misc(ci/cd): Move all declaration to Environtment vars #9
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build xyzuan-api-v2 Production Build | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Settle up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Declaring some Global Environtment vars | |
| run: | | |
| echo "BRANCH_NAME=${GITHUB_REF##*/}" >> $GITHUB_ENV | |
| echo "SHA=$(echo "$GITHUB_SHA" | head -c 7)" >> $GITHUB_ENV | |
| echo "ENV=production" >> $GITHUB_ENV | |
| echo "PORT=3131" >> $GITHUB_ENV | |
| echo "DOMAIN=xyzuan.my.id" >> $GITHUB_ENV | |
| echo "REGISTRY=ghcr.io/xyzuan" >> $GITHUB_ENV | |
| echo "IMAGE_NAME=xyzuan_api_v2" >> $GITHUB_ENV | |
| echo "DOCKERFILE=misc/Dockerfile.dev" >> $GITHUB_ENV | |
| - name: Authenticating to Eden Server realms. | |
| uses: webfactory/ssh-agent@v0.9.0 | |
| with: | |
| ssh-private-key: ${{ secrets.SERVER_PRIVATE_KEY }} | |
| - name: Authenticating to GHCR realms | |
| run: echo "${{ secrets.GH_TOKEN }}" | docker login -u "${{ github.actor }}" ghcr.io --password-stdin | |
| - name: Treaty Build the Docker image | |
| run: | | |
| docker build \ | |
| --build-arg PORT=${{ env.PORT }} \ | |
| --build-arg NODE_ENV=${{ env.ENV }} \ | |
| --build-arg DOMAIN=${{ env.DOMAIN }} \ | |
| --build-arg PASSWORD_PEPPER=${{ secrets.PASSWORD_PEPPER }} \ | |
| --build-arg DATABASE_URL=${{ secrets.DATABASE_URL_DEV }} \ | |
| --build-arg GOOGLE_CLIENT_ID=${{ secrets.GOOGLE_CLIENT_ID }} \ | |
| --build-arg GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET }} \ | |
| --build-arg GITHUB_CLIENT_ID=${{ secrets.GH_CLIENT_ID }} \ | |
| --build-arg GITHUB_CLIENT_SECRET=${{ secrets.GH_CLIENT_SECRET }} \ | |
| --build-arg LINKEDIN_CLIENT_ID=${{ secrets.LINKEDIN_CLIENT_ID }} \ | |
| --build-arg LINKEDIN_CLIENT_SECRET=${{ secrets.LINKEDIN_CLIENT_SECRET }} \ | |
| --build-arg TELEGRAM_TOKEN=${{ secrets.TELEGRAM_TOKEN }} \ | |
| --build-arg TELEGRAM_CHAT_ID=${{ secrets.TELEGRAM_CHAT_ID }} \ | |
| --build-arg CLOUDINARY_CLOUD_NAME=${{ secrets.CLOUDINARY_CLOUD_NAME }} \ | |
| --build-arg CLOUDINARY_API_KEY=${{ secrets.CLOUDINARY_API_KEY }} \ | |
| --build-arg CLOUDINARY_API_SECRET=${{ secrets.CLOUDINARY_API_SECRET }} \ | |
| -t ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BRANCH_NAME }} -f ${{ env.DOCKERFILE }} . | |
| - name: Adding tags to the Images | |
| run: | | |
| docker tag ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BRANCH_NAME }} ${{ env.IMAGE_NAME }}:${{env.SHA}} | |
| - name: Bring the Images to GHCR | |
| run: | | |
| docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BRANCH_NAME }} | |
| docker push ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{env.SHA}} | |
| - name: Serving the Images in Eden Server realms. | |
| run: | | |
| ssh-keyscan -t rsa ${{ secrets.SERVER_HOST }} >> ~/.ssh/known_hosts | |
| ssh ${{ github.actor }}@${{ secrets.SERVER_HOST }} << 'EOF' | |
| echo 'Authenticating to GHCR realms...' | |
| echo "${{ secrets.GH_TOKEN }}" | docker login -u "${{ github.actor }}" ghcr.io --password-stdin | |
| echo 'Pulling the latest image from GHCR...' | |
| docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BRANCH_NAME }} | |
| echo 'Force Blowing the exist Docker Container...' | |
| docker rm -f ${{ env.IMAGE_NAME }}-${{ env.BRANCH_NAME }} | |
| echo 'Running the Docker Container...' | |
| docker run -d \ | |
| --name ${{ env.IMAGE_NAME }}-${{ env.BRANCH_NAME }} \ | |
| --restart always \ | |
| --network nginx_default \ | |
| -p ${{ env.PORT }}:${{ env.PORT }} \ | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.BRANCH_NAME }} | |
| EOF |