pmlugato deploys A2rchi for root to prod #32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy A2rchi Prod for root | |
| run-name: ${{ github.actor }} deploys A2rchi for root to prod | |
| on: | |
| push: | |
| branches: | |
| - release-ROOT | |
| jobs: | |
| deploy-prod-system: | |
| runs-on: ubuntu-latest | |
| env: | |
| SSH_AUTH_SOCK: /tmp/ssh_agent.sock | |
| steps: | |
| # boilerplate message and pull repository to CI runner | |
| - run: echo "🎉 The job was automatically triggered by a ${{ github.event_name }} event." | |
| - uses: actions/checkout@v3 | |
| - run: echo "The ${{ github.repository }} repository has been cloned to the runner." | |
| # setup SSH | |
| - name: Setup SSH | |
| run: | | |
| mkdir -p /home/runner/.ssh/ | |
| echo "${{ secrets.SSH_PRIVATE_KEY_MDRUSSO }}" > /home/runner/.ssh/id_rsa_submit | |
| chmod 600 /home/runner/.ssh/id_rsa_submit | |
| echo "${{ secrets.SSH_SUBMIT_KNOWN_HOSTS }}" > ~/.ssh/known_hosts | |
| cp ${{ github.workspace }}/deploy/ssh_config /home/runner/.ssh/config | |
| ssh-agent -a $SSH_AUTH_SOCK > /dev/null | |
| ssh-add /home/runner/.ssh/id_rsa_submit | |
| # create secrets files for docker-compose | |
| - name: Create Secrets Files | |
| run: | | |
| mkdir -p ${{ github.workspace }}/deploy/prod-root/secrets/ | |
| workspace=${{ github.workspace }} | |
| env="prod-root" | |
| sed -i "s/WORKSPACE/${workspace//\//\\/}/" ${workspace}/deploy/create_secret.sh | |
| sed -i "s/ENV/${env}/" ${workspace}/deploy/create_secret.sh | |
| /bin/bash ${workspace}/deploy/create_secret.sh flask_uploader_app_secret_key.txt ${{ secrets.PROD_FLASK_UPLOADER_APP_SECRET_KEY }} | |
| /bin/bash ${workspace}/deploy/create_secret.sh uploader_salt.txt ${{ secrets.PROD_UPLOADER_SALT }} | |
| /bin/bash ${workspace}/deploy/create_secret.sh openai_api_key.txt ${{ secrets.OPENAI_API_KEY }} | |
| /bin/bash ${workspace}/deploy/create_secret.sh anthropic_api_key.txt ${{ secrets.ANTHROPIC_API_KEY }} | |
| /bin/bash ${workspace}/deploy/create_secret.sh hf_token.txt ${{ secrets.HF_TOKEN }} | |
| /bin/bash ${workspace}/deploy/create_secret.sh pg_password.txt ${{ secrets.PROD_ROOT_PG_PASSWORD }} | |
| /bin/bash ${workspace}/deploy/create_secret.sh grafana_password.txt ${{ secrets.PROD_ROOT_GRAFANA_PG_PASSWORD }} | |
| # create env file to set tag(s) for docker-compose | |
| - name: Create Env File | |
| run: | | |
| touch ${{ github.workspace }}/deploy/prod-root/.env | |
| export tag="${GITHUB_REF#refs/heads/}" | |
| export tag="${tag//\//-}.${GITHUB_SHA}" | |
| echo "TAG=${tag}" >> ${{ github.workspace }}/deploy/prod-root/.env | |
| # create deployment directory if it doesn't already exist | |
| - name: Create Directory | |
| run: | | |
| ssh submit-t3desk018 "mkdir -p ~/A2rchi-prod-root/" | |
| # stop any existing docker compose that's running | |
| - name: Stop Docker Compose | |
| run: | | |
| ssh submit-t3desk018 'bash -s' < ${{ github.workspace }}/deploy/prod-root/prod-root-stop.sh | |
| # copy repository to machine | |
| - name: Copy Repository | |
| run: | | |
| rsync -e ssh -r ${{ github.workspace}}/* --exclude .git/ --delete submit-t3desk018:~/A2rchi-prod-root/ | |
| # run deploy script | |
| - name: Run Deploy Script | |
| run: | | |
| export tag="${GITHUB_REF#refs/heads/}" | |
| export tag="${tag//\//-}.${GITHUB_SHA}" | |
| sed -i "s/BASE_TAG/${tag}/" ${{ github.workspace }}/deploy/prod-root/prod-root-install.sh | |
| ssh submit-t3desk018 'bash -s' < ${{ github.workspace }}/deploy/prod-root/prod-root-install.sh | |
| # clean up secret files | |
| - name: Remove Secrets from Runner | |
| run: | | |
| rm ${{ github.workspace }}/deploy/prod-root/secrets/*.txt | |
| # print job status | |
| - run: echo "🍏 This job's status is ${{ job.status }}." |