ci: Update github-projects.yml #168
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker Compose Deployment CI | |
on: | |
push: | |
branches: | |
- main | |
- deploy-* | |
jobs: | |
deploy: | |
runs-on: ubuntu-latest | |
steps: | |
- name: checkout repo on current branch | |
uses: actions/checkout@v3 | |
with: | |
# there seem to be no choice but fetch-depth 0 to be able to checkout main | |
fetch-depth: 0 | |
- name: Set env variables | |
run: | | |
# direct container access | |
# deploy target | |
echo "SSH_HOST=10.1.0.203" >> $GITHUB_ENV | |
echo "SSH_PROXY_HOST=ovh1.openfoodfacts.org" >> $GITHUB_ENV | |
echo "SSH_USERNAME=off" >> $GITHUB_ENV | |
# did only config change ? (in this case we only need a restart) | |
declare current_branch=$(git rev-parse --abbrev-ref HEAD) | |
echo $current_branch | |
declare before=${{ github.event.before }} | |
if [[ $before =~ ^00000 ]] | |
then | |
# use main as reference | |
git checkout -b main --track origin/main | |
git checkout $current_branch | |
declare before=main | |
fi | |
echo before is: $before | |
echo head is: ${{ github.event.head }} | |
if ( git diff --name-only $before ${{ github.event.after }} |grep -v configs/ ) | |
then | |
echo "RESTART_ONLY=no" >> $GITHUB_ENV | |
else | |
echo "RESTART_ONLY=yes" >> $GITHUB_ENV | |
fi | |
echo "Changed file:" | |
git diff --name-only $before ${{ github.event.after }} | |
- name: Checkout git repository | |
uses: appleboy/ssh-action@master | |
with: | |
host: ${{ env.SSH_HOST }} | |
username: ${{ env.SSH_USERNAME }} | |
key: ${{ secrets.SSH_PRIVATE_KEY }} | |
proxy_host: ${{ env.SSH_PROXY_HOST }} | |
proxy_username: ${{ env.SSH_USERNAME }} | |
proxy_key: ${{ secrets.SSH_PRIVATE_KEY }} | |
script_stop: false | |
script: | | |
echo "RESTART_ONLY is ${{ env.RESTART_ONLY }}" | |
# Clone Git repository if not already there | |
[ ! -d 'monitoring' ] && git clone --depth 1 https://github.com/${{ github.repository }} monitoring --no-single-branch 2>&1 | |
# Go to repository directory | |
cd monitoring/ | |
# Fetch newest commits (in case it wasn't freshly cloned) | |
# and Checkout current commit SHA | |
git fetch --depth 1 && \ | |
git checkout -qf ${{ github.sha }} | |
- name: Set environment variables in .env | |
uses: appleboy/ssh-action@master | |
with: | |
host: ${{ env.SSH_HOST }} | |
username: ${{ env.SSH_USERNAME }} | |
key: ${{ secrets.SSH_PRIVATE_KEY }} | |
proxy_host: ${{ env.SSH_PROXY_HOST }} | |
proxy_username: ${{ env.SSH_USERNAME }} | |
proxy_key: ${{ secrets.SSH_PRIVATE_KEY }} | |
script_stop: false | |
script: | | |
# Go to repository directory | |
cd monitoring/ | |
# Set Docker Compose variables | |
echo "DOCKER_CLIENT_TIMEOUT=120" > .env | |
echo "COMPOSE_HTTP_TIMEOUT=120" >> .env | |
echo "COMPOSE_PROJECT_NAME=monitoring" >> .env | |
echo "COMPOSE_PATH_SEPARATOR=;" >> .env | |
echo "COMPOSE_FILE=docker-compose.yml;docker/prod.yml" >> .env | |
# Grafana | |
echo "GF_SERVER_ROUTER_LOGGING=true" >> .env | |
echo "GF_SECURITY_ADMIN_USER=off" >> .env | |
echo "GF_SECURITY_ADMIN_PASSWORD=${{ secrets.GF_SECURITY_ADMIN_PASSWORD }}" >> .env | |
echo "GF_AUTH_GOOGLE_CLIENT_ID=${{ secrets.GOOGLE_OAUTH2_CLIENT_ID }}" >> .env | |
echo "GF_AUTH_GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_OAUTH2_CLIENT_SECRET }}" >> .env | |
# Alertmanager | |
echo "SLACK_WEBHOOK_URL_INFRASTRUCTURE_ALERTS_0=${{ secrets.SLACK_WEBHOOK_URL_INFRASTRUCTURE_ALERTS_0 }}" >> .env | |
# InfluxDB | |
echo "INFLUXDB_ADMIN_USER=off" >> .env | |
echo "INFLUXDB_ADMIN_PASSWORD=${{ secrets.INFLUXDB_ADMIN_PASSWORD }}" >> .env | |
echo "INFLUXDB_DB=db0" >> .env | |
# set secrets | |
mkdir -p configs/prometheus/secrets | |
echo "${{ secrets.FREE_EXPORTERS_PASSWORD }}" > configs/prometheus/secrets/free-exporters.txt | |
- name: Run envsubst on Prometheus configs | |
uses: appleboy/ssh-action@master | |
with: | |
host: ${{ env.SSH_HOST }} | |
username: ${{ env.SSH_USERNAME }} | |
key: ${{ secrets.SSH_PRIVATE_KEY }} | |
proxy_host: ${{ env.SSH_PROXY_HOST }} | |
proxy_username: ${{ env.SSH_USERNAME }} | |
proxy_key: ${{ secrets.SSH_PRIVATE_KEY }} | |
script_stop: false | |
script: | | |
cd monitoring/ | |
make replace_env | |
- name: Create external Docker volumes | |
uses: appleboy/ssh-action@master | |
if: env.RESTART_ONLY == 'no' | |
with: | |
host: ${{ env.SSH_HOST }} | |
username: ${{ env.SSH_USERNAME }} | |
key: ${{ secrets.SSH_PRIVATE_KEY }} | |
proxy_host: ${{ env.SSH_PROXY_HOST }} | |
proxy_username: ${{ env.SSH_USERNAME }} | |
proxy_key: ${{ secrets.SSH_PRIVATE_KEY }} | |
script_stop: false | |
script: | | |
cd monitoring/ | |
make create_external_volumes | |
- name: Recreate & start services | |
uses: appleboy/ssh-action@master | |
if: env.RESTART_ONLY == 'no' | |
with: | |
host: ${{ env.SSH_HOST }} | |
username: ${{ env.SSH_USERNAME }} | |
key: ${{ secrets.SSH_PRIVATE_KEY }} | |
proxy_host: ${{ env.SSH_PROXY_HOST }} | |
proxy_username: ${{ env.SSH_USERNAME }} | |
proxy_key: ${{ secrets.SSH_PRIVATE_KEY }} | |
script_stop: false | |
script: | | |
cd monitoring/ | |
make create_backups_dir && \ | |
make down && \ | |
make up | |
- name: re-start services only | |
uses: appleboy/ssh-action@master | |
if: env.RESTART_ONLY == 'yes' | |
with: | |
host: ${{ env.SSH_HOST }} | |
username: ${{ env.SSH_USERNAME }} | |
key: ${{ secrets.SSH_PRIVATE_KEY }} | |
proxy_host: ${{ env.SSH_PROXY_HOST }} | |
proxy_username: ${{ env.SSH_USERNAME }} | |
proxy_key: ${{ secrets.SSH_PRIVATE_KEY }} | |
script_stop: false | |
script: | | |
cd monitoring/ | |
make restart | |
- name: Check services are up | |
uses: appleboy/ssh-action@master | |
if: ${{ always() }} | |
with: | |
host: ${{ env.SSH_HOST }} | |
username: ${{ env.SSH_USERNAME }} | |
key: ${{ secrets.SSH_PRIVATE_KEY }} | |
proxy_host: ${{ env.SSH_PROXY_HOST }} | |
proxy_username: ${{ env.SSH_USERNAME }} | |
proxy_key: ${{ secrets.SSH_PRIVATE_KEY }} | |
script_stop: false | |
script: | | |
cd monitoring/ | |
make livecheck | |
- name: Cleanup obsolete Docker objects | |
uses: appleboy/ssh-action@master | |
if: env.RESTART_ONLY == 'no' | |
with: | |
host: ${{ env.SSH_HOST }} | |
username: ${{ env.SSH_USERNAME }} | |
key: ${{ secrets.SSH_PRIVATE_KEY }} | |
proxy_host: ${{ env.SSH_PROXY_HOST }} | |
proxy_username: ${{ env.SSH_USERNAME }} | |
proxy_key: ${{ secrets.SSH_PRIVATE_KEY }} | |
script_stop: false | |
script: | | |
cd monitoring/ | |
make prune |