fix(env): Make NEXT_PUBLIC_DRIVE_LINK temporarily optional in environ… #58
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Production | |
| on: | |
| push: | |
| branches: [main] | |
| env: | |
| AWS_REGION: ap-southeast-2 | |
| jobs: | |
| lint-format: | |
| name: Linting and Formatting Checks | |
| uses: ./.github/workflows/lint-and-format.yml | |
| build: | |
| needs: lint-format | |
| name: Build | |
| runs-on: ubuntu-latest | |
| environment: Production | |
| permissions: | |
| id-token: write | |
| contents: read | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
| role-session-name: ${{ secrets.AWS_ROLE_SESSION_NAME }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Set up QEMU for ARM64 | |
| uses: docker/setup-qemu-action@v3 | |
| with: | |
| platforms: linux/arm64 | |
| - name: Cache Docker layers | |
| uses: actions/cache@v4 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-buildx-${{ github.sha }} | |
| restore-keys: | | |
| ${{ runner.os }}-buildx- | |
| - name: Build Docker container | |
| env: | |
| NEXT_PUBLIC_KEYCLOAK_REDIRECT_URI: ${{ secrets.NEXT_PUBLIC_KEYCLOAK_REDIRECT_URI }} | |
| NEXT_PUBLIC_AUTH_KEYCLOAK_ISSUER: ${{ secrets.NEXT_PUBLIC_AUTH_KEYCLOAK_ISSUER }} | |
| NEXT_PUBLIC_DRIVE_LINK: ${{ secrets.NEXT_PUBLIC_DRIVE_LINK }} | |
| NEXT_PUBLIC_UMAMI_WEBSITE_ID: ${{ secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID }} | |
| PRODUCTION_BUILD: 'true' | |
| run: | | |
| docker buildx build \ | |
| --cache-from=type=local,src=/tmp/.buildx-cache \ | |
| --cache-to=type=local,dest=/tmp/.buildx-cache-new,mode=max \ | |
| --secret id=NEXT_PUBLIC_KEYCLOAK_REDIRECT_URI \ | |
| --secret id=NEXT_PUBLIC_AUTH_KEYCLOAK_ISSUER \ | |
| --secret id=NEXT_PUBLIC_DRIVE_LINK \ | |
| --secret id=NEXT_PUBLIC_UMAMI_WEBSITE_ID \ | |
| --output type=docker,dest=csclub-website.tar \ | |
| --platform=linux/arm64 --file=Dockerfile -t csclub-website . | |
| gzip csclub-website.tar | |
| - name: Save Docker cache | |
| if: success() | |
| run: | | |
| rsync -a --delete /tmp/.buildx-cache-new/ /tmp/.buildx-cache/ | |
| - name: Copy image and compose file to S3 | |
| run: | | |
| aws s3 cp ./csclub-website.tar.gz s3://${{ secrets.AWS_S3_BUCKET }}/website/ | |
| aws s3 cp ./docker-compose.yml s3://${{ secrets.AWS_S3_BUCKET }}/website/ | |
| deploy: | |
| needs: build | |
| name: Deploy | |
| runs-on: ubuntu-latest | |
| environment: Production | |
| steps: | |
| - name: Deploy on EC2 | |
| env: | |
| KEY: ${{ secrets.SSH_EC2_KEY }} | |
| HOSTNAME: ${{ secrets.SSH_EC2_HOSTNAME }} | |
| USER: ${{ secrets.SSH_EC2_USER }} | |
| AUTH_SECRET: ${{ secrets.AUTH_SECRET }} | |
| AUTH_KEYCLOAK_ID: ${{ secrets.AUTH_KEYCLOAK_ID }} | |
| AUTH_KEYCLOAK_SECRET: ${{ secrets.AUTH_KEYCLOAK_SECRET }} | |
| AUTH_KEYCLOAK_ISSUER: ${{ secrets.AUTH_KEYCLOAK_ISSUER }} | |
| NEXT_PUBLIC_KEYCLOAK_REDIRECT_URI: ${{ secrets.NEXT_PUBLIC_KEYCLOAK_REDIRECT_URI }} | |
| NEXT_PUBLIC_AUTH_KEYCLOAK_ISSUER: ${{ secrets.NEXT_PUBLIC_AUTH_KEYCLOAK_ISSUER }} | |
| DATABASE_URL: ${{ secrets.DATABASE_URL }} | |
| DATABASE_AUTH_TOKEN: ${{ secrets.DATABASE_AUTH_TOKEN }} | |
| REDIS_URI: ${{ secrets.REDIS_URI }} | |
| NEXT_PUBLIC_DRIVE_LINK: ${{ secrets.NEXT_PUBLIC_DRIVE_LINK }} | |
| NEXT_PUBLIC_UMAMI_WEBSITE_ID: ${{ secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID }} | |
| SMTP_HOST: ${{ secrets.SMTP_HOST }} | |
| SMTP_USER: ${{ secrets.SMTP_USER }} | |
| SMTP_PASS: ${{ secrets.SMTP_PASS }} | |
| SMTP_EMAIL_ADDRESS: ${{ secrets.SMTP_EMAIL_ADDRESS }} | |
| SQUARE_ACCESS_TOKEN: ${{ secrets.SQUARE_ACCESS_TOKEN }} | |
| SQUARE_LOCATION_ID: ${{ secrets.SQUARE_LOCATION_ID }} | |
| run: | | |
| echo "$KEY" > private_key && chmod 600 private_key | |
| ssh -v -o StrictHostKeyChecking=no -i private_key ${USER}@${HOSTNAME} ' | |
| cd ~/website | |
| aws s3 cp s3://${{ secrets.AWS_S3_BUCKET }}/website/csclub-website.tar.gz . | |
| aws s3 cp s3://${{ secrets.AWS_S3_BUCKET }}/website/docker-compose.yml . | |
| echo AUTH_SECRET=${{ secrets.AUTH_SECRET }} > .env.local | |
| echo AUTH_KEYCLOAK_ID=${{ secrets.AUTH_KEYCLOAK_ID }} > .env.local | |
| echo AUTH_KEYCLOAK_SECRET=${{ secrets.AUTH_KEYCLOAK_SECRET }} >> .env.local | |
| echo AUTH_KEYCLOAK_ISSUER=${{ secrets.AUTH_KEYCLOAK_ISSUER }} >> .env.local | |
| echo NEXT_PUBLIC_KEYCLOAK_REDIRECT_URI=${{ secrets.NEXT_PUBLIC_KEYCLOAK_REDIRECT_URI }} >> .env.local | |
| echo NEXT_PUBLIC_AUTH_KEYCLOAK_ISSUER=${{ secrets.NEXT_PUBLIC_AUTH_KEYCLOAK_ISSUER }} >> .env.local | |
| echo DATABASE_URL=${{ secrets.DATABASE_URL }} >> .env.local | |
| echo DATABASE_AUTH_TOKEN=${{ secrets.DATABASE_AUTH_TOKEN }} >> .env.local | |
| echo REDIS_URI=${{ secrets.REDIS_URI }} >> .env.local | |
| echo NEXT_PUBLIC_DRIVE_LINK=${{ secrets.NEXT_PUBLIC_DRIVE_LINK }} >> .env.local | |
| echo NEXT_PUBLIC_UMAMI_WEBSITE_ID=${{ secrets.NEXT_PUBLIC_UMAMI_WEBSITE_ID }} >> .env.local | |
| echo SMTP_HOST=${{ secrets.SMTP_HOST }} >> .env.local | |
| echo SMTP_USER=${{ secrets.SMTP_USER }} >> .env.local | |
| echo SMTP_PASS=${{ secrets.SMTP_PASS }} >> .env.local | |
| echo SMTP_EMAIL_ADDRESS=${{ secrets.SMTP_EMAIL_ADDRESS }} >> .env.local | |
| echo SQUARE_ACCESS_TOKEN=${{ secrets.SQUARE_ACCESS_TOKEN }} >> .env.local | |
| echo SQUARE_LOCATION_ID=${{ secrets.SQUARE_LOCATION_ID }} >> .env.local | |
| docker load -i csclub-website.tar.gz | |
| docker compose up -d | |
| docker restart csclub-website | |
| ' |