diff --git a/.github/workflows/client-cd.yml b/.github/workflows/client-cd.yml index 6adc807..19dc987 100644 --- a/.github/workflows/client-cd.yml +++ b/.github/workflows/client-cd.yml @@ -48,6 +48,11 @@ jobs: if: github.ref == 'refs/heads/main' runs-on: ubuntu-latest steps: + - name: set up WARP (workaround for IPv6 on GitHub Actions) + uses: fscarmen/warp-on-actions@v1.1 + with: + stack: ipv6 + - name: checkout current repository uses: actions/checkout@v4 @@ -66,13 +71,19 @@ jobs: working-directory: ./client run: npm run build - - name: deploy assets to server - uses: appleboy/scp-action@v0.1.7 - with: - host: ${{ secrets.SSH_HOST }} - username: ${{ secrets.SSH_USER }} - key: ${{ secrets.SSH_KEY }} - port: ${{ secrets.SSH_PORT }} - source: "client/build/**" - target: "/var/www/stonks" - strip_components: 2 + - name: setup SSH for Ansible + shell: bash + run: | + eval `ssh-agent -s` + mkdir -p /home/runner/.ssh/ + touch /home/runner/.ssh/id_rsa + echo -e "${{secrets.SSH_KEY}}" > /home/runner/.ssh/id_rsa + chmod 700 /home/runner/.ssh/id_rsa + ssh-keyscan -t rsa,dsa,ecdsa,ed25519 ${{ secrets.SSH_HOST }} >> /home/runner/.ssh/known_hosts + + - name: run Ansible deployment playbook + shell: bash + working-directory: ./ansible + run: | + ansible-playbook -vv --private-key /home/runner/.ssh/id_rsa -u ${{secrets.SSH_USER}} -i ${{ secrets.SSH_HOST }}, frontend.yml + diff --git a/ansible/files/baltic-stocks-location.conf b/ansible/files/baltic-stocks-location.conf new file mode 100644 index 0000000..5be1312 --- /dev/null +++ b/ansible/files/baltic-stocks-location.conf @@ -0,0 +1,8 @@ +location /stonks { + alias /var/www/stonks/; + try_files $uri $uri/index.html /index.html; +} + +location ~ ^/stonks/api(/?.*) { + proxy_pass http://stonks-api/api$1$is_args$args; +} \ No newline at end of file diff --git a/ansible/files/baltic-stocks-upstream.conf b/ansible/files/baltic-stocks-upstream.conf new file mode 100644 index 0000000..6029532 --- /dev/null +++ b/ansible/files/baltic-stocks-upstream.conf @@ -0,0 +1,3 @@ +upstream stonks-api { + server localhost:12345; +} \ No newline at end of file diff --git a/ansible/frontend.yml b/ansible/frontend.yml new file mode 100644 index 0000000..be46b6d --- /dev/null +++ b/ansible/frontend.yml @@ -0,0 +1,89 @@ +--- + +- name: deploy frontend + hosts: all + tasks: + - name: apt update && apt upgrade + become: true + apt: + update_cache: yes + upgrade: yes + + - name: install dependencies + become: true + apt: + pkg: + - curl + - gnupg2 + - ca-certificates + - ubuntu-keyring + - rsync + + - name: download Nginx apt repository key + become: true + ansible.builtin.get_url: + url: https://nginx.org/keys/nginx_signing.key + dest: /etc/apt/keyrings/nginx.asc + + - name: add Nginx apt repository + become: true + ansible.builtin.apt_repository: + repo: deb [{% if ansible_architecture == "aarch64" %}arch=arm64{% endif %} signed-by=/etc/apt/keyrings/nginx.asc] https://nginx.org/packages/mainline/ubuntu {{ ansible_distribution_release }} stable + state: present + filename: nginx-test + + - name: increase Nginx repository priority + become: true + ansible.builtin.copy: + dest: /etc/apt/preferences.d/99nginx + content: | + Package: * + Pin: origin nginx.org + Pin: release o=nginx + Pin-Priority: 900 + + - name: install Nginx + become: true + apt: + pkg: + - nginx + + - name: deploy frontend files + ansible.posix.synchronize: + src: ../client/build/ + dest: /var/www/stonks + + - name: deploy nginx conf fragments + copy: + src: '{{item}}' + dest: '/etc/nginx/conf.d/' + loop: + - baltic-stocks-upstream.conf + - baltic-stocks-location.conf + tags: this + + + - name: include upstream block in nginx.conf + become: true + lineinfile: + path: /etc/nginx/nginx.conf + search_string: "include /etc/nginx/conf.d/baltic-stocks-upstream.conf;" + insertafter: "http {" + line: " include /etc/nginx/conf.d/baltic-stocks-upstream.conf;" + tags: this + + - name: include location block in nginx.conf + become: true + lineinfile: + path: /etc/nginx/nginx.conf + search_string: "include /etc/nginx/conf.d/baltic-stocks-location.conf;" + insertafter: 'listen\s*\[::\]:443 ssl default_server;' + line: " include /etc/nginx/conf.d/baltic-stocks-location.conf;" + tags: this + + - name: enable and run Nginx + become: true + ansible.builtin.systemd_service: + name: nginx.service + enabled: true + state: reloaded