Add staging deploy

Rajgupta36 · Feb 16, 2025 · f19faed · f19faed
1 parent a20db06
commit f19faed
Show file tree

Hide file tree

Showing 3 changed files with 68 additions and 21 deletions.
diff --git a/.github/ansible/production/proxy.yaml b/.github/ansible/production/proxy.yaml
@@ -7,18 +7,12 @@
         dest: ~/docker-compose.yaml
         mode: '0644'
 
-    - name: Copy proxy production configuration file
+    - name: Copy proxy configuration file
       ansible.builtin.copy:
         src: '{{ github_workspace }}/proxy/production.conf'
         dest: ~/production.conf
         mode: '0644'
 
-    - name: Copy proxy staging configuration file
-      ansible.builtin.copy:
-        src: '{{ github_workspace }}/proxy/staging.conf'
-        dest: ~/staging.conf
-        mode: '0644'
-
     - name: Update Docker images
       shell:
         cmd: docker compose pull

diff --git a/.github/ansible/staging/proxy.yaml b/.github/ansible/staging/proxy.yaml
@@ -0,0 +1,22 @@
+- name: Deploy Staging Nest Proxy
+  hosts: staging_nest_proxy
+  tasks:
+    - name: Copy proxy docker-compose.yaml
+      ansible.builtin.copy:
+        src: '{{ github_workspace }}/proxy/docker-compose.yaml'
+        dest: ~/docker-compose.yaml
+        mode: '0644'
+
+    - name: Copy proxy configuration file
+      ansible.builtin.copy:
+        src: '{{ github_workspace }}/proxy/staging.conf'
+        dest: ~/staging.conf
+        mode: '0644'
+
+    - name: Update Docker images
+      shell:
+        cmd: docker compose pull
+
+    - name: Retart proxy server
+      shell:
+        cmd: docker compose up -d
diff --git a/.github/workflows/run-ci-cd.yaml b/.github/workflows/run-ci-cd.yaml
@@ -180,7 +180,9 @@ jobs:
   build-docker-staging-images:
     name: Build Docker Staging Images
     environment: staging
-    if: false
+    if: |
+      github.repository == 'OWASP/Nest' &&
+      github.ref == 'refs/heads/main'
     needs:
       - code-ql
       - run-backend-tests
@@ -205,8 +207,8 @@ jobs:
       - name: Build backend image
         uses: docker/build-push-action@v6
         with:
-          cache-from: type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-backend:cache
-          cache-to: type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-backend:cache,mode=max
+          cache-from: type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-backend:staging-cache
+          cache-to: type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-backend:staging-cache,mode=max
           context: backend
           file: backend/Dockerfile.staging
           platforms: linux/amd64
@@ -226,22 +228,24 @@ jobs:
       - name: Build frontend image
         uses: docker/build-push-action@v6
         with:
-          cache-from: type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:cache
-          cache-to: type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:cache,mode=max
+          cache-from: type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:staging-cache
+          cache-to: type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:staging-cache,mode=max
           context: frontend
           file: frontend/Dockerfile.staging
           platforms: linux/amd64
           push: true
           tags: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:staging
 
-  deploy-nest-staging:
+  deploy-staging-nest:
     name: Deploy Nest Staging
     env:
       ANSIBLE_HOST_KEY_CHECKING: False
       NEST_HOST_IP_ADDRESS: '${{ secrets.NEST_HOST_IP_ADDRESS }}'
       NEST_SSH_PRIVATE_KEY_PATH: '${{ vars.NEST_SSH_PRIVATE_KEY_PATH }}'
     environment: staging
-    if: false
+    if: |
+      github.repository == 'OWASP/Nest' &&
+      github.ref == 'refs/heads/main'
     needs:
       - build-docker-staging-images
     runs-on: ubuntu-latest
@@ -288,6 +292,33 @@ jobs:
         working-directory: .github/ansible
         run: ansible-playbook -i inventory.yaml staging/nest.yaml -e "github_workspace=$GITHUB_WORKSPACE"
 
+  deploy-staging-nest-proxy:
+    name: Deploy Staging Nest Proxy
+    env:
+      ANSIBLE_HOST_KEY_CHECKING: False
+      PROXY_HOST_IP_ADDRESS: '${{ secrets.PROXY_HOST_IP_ADDRESS }}'
+      PROXY_SSH_PRIVATE_KEY_PATH: ${{ vars.PROXY_SSH_PRIVATE_KEY_PATH }}
+    environment: staging
+    if: |
+      github.repository == 'OWASP/Nest' &&
+      github.ref == 'refs/heads/main'
+    needs:
+      - deploy-staging-nest
+    runs-on: ubuntu-latest
+    steps:
+      - name: Check out repository
+        uses: actions/checkout@v4
+
+      - name: Prepare SSH key
+        run: |
+          mkdir -m 700 ~/.ssh
+          echo "${{ secrets.PROXY_SSH_PRIVATE_KEY }}" > ${{ env.PROXY_SSH_PRIVATE_KEY_PATH }}
+          chmod 400 ${{ env.PROXY_SSH_PRIVATE_KEY_PATH }}
+
+      - name: Run proxy deploy
+        working-directory: .github/ansible
+        run: ansible-playbook -i inventory.yaml staging/proxy.yaml -e "github_workspace=$GITHUB_WORKSPACE"
+
   build-docker-production-images:
     name: Build Docker Production Images
     environment: production
@@ -318,8 +349,8 @@ jobs:
       - name: Build backend image
         uses: docker/build-push-action@v6
         with:
-          cache-from: type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-backend:cache
-          cache-to: type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-backend:cache,mode=max
+          cache-from: type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-backend:production-cache
+          cache-to: type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-backend:production-cache,mode=max
           context: backend
           file: backend/Dockerfile.production
           platforms: linux/amd64
@@ -339,16 +370,16 @@ jobs:
       - name: Build frontend image
         uses: docker/build-push-action@v6
         with:
-          cache-from: type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:cache
-          cache-to: type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:cache,mode=max
+          cache-from: type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:production-cache
+          cache-to: type=registry,ref=${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:production-cache,mode=max
           context: frontend
           file: frontend/Dockerfile.production
           platforms: linux/amd64
           push: true
           tags: ${{ env.DOCKERHUB_USERNAME }}/owasp-nest-frontend:production
 
-  deploy-nest-production:
-    name: Deploy Nest Production
+  deploy-production-nest:
+    name: Deploy Nest to Production
     env:
       ANSIBLE_HOST_KEY_CHECKING: False
       NEST_HOST_IP_ADDRESS: '${{ secrets.NEST_HOST_IP_ADDRESS }}'
@@ -414,7 +445,7 @@ jobs:
       github.repository == 'OWASP/Nest' &&
       github.ref == 'refs/heads/main'
     needs:
-      - deploy-nest-production
+      - deploy-production-nest
     runs-on: ubuntu-latest
     steps:
       - name: Check out repository