.github/workflows/backend_deploy_prod.yaml

name: Prod backend build and deploy

concurrency:
  group: prod_deploy
  cancel-in-progress: true

on:
  pull_request:
    branches:
      - master
    types: [closed]

env:
  REGISTRY: ghcr.io
  IMAGE_NAME: lubimovka_backend
  DEPLOY_PATH: /LUBIMOVKA

defaults:
  run:
    working-directory: .

jobs:
  tests:
    name: Run tests
    runs-on: ubuntu-latest
    steps:
    -
      name: Check out the repo
      uses: actions/checkout@v2
    -
      name: Set up Python
      uses: actions/setup-python@v2
      with:
        python-version: 3.9
    -
      name: Install dependencies
      run: |
        python -m pip install --upgrade pip
        pip install -r requirements/dev.txt
    -
      name: Test with pytest
      run: pytest

  build-and-push-image-to-github-packages:
    name: Push Docker image to GitHub Packages
    runs-on: ubuntu-latest
    needs: tests
    permissions:
      contents: read
      packages: write
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
        with:
          ref: master
      -
        name: Docker login
        uses: docker/login-action@v1
        with:
          registry: ${{ env.REGISTRY }}
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}
      -
        name: Set variables
        run: |
          echo REP_OWNER=$(echo ${{ github.repository_owner }} | tr '[:upper:]' '[:lower:]') >> $GITHUB_ENV
      -
        name: Build and push
        uses: docker/build-push-action@v2
        with:
          context: .
          file: Dockerfile_prod
          labels: runnumber=${GITHUB_RUN_ID}
          push: true
          tags: |
            ${{ env.REGISTRY }}/${{ env.REP_OWNER }}/${{ env.IMAGE_NAME }}:prod,
            ${{ env.REGISTRY }}/${{ env.REP_OWNER }}/${{ env.IMAGE_NAME }}:latest,
            ${{ env.REGISTRY }}/${{ env.REP_OWNER }}/${{ env.IMAGE_NAME }}:${{ github.sha }}

  deploy:
    name: Deploy changes on server
    runs-on: ubuntu-latest
    environment:
      name: prod_deploy
    needs: build-and-push-image-to-github-packages
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
        with:
          ref: master
      -
        name: Create SSH key
        # (SSH_KNOWN_HOSTS=ssh-keyscan -H сервер, SSH_PRIVATE_KEY - ключ с ПК, которому разрешен вход)
        run: |
          mkdir -p ~/.ssh
          chmod 700 ~/.ssh
          echo "${{ secrets.SSH_KNOWN_HOSTS }}" > ~/.ssh/known_hosts
          chmod 644 ~/.ssh/known_hosts
          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
          chmod 600 ~/.ssh/id_rsa
      -
        name: Create folder for application
        run: ssh ${{ secrets.USERNAME }}@${{ secrets.HOST }} mkdir -p ${{ env.DEPLOY_PATH }}
      -
        name: Deploy with scp
        run: scp -r infra_deploy/prod/ ${{ secrets.USERNAME }}@${{ secrets.HOST }}:${{ env.DEPLOY_PATH }}
      -
        name: Copy postfix setup
        run: scp -r infra_deploy/postfix/ ${{ secrets.USERNAME }}@${{ secrets.HOST }}:${{ env.DEPLOY_PATH }}/prod/
      -
        name: executing remote ssh commands to deploy
        uses: appleboy/ssh-action@master
        with:
          host: ${{ secrets.HOST }}
          username: ${{ secrets.USERNAME }}
          key: ${{ secrets.SSH_PRIVATE_KEY }}
          passphrase: ${{ secrets.PASSPHRASE }}
          script: |
            cd ${{ env.DEPLOY_PATH }}/prod/

            # GitHub variables
            echo "IMAGE_BACK=${{ secrets.IMAGE_BACK }}" > .github_vars
            echo "IMAGE_BACK_TAG=${{ secrets.IMAGE_BACK_TAG }}" >> .github_vars
            echo "IMAGE_FRONT=${{ secrets.IMAGE_FRONT }}" >> .github_vars
            echo "IMAGE_FRONT_TAG=${{ secrets.IMAGE_FRONT_TAG }}" >> .github_vars
            echo "FRONT_BASE_URL=${{ secrets.FRONT_BASE_URL }}" >> .github_vars
            echo "API_BASE_URL=${{ secrets.API_BASE_URL }}" >> .github_vars

            # PostgreSQL environment variables
            echo POSTGRES_DB=${{ secrets.POSTGRES_DB }} > .env-prod
            echo POSTGRES_USER=${{ secrets.POSTGRES_USER }} >> .env-prod
            echo POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} >> .env-prod
            echo POSTGRES_HOST=${{ secrets.POSTGRES_HOST }} >> .env-prod
            echo POSTGRES_PORT=${{ secrets.POSTGRES_PORT }} >> .env-prod

            # Postfix settings
            echo POSTFIX_DB_PASSWORD=${{ secrets.POSTFIX_DB_PASSWORD }} >> .env-prod
            echo POSTFIX_HOSTNAME=${{ secrets.POSTFIX_HOSTNAME }} >> .env-prod
            echo POSTFIX_MAIL_DOMAIN=${{ secrets.POSTFIX_MAIL_DOMAIN }} >> .env-prod

            # Django environment variables
            echo DJANGO_SETTINGS_MODULE=${{ secrets.DJANGO_SETTINGS_MODULE }} >> .env-prod
            echo DJANGO_SECRET_KEY=${{ secrets.DJANGO_SECRET_KEY }} >> .env-prod
            echo DJANGO_ALLOWED_HOSTS=${{ secrets.DJANGO_ALLOWED_HOSTS }} >> .env-prod
            echo DJANGO_EMAIL_BACKEND=${{ secrets.DJANGO_EMAIL_BACKEND }} >> .env-prod
            echo DJANGO_SUPERUSER_USERNAME=${{ secrets.DJANGO_SUPERUSER_USERNAME }} >> .env-prod
            echo DJANGO_SUPERUSER_EMAIL=${{ secrets.DJANGO_SUPERUSER_EMAIL }} >> .env-prod
            echo DJANGO_SUPERUSER_PASSWORD=${{ secrets.DJANGO_SUPERUSER_PASSWORD }} >> .env-prod
            echo SERVER_EMAIL=${{ secrets.SERVER_EMAIL }} >> .env-prod
            echo MAILJET_API_KEY=${{ secrets.MAILJET_API_KEY }} >> .env-prod
            echo MAILJET_SECRET_KEY=${{ secrets.MAILJET_SECRET_KEY }} >> .env-prod
            echo MAILJET_TEMPLATE_ID_QUESTION=${{ secrets.MAILJET_TEMPLATE_ID_QUESTION }} >> .env-prod
            echo MAILJET_TEMPLATE_ID_REGISTRATION_USER=${{ secrets.MAILJET_TEMPLATE_ID_REGISTRATION_USER }} >> .env-prod
            echo MAILJET_TEMPLATE_ID_PARTICIPATION_APPLICATION=${{ secrets.MAILJET_TEMPLATE_ID_PARTICIPATION_APPLICATION }} >> .env-prod
            echo MAILJET_TEMPLATE_ID_RESET_PASSWORD_USER=${{ secrets.MAILJET_TEMPLATE_ID_RESET_PASSWORD_USER }} >> .env-prod

            # Secrets variables for google sheets in Django:
            echo GOOGLE_PRIVATE_KEY_ID=${{ secrets.GOOGLE_PRIVATE_KEY_ID }} >> .env-prod
            echo GOOGLE_PRIVATE_KEY=${{ secrets.GOOGLE_PRIVATE_KEY }} >> .env-prod

            # Swag environment variables
            echo PUID=${{ secrets.PUID }} >> .env-prod
            echo PGID=${{ secrets.PGID }} >> .env-prod
            echo URL=${{ secrets.URL }} >> .env-prod
            echo EMAIL=${{ secrets.SSL_EMAIL }} >> .env-prod

            # Token for yandex disk
            echo YNDX_DISK_TOKEN=${{ secrets.YNDX_DISK_TOKEN }} >> .env-prod

            # Очистка неиспользуемых контейнеров, образов, сетей
            docker system prune --force

            docker network create prod_db_network || true
            docker network create prod_swag_network || true

            # Установка приложения - backend
            cp -rf ${{ env.DEPLOY_PATH }}/prod/lubimovka-backend.service /etc/systemd/system/lubimovka-backend.service
            systemctl daemon-reload
            systemctl restart lubimovka-backend.service

            # Установка приложения - frontend
            cp -rf ${{ env.DEPLOY_PATH }}/prod/lubimovka-frontend.service /etc/systemd/system/lubimovka-frontend.service
            systemctl daemon-reload
            systemctl restart lubimovka-frontend.service

            # После установки удаляем файлы
            rm ${{ env.DEPLOY_PATH }}/prod/lubimovka-backend.service
            rm ${{ env.DEPLOY_PATH }}/prod/lubimovka-frontend.service