Test Push. #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD with Terraform | |
| on: | |
| push: | |
| branches: main | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| TF_STATE_BUCKET_NAME: ${{ secrets.AWS_TF_STATE_BUCKET_NAME }} | |
| PRIVATE_SSH_KEY: ${{ secrets.AWS_SSH_KEY_PRIVATE }} | |
| PUBLIC_SSH_KEY: ${{ secrets.AWS_SSH_KEY_PUBLIC }} | |
| AWS_REGION: us-east-2 | |
| jobs: | |
| deploy-infra: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| SERVER_PUBLIC_IP: ${{ steps.set-ip.outputs.instance_public_ip}} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v2 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v1 | |
| with: | |
| terraform_wrapper: false | |
| - name: Terraform Init | |
| id: init | |
| run: terraform init -backend-config="bucket=$TF_STATE_BUCKET_NAME" -backend-config="region=us-east-2" | |
| working-directory: ./terraform | |
| - name: Terraform Plan | |
| id: plan | |
| run: |- | |
| terraform plan \ | |
| -var="region=us-east-2" \ | |
| -var="public_key=$PUBLIC_SSH_KEY" \ | |
| -var="private_key=$PRIVATE_SSH_KEY" \ | |
| -var="key_name=deployer-key" \ | |
| -out=PLAN | |
| working-directory: ./terraform | |
| - name: Terraform Apply | |
| id: apply | |
| run: terraform apply PLAN | |
| working-directory: ./terraform | |
| - name: Set Output | |
| id: set-ip | |
| run: |- | |
| echo "::set-output name=instance_public_ip::$(terraform output instance_public_ip)" | |
| working-directory: ./terraform | |
| deploy-apps: | |
| runs-on: ubuntu-latest | |
| needs: deploy-infra | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Set IP env variable | |
| run: echo SERVER_PUBLIC_IP=${{ needs.deploy-infra.outputs.SERVER_PUBLIC_IP }} >> $GITHUB_ENV | |
| - name: Login to AWS ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Build, push docker image | |
| env: | |
| REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| REPOSITORY: fastapi-app | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: |- | |
| docker build -t $REGISTRY/$REPOSITORY:$IMAGE_TAG . | |
| docker push $REGISTRY/$REPOSITORY:$IMAGE_TAG | |
| - name: Deploy docker image to EC2 | |
| env: | |
| REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| REPOSITORY: fastapi-app | |
| IMAGE_TAG: ${{ github.sha }} | |
| AWS_DEFAULT_REGION: us-east-2 | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ env.SERVER_PUBLIC_IP }} | |
| username: ubuntu | |
| key: ${{ env.PRIVATE_SSH_KEY }} | |
| envs: PRIVATE_SSH_KEY,REGISTRY,REPOSITORY,IMAGE_TAG,AWS_ACCESS_KEY_ID,AWS_SECRET_ACCESS_KEY,AWS_DEFAULT_REGION,AWS_REGION | |
| script: |- | |
| sudo apt update | |
| sudo apt install docker.io -y | |
| sudo apt install awscli -y | |
| sudo $(aws ecr get-login --no-include-email --region us-east-2); | |
| sudo docker stop myappcontainer || true | |
| sudo docker rm myappcontainer || true | |
| sudo docker pull $REGISTRY/$REPOSITORY:$IMAGE_TAG | |
| sudo docker run -d --name myappcontainer -p 80:80 $REGISTRY/$REPOSITORY:$IMAGE_TAG |