-
Notifications
You must be signed in to change notification settings - Fork 7
82 lines (73 loc) · 3.68 KB
/
prod-root-ci-cd.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
name: Deploy A2rchi Prod for root
run-name: ${{ github.actor }} deploys A2rchi for root to prod
on:
push:
branches:
- release-ROOT
jobs:
deploy-prod-system:
runs-on: ubuntu-latest
env:
SSH_AUTH_SOCK: /tmp/ssh_agent.sock
steps:
# boilerplate message and pull repository to CI runner
- run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event."
- uses: actions/checkout@v3
- run: echo "The ${{ github.repository }} repository has been cloned to the runner."
# setup SSH
- name: Setup SSH
run: |
mkdir -p /home/runner/.ssh/
echo "${{ secrets.SSH_PRIVATE_KEY_MDRUSSO }}" > /home/runner/.ssh/id_rsa_submit
chmod 600 /home/runner/.ssh/id_rsa_submit
echo "${{ secrets.SSH_SUBMIT_KNOWN_HOSTS }}" > ~/.ssh/known_hosts
cp ${{ github.workspace }}/deploy/ssh_config /home/runner/.ssh/config
ssh-agent -a $SSH_AUTH_SOCK > /dev/null
ssh-add /home/runner/.ssh/id_rsa_submit
# create secrets files for docker-compose
- name: Create Secrets Files
run: |
mkdir -p ${{ github.workspace }}/deploy/prod-root/secrets/
workspace=${{ github.workspace }}
env="prod-root"
sed -i "s/WORKSPACE/${workspace//\//\\/}/" ${workspace}/deploy/create_secret.sh
sed -i "s/ENV/${env}/" ${workspace}/deploy/create_secret.sh
/bin/bash ${workspace}/deploy/create_secret.sh flask_uploader_app_secret_key.txt ${{ secrets.PROD_FLASK_UPLOADER_APP_SECRET_KEY }}
/bin/bash ${workspace}/deploy/create_secret.sh uploader_salt.txt ${{ secrets.PROD_UPLOADER_SALT }}
/bin/bash ${workspace}/deploy/create_secret.sh openai_api_key.txt ${{ secrets.OPENAI_API_KEY }}
/bin/bash ${workspace}/deploy/create_secret.sh anthropic_api_key.txt ${{ secrets.ANTHROPIC_API_KEY }}
/bin/bash ${workspace}/deploy/create_secret.sh hf_token.txt ${{ secrets.HF_TOKEN }}
/bin/bash ${workspace}/deploy/create_secret.sh pg_password.txt ${{ secrets.PROD_ROOT_PG_PASSWORD }}
/bin/bash ${workspace}/deploy/create_secret.sh grafana_password.txt ${{ secrets.PROD_ROOT_GRAFANA_PG_PASSWORD }}
# create env file to set tag(s) for docker-compose
- name: Create Env File
run: |
touch ${{ github.workspace }}/deploy/prod-root/.env
export tag="${GITHUB_REF#refs/heads/}"
export tag="${tag//\//-}.${GITHUB_SHA}"
echo "TAG=${tag}" >> ${{ github.workspace }}/deploy/prod-root/.env
# create deployment directory if it doesn't already exist
- name: Create Directory
run: |
ssh submit-t3desk018 "mkdir -p ~/A2rchi-prod-root/"
# stop any existing docker compose that's running
- name: Stop Docker Compose
run: |
ssh submit-t3desk018 'bash -s' < ${{ github.workspace }}/deploy/prod-root/prod-root-stop.sh
# copy repository to machine
- name: Copy Repository
run: |
rsync -e ssh -r ${{ github.workspace}}/* --exclude .git/ --delete submit-t3desk018:~/A2rchi-prod-root/
# run deploy script
- name: Run Deploy Script
run: |
export tag="${GITHUB_REF#refs/heads/}"
export tag="${tag//\//-}.${GITHUB_SHA}"
sed -i "s/BASE_TAG/${tag}/" ${{ github.workspace }}/deploy/prod-root/prod-root-install.sh
ssh submit-t3desk018 'bash -s' < ${{ github.workspace }}/deploy/prod-root/prod-root-install.sh
# clean up secret files
- name: Remove Secrets from Runner
run: |
rm ${{ github.workspace }}/deploy/prod-root/secrets/*.txt
# print job status
- run: echo "🍏 This job's status is ${{ job.status }}."