Merge pull request #150 from bl4drnnr/web-interface-dev #154
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and deployment | |
| on: | |
| push: | |
| branches: [ master ] | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Get Github action IP | |
| id: ip | |
| uses: haythem/[email protected] | |
| - name: Configure AWS Credentials | |
| run: | | |
| aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }}; | |
| aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }}; | |
| aws configure set region eu-central-1; | |
| - name: Setting environment variables | |
| run: | | |
| echo "AWS_DEFAULT_REGION=eu-central-1" >> $GITHUB_ENV | |
| echo "AWS_FRONT_SG_NAME=mnemosyne-front" >> $GITHUB_ENV | |
| echo "AWS_PROXY_SG_NAME=mnemosyne-proxy" >> $GITHUB_ENV | |
| echo "AWS_API_SG_NAME=mnemosyne-api" >> $GITHUB_ENV | |
| - name: Get Proxy Security Group ID | |
| id: get_proxy_sg_id | |
| run: | | |
| PROXY_SG_ID=$(aws ec2 describe-security-groups --group-names ${{ env.AWS_PROXY_SG_NAME }} --query 'SecurityGroups[0].GroupId' --output text) | |
| echo "::set-output name=proxy_security_group_id::$PROXY_SG_ID" | |
| - name: Get API Security Group ID | |
| id: get_api_sg_id | |
| run: | | |
| SG_ID=$(aws ec2 describe-security-groups --group-names ${{ env.AWS_API_SG_NAME }} --query 'SecurityGroups[0].GroupId' --output text) | |
| echo "::set-output name=api_security_group_id::$SG_ID" | |
| - name: Add Github Actions IP to Security group | |
| run: | | |
| aws ec2 authorize-security-group-ingress --group-name ${{ env.AWS_FRONT_SG_NAME }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32; | |
| aws ec2 authorize-security-group-ingress --group-name ${{ env.AWS_PROXY_SG_NAME }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32; | |
| aws ec2 authorize-security-group-ingress --group-name ${{ env.AWS_API_SG_NAME }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32; | |
| aws ec2 authorize-security-group-ingress --group-name ${{ env.AWS_PROXY_SG_NAME }} --protocol all --cidr 0.0.0.0/0; | |
| aws ec2 authorize-security-group-ingress --group-name ${{ env.AWS_API_SG_NAME }} --protocol all --cidr 0.0.0.0/0; | |
| aws ec2 authorize-security-group-egress --group-id ${{ steps.get_proxy_sg_id.outputs.proxy_security_group_id }} --protocol all --cidr 0.0.0.0/0; | |
| aws ec2 authorize-security-group-egress --group-id ${{ steps.get_api_sg_id.outputs.api_security_group_id }} --protocol all --cidr 0.0.0.0/0; | |
| - name: Create the .ssh directory | |
| run: mkdir ~/.ssh && chmod 700 ~/.ssh | |
| - name: Install the deploy key for the front-end | |
| run: echo "${{ secrets.FE_DEPLOY_KEY }}" >> ~/.ssh/fe_deploy && chmod 600 ~/.ssh/fe_deploy | |
| - name: Install the deploy key for the back-end | |
| run: echo "${{ secrets.BE_DEPLOY_KEY }}" >> ~/.ssh/be_deploy && chmod 600 ~/.ssh/be_deploy | |
| - name: Install the deploy key for the proxy | |
| run: echo "${{ secrets.PROXY_DEPLOY_KEY }}" >> ~/.ssh/proxy_deploy && chmod 600 ~/.ssh/proxy_deploy | |
| - name: Create the known hosts file | |
| run: echo "${{ secrets.KNOWN_HOSTS }}" > ~/.ssh/known_hosts | |
| - name: Remotely trigger building and deployment script for the front-end | |
| run: ssh -i ~/.ssh/fe_deploy deployer@${{ secrets.FE_HOST_IP }} | |
| - name: Remotely trigger building and deployment script for the back-end | |
| run: ssh -i ~/.ssh/be_deploy deployer@${{ secrets.BE_HOST_IP }} | |
| - name: Remotely trigger building and deployment script for the proxy | |
| run: ssh -i ~/.ssh/proxy_deploy deployer@${{ secrets.PROXY_HOST_IP }} | |
| - name: Remove Github Actions IP from security group | |
| run: | | |
| aws ec2 revoke-security-group-ingress --group-name ${{ env.AWS_FRONT_SG_NAME }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32; | |
| aws ec2 revoke-security-group-ingress --group-name ${{ env.AWS_PROXY_SG_NAME }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32; | |
| aws ec2 revoke-security-group-ingress --group-name ${{ env.AWS_API_SG_NAME }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32; | |
| aws ec2 revoke-security-group-ingress --group-name ${{ env.AWS_PROXY_SG_NAME }} --protocol all --cidr 0.0.0.0/0; | |
| aws ec2 revoke-security-group-ingress --group-name ${{ env.AWS_API_SG_NAME }} --protocol all --cidr 0.0.0.0/0; | |
| aws ec2 revoke-security-group-egress --group-id ${{ steps.get_proxy_sg_id.outputs.proxy_security_group_id }} --protocol all --cidr 0.0.0.0/0; | |
| aws ec2 revoke-security-group-egress --group-id ${{ steps.get_api_sg_id.outputs.api_security_group_id }} --protocol all --cidr 0.0.0.0/0; | |
| if: always() |