ec_user replaced with secret variable in deploy.yml #7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to EC2 | |
| on: | |
| pull_request: | |
| types: [closed] | |
| branches: [ main ] | |
| workflow_dispatch: | |
| env: | |
| EC2_HOST: ${{ secrets.EC2_HOST }} | |
| DOCKER_IMAGE_TAG: ${{ github.sha }} | |
| S3_CONFIG_BUCKET: ${{ secrets.S3_CONFIG_BUCKET }} | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| if: github.event.pull_request.merged == true | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Download Vault Files from S3 | |
| run: | | |
| mkdir -p db_handler/vault | |
| aws s3 sync s3://${{ env.S3_CONFIG_BUCKET }}/vault/ db_handler/vault/ | |
| - name: Setup SSH and Known Hosts | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "${{ secrets.EC2_SSH_KEY }}" > ~/.ssh/id_rsa | |
| chmod 600 ~/.ssh/id_rsa | |
| ssh-keyscan -H -t rsa,ecdsa,ed25519 ${{ secrets.EC2_HOST }} 2>/dev/null > ~/.ssh/known_hosts || true | |
| # Debug information | |
| echo "Testing SSH connection..." | |
| ssh -i ~/.ssh/id_rsa -o BatchMode=yes -o StrictHostKeyChecking=no -o ConnectTimeout=5 ${{ secrets.EC2_USER }}@${{ secrets.EC2_HOST }} 'echo SSH connection successful' | |
| cat >>~/.ssh/config <<END | |
| Host ${{ secrets.EC2_HOST }} | |
| HostName ${{ secrets.EC2_HOST }} | |
| User ${{ secrets.EC2_USER }} | |
| IdentityFile ~/.ssh/id_rsa | |
| StrictHostKeyChecking no | |
| UserKnownHostsFile ~/.ssh/known_hosts | |
| END | |
| chmod 600 ~/.ssh/config | |
| - name: Copy Application Code to EC2 | |
| run: | | |
| # Create deployment package excluding git and cache files | |
| tar --exclude='./.git' \ | |
| --exclude='./.github' \ | |
| --exclude='./node_modules' \ | |
| --exclude='./__pycache__' \ | |
| --exclude='*.pyc' \ | |
| -czf deploy.tar.gz . | |
| echo "Copying files to EC2..." | |
| scp deploy.tar.gz ${{ secrets.EC2_USER }}@${{ secrets.EC2_HOST }}:~/ | |
| # Create deploy script | |
| echo '#!/bin/bash | |
| cd ~ | |
| tar -xzf deploy.tar.gz | |
| # Create vault directory if it doesn't exist | |
| mkdir -p /data/newsletter/vault | |
| # Sync latest vault files from S3 | |
| aws s3 sync s3://${{ env.S3_CONFIG_BUCKET }}/vault/ /data/newsletter/vault/ | |
| # Build and run Docker container | |
| docker build -t ailert-newsletter:${{ env.DOCKER_IMAGE_TAG }} . | |
| docker stop ailert-newsletter || true | |
| docker rm ailert-newsletter || true | |
| docker run -d \ | |
| --name ailert-newsletter \ | |
| -p 5000:5000 \ | |
| -v /data/newsletter/vault:/app/db_handler/vault \ | |
| --restart unless-stopped \ | |
| -e AWS_ACCESS_KEY_ID="${{ secrets.AWS_ACCESS_KEY_ID }}" \ | |
| -e AWS_SECRET_ACCESS_KEY="${{ secrets.AWS_SECRET_ACCESS_KEY }}" \ | |
| -e AWS_REGION="${{ env.AWS_REGION }}" \ | |
| -e SMTP_USERNAME="${{ secrets.SMTP_USERNAME }}" \ | |
| -e SMTP_PASSWORD="${{ secrets.SMTP_PASSWORD }}" \ | |
| -e JWT_SECRET="${{ secrets.JWT_SECRET }}" \ | |
| ailert-newsletter:${{ env.DOCKER_IMAGE_TAG }} | |
| # Cleanup | |
| rm -rf deploy.tar.gz | |
| docker system prune -f' > deploy.sh | |
| chmod +x deploy.sh | |
| - name: Deploy to EC2 | |
| run: | | |
| # Debug SSH connection | |
| echo "Testing connection before deployment..." | |
| if ! ssh ${{ secrets.EC2_USER }}@${{ secrets.EC2_HOST }} 'echo "Connection test successful"'; then | |
| echo "Failed to connect to EC2 instance" | |
| exit 1 | |
| fi | |
| echo "Creating deploy script..." | |
| cat > deploy.sh << 'EOL' | |
| #!/bin/bash | |
| set -e | |
| echo "Cleaning up old deployment..." | |
| rm -rf application/ | |
| mkdir -p application | |
| echo "Extracting new code..." | |
| tar -xzf deploy.tar.gz -C application/ | |
| echo "Setting up environment..." | |
| cd application/ | |
| # Create vault directory if it doesn't exist | |
| mkdir -p /data/newsletter/vault | |
| # Sync latest vault files from S3 | |
| aws s3 sync s3://${{ env.S3_CONFIG_BUCKET }}/vault/ /data/newsletter/vault/ | |
| echo "Building Docker image..." | |
| docker build -t ailert-newsletter:${{ env.DOCKER_IMAGE_TAG }} . | |
| echo "Stopping old container..." | |
| docker stop ailert-newsletter || true | |
| docker rm ailert-newsletter || true | |
| echo "Starting new container..." | |
| docker run -d \ | |
| --name ailert-newsletter \ | |
| -p 5000:5000 \ | |
| -v /data/newsletter/vault:/app/db_handler/vault \ | |
| --restart unless-stopped \ | |
| -e AWS_ACCESS_KEY_ID="${{ secrets.AWS_ACCESS_KEY_ID }}" \ | |
| -e AWS_SECRET_ACCESS_KEY="${{ secrets.AWS_SECRET_ACCESS_KEY }}" \ | |
| -e AWS_REGION="${{ secrets.AWS_REGION }}" \ | |
| -e SMTP_USERNAME="${{ secrets.SMTP_USERNAME }}" \ | |
| -e SMTP_PASSWORD="${{ secrets.SMTP_PASSWORD }}" \ | |
| -e JWT_SECRET="${{ secrets.JWT_SECRET }}" \ | |
| ailert-newsletter:${{ env.DOCKER_IMAGE_TAG }} | |
| echo "Cleaning up..." | |
| cd .. | |
| docker system prune -f | |
| rm -f deploy.tar.gz | |
| EOL | |
| chmod +x deploy.sh | |
| scp deploy.sh ${{ secrets.EC2_USER }}@${{ secrets.EC2_HOST }}:~/deploy.sh | |
| ssh ${{ secrets.EC2_USER }}@${{ secrets.EC2_HOST }} "./deploy.sh" | |
| - name: Cleanup | |
| if: always() | |
| run: | | |
| rm -f ~/.ssh/id_rsa | |
| rm -f deploy.sh |