Merge pull request #346 from kodustech/feat/suggestions-in-rules #297
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Workflow QA | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| build_and_push_image: | |
| name: Build and push image | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/[email protected] | |
| # see: https://github.com/aws-actions/configure-aws-credentials | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/[email protected] | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/[email protected] | |
| - name: Build, tag, and push image to Amazon ECR | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| ECR_REPOSITORY: kodus-orchestrator-qa | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker build --build-arg RELEASE_VERSION=${{ env.RELEASE_VERSION }} --build-arg API_CLOUD_MODE=true -f DockerFiles/Dockerfile.qa -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| - name: Log out of Amazon ECR | |
| if: always() | |
| run: docker logout ${{ steps.login-ecr.outputs.registry }} | |
| - name: Cleanup Docker image | |
| run: docker rmi $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG || true | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| ECR_REPOSITORY: kodus-orchestrator-prod | |
| IMAGE_TAG: ${{ github.sha }} | |
| deploy_in_server: | |
| name: Deploy in server | |
| runs-on: ubuntu-latest | |
| needs: build_and_push_image | |
| steps: | |
| - name: Get runner IP | |
| run: | | |
| ip=$(curl -s https://ipinfo.io/ip) | |
| echo "::add-mask::$ip" | |
| echo "runner_ip=$ip" >> $GITHUB_ENV | |
| - name: Add Github Actions IP to Security group as a Postgres inbound rule | |
| run: | | |
| aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SECURITY_GROUP }} --protocol tcp --port 22 --cidr ${{ env.runner_ip }}/32 > /dev/null 2>&1 | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }} | |
| - name: Execute start-app.sh on EC2 | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ secrets.AWS_QA_HOST }} | |
| username: ${{ secrets.AWS_QA_USERNAME }} | |
| key: ${{ secrets.AWS_QA_KEY_SSH }} | |
| script: | | |
| cd ~/kodus-orchestrator | |
| ./start-app.sh qa ${{ github.sha }} ${{ github.ref }} > /dev/null 2>&1 | |
| - name: Remove Github Actions IP from security group | |
| run: | | |
| aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SECURITY_GROUP }} --protocol tcp --port 22 --cidr ${{ env.runner_ip }}/32 > /dev/null 2>&1 | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }} | |
| if: always() | |
| - name: Notify Discord on Success | |
| if: success() | |
| uses: sarisia/[email protected] | |
| with: | |
| webhook: ${{ secrets.DISCORD_WEBHOOK }} | |
| content: ":tada: Build and deployment successful!" | |
| title: "Deploy QA: kodus-ai" | |
| username: "GitHub Actions" | |
| color: 0x00FF00 | |
| - name: Notify Discord on Failure | |
| if: failure() | |
| uses: sarisia/[email protected] | |
| with: | |
| webhook: ${{ secrets.DISCORD_WEBHOOK }} | |
| content: ":x: Build or deployment failed. Please check the logs." | |
| title: "Deploy QA: kodus-ai" | |
| username: "GitHub Actions" | |
| color: 0xFF0000 |