name: Build and Deploy Docker Container on: push: branches: [master] jobs: build-and-deploy: runs-on: ubuntu-latest steps: - name: Checkout repository uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to Docker Hub uses: docker/login-action@v3 with: username: ${{ secrets.DOCKER_USERNAME }} password: ${{ secrets.DOCKER_PASSWORD }} - name: Build and push Docker image run: | docker build --build-arg NUGET_USERNAME=${{ secrets.NUGET_USERNAME }} --build-arg NUGET_PASSWORD=${{ secrets.NUGET_PASSWORD }} --build-arg NUGET_ADDRESS=${{ secrets.NUGET_ADDRESS }} -t ${{ secrets.DOCKER_USERNAME }}/mirea-backend:latest . docker push ${{ secrets.DOCKER_USERNAME }}/mirea-backend:latest - name: Start ssh-agent id: ssh-agent uses: webfactory/ssh-agent@v0.9.0 with: ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} - name: Deploy to Server env: SSH_HOST: ${{ secrets.SSH_HOST }} SSH_USER: ${{ secrets.SSH_USER }} DOCKER_IMAGE: ${{ secrets.DOCKER_USERNAME }}/mirea-backend:latest PATH_TO_SAVE: /data SECURITY_SIGNING_TOKEN: ${{ secrets.SECURITY_SIGNING_TOKEN }} SECURITY_ENCRYPTION_TOKEN: ${{ secrets.SECURITY_ENCRYPTION_TOKEN }} SECURITY_LIFE_TIME_RT: ${{ secrets.SECURITY_LIFE_TIME_RT }} SECURITY_LIFE_TIME_JWT: ${{ secrets.SECURITY_LIFE_TIME_JWT }} SECURITY_LIFE_TIME_1_FA: ${{ secrets.SECURITY_LIFE_TIME_1_FA }} SECURITY_JWT_ISSUER: ${{ secrets.SECURITY_JWT_ISSUER }} SECURITY_JWT_AUDIENCE: ${{ secrets.SECURITY_JWT_AUDIENCE }} SECURITY_HASH_ITERATION: ${{ secrets.SECURITY_HASH_ITERATION }} SECURITY_HASH_MEMORY: ${{ secrets.SECURITY_HASH_MEMORY }} SECURITY_HASH_PARALLELISM: ${{ secrets.SECURITY_HASH_PARALLELISM }} SECURITY_HASH_SIZE: ${{ secrets.SECURITY_HASH_SIZE }} SECURITY_HASH_TOKEN: ${{ secrets.SECURITY_HASH_TOKEN }} SECURITY_SALT_SIZE: ${{ secrets.SECURITY_SALT_SIZE }} GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }} GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }} YANDEX_CLIENT_ID: ${{ secrets.YANDEX_CLIENT_ID }} YANDEX_CLIENT_SECRET: ${{ secrets.YANDEX_CLIENT_SECRET }} MAILRU_CLIENT_ID: ${{ secrets.MAILRU_CLIENT_ID }} MAILRU_CLIENT_SECRET: ${{ secrets.MAILRU_CLIENT_SECRET }} run: | ssh-keyscan $SSH_HOST >> ~/.ssh/known_hosts ssh $SSH_USER@$SSH_HOST " docker pull $DOCKER_IMAGE && docker stop mirea-backend || true && docker rm mirea-backend || true && docker run -d --name mirea-backend -p 8085:8080 \ --restart=on-failure:10 \ -v mirea-data:/data \ -e PATH_TO_SAVE=$PATH_TO_SAVE \ -e SECURITY_SIGNING_TOKEN=$SECURITY_SIGNING_TOKEN \ -e SECURITY_ENCRYPTION_TOKEN=$SECURITY_ENCRYPTION_TOKEN \ -e SECURITY_LIFE_TIME_RT=$SECURITY_LIFE_TIME_RT \ -e SECURITY_LIFE_TIME_JWT=$SECURITY_LIFE_TIME_JWT \ -e SECURITY_LIFE_TIME_1_FA=$SECURITY_LIFE_TIME_1_FA \ -e SECURITY_JWT_ISSUER=$SECURITY_JWT_ISSUER \ -e SECURITY_JWT_AUDIENCE=$SECURITY_JWT_AUDIENCE \ -e SECURITY_HASH_ITERATION=$SECURITY_HASH_ITERATION \ -e SECURITY_HASH_MEMORY=$SECURITY_HASH_MEMORY \ -e SECURITY_HASH_PARALLELISM=$SECURITY_HASH_PARALLELISM \ -e SECURITY_HASH_SIZE=$SECURITY_HASH_SIZE \ -e SECURITY_HASH_TOKEN=$SECURITY_HASH_TOKEN \ -e SECURITY_SALT_SIZE=$SECURITY_SALT_SIZE \ -e ACTUAL_SUB_PATH=api \ -e SWAGGER_SUB_PATH=swagger \ -e TZ=Europe/Moscow \ -e GOOGLE_CLIENT_ID=$GOOGLE_CLIENT_ID \ -e GOOGLE_CLIENT_SECRET=$GOOGLE_CLIENT_SECRET \ -e YANDEX_CLIENT_ID=$YANDEX_CLIENT_ID \ -e YANDEX_CLIENT_SECRET=$YANDEX_CLIENT_SECRET \ -e MAILRU_CLIENT_ID=$MAILRU_CLIENT_ID \ -e MAILRU_CLIENT_SECRET=$MAILRU_CLIENT_SECRET \ $DOCKER_IMAGE " - name: Remove all keys from ssh-agent run: ssh-add -D