${{ github.workspace }}/deploy/prod/secrets/sender_pw.txt | |
| echo "${{ secrets.PROD_SENDER_PW }}" >> ${{ github.workspace }}/deploy/prod/secrets/sender_pw.txt | |
| chmod 400 ${{ github.workspace }}/deploy/prod/secrets/sender_pw.txt | |
| touch ${{ github.workspace }}/deploy/prod/secrets/flask_uploader_app_secret_key.txt | |
| echo "${{ secrets.PROD_FLASK_UPLOADER_APP_SECRET_KEY }}" >> ${{ github.workspace }}/deploy/prod/secrets/flask_uploader_app_secret_key.txt | |
| chmod 400 ${{ github.workspace }}/deploy/prod/secrets/flask_uploader_app_secret_key.txt | |
| touch ${{ github.workspace }}/deploy/prod/secrets/uploader_salt.txt | |
| echo "${{ secrets.PROD_UPLOADER_SALT }}" >> ${{ github.workspace }}/deploy/prod/secrets/uploader_salt.txt | |
| chmod 400 ${{ github.workspace }}/deploy/prod/secrets/uploader_salt.txt | |
| touch ${{ github.workspace }}/deploy/prod/secrets/openai_api_key.txt | |
| echo "${{ secrets.OPENAI_API_KEY }}" >> ${{ github.workspace }}/deploy/prod/secrets/openai_api_key.txt | |
| chmod 400 ${{ github.workspace }}/deploy/prod/secrets/openai_api_key.txt | |
| touch ${{ github.workspace }}/deploy/prod/secrets/hf_token.txt | |
| echo "${{ secrets.HF_TOKEN }}" >> ${{ github.workspace }}/deploy/prod/secrets/hf_token.txt | |
| chmod 400 ${{ github.workspace }}/deploy/prod/secrets/hf_token.txt | |
| # create env file to set tag(s) for docker-compose | |
| - name: Create Env File | |
| run: | | |
| touch ${{ github.workspace }}/deploy/prod/.env | |
| export tag="${GITHUB_REF#refs/heads/}" | |
| export tag="${tag//\//-}.${GITHUB_SHA}" | |
| echo "TAG=${tag}" >> ${{ github.workspace }}/deploy/prod/.env | |
| # stop any existing docker compose that's running | |
| - name: Stop Docker Compose | |
| run: | | |
| ssh submit-t3desk 'bash -s' < ${{ github.workspace }}/deploy/prod/prod-stop.sh | |
| # copy repository to machine | |
| - name: Copy Repository | |
| run: | | |
| rsync -e ssh -r ${{ github.workspace}}/* --exclude .git/ --delete submit-t3desk:~/A2rchi-prod/ | |
| # run deploy script | |
| - name: Run Deploy Script | |
| run: | | |
| ssh submit-t3desk 'bash -s' < ${{ github.workspace }}/deploy/prod/prod-install.sh | |
| # clean up secret files | |
| - name: Remove Secrets from Runner | |
| run: | | |
| rm ${{ github.workspace }}/deploy/prod/secrets/cleo_*.txt | |
| rm ${{ github.workspace }}/deploy/prod/secrets/imap_*.txt | |
| rm ${{ github.workspace }}/deploy/prod/secrets/sender_*.txt | |
| rm ${{ github.workspace }}/deploy/prod/secrets/flask_uploader_app_secret_key.txt | |
| rm ${{ github.workspace }}/deploy/prod/secrets/uploader_salt.txt | |
| rm ${{ github.workspace }}/deploy/prod/secrets/openai_api_key.txt | |
| rm ${{ github.workspace }}/deploy/prod/secrets/hf_token.txt | |
| # print job status | |
| - run: echo "🍏 This job's status is ${{ job.status }}." |