Skip to content

feat(authorization): enable two roles: user and admin #2

feat(authorization): enable two roles: user and admin

feat(authorization): enable two roles: user and admin #2

Workflow file for this run

on:
push:
branches:
- master
permissions:
contents: write
pull-requests: write
packages: write
env:
# Use docker.io for Docker Hub if empty
REGISTRY: ghcr.io
# Image name MUST have a pattern like <org_name_lowercase>/<repo_name_lowercase>
IMAGE_NAME: ngyngcphu/tick3D-be
# username login to ghcr MUST be organization or personal name in lower case
CD_USERNAME: ngyngcphu
name: Release and deploy
jobs:
release:
runs-on: ubuntu-latest
outputs:
build: ${{ steps.release.outputs.release_created }}
tag_name: ${{ steps.release.outputs.tag_name }}
steps:
- uses: google-github-actions/release-please-action@v3
id: release
with:
release-type: node
pull-request-header: "Bot (:robot:) requested to create a new release on ${{ github.ref_name }}"
# Use if need to build package
build:
name: Build
needs: [release]
runs-on: ubuntu-latest
# if: ${{ needs.release.outputs.build == 'true' }}
steps:
- uses: actions/checkout@v3
name: Checkout repository
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Setup Docker buildx
uses: docker/setup-buildx-action@v2
with:
version: v0.9.1
- name: Log into registry ${{ env.REGISTRY }}
uses: docker/login-action@v2
with:
registry: ${{ env.REGISTRY }}
username: ${{ env.CD_USERNAME }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v3
with:
context: .
push: true
tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release.outputs.tag_name }}, ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
# Use if need to deploy on a server
deploy:
name: Deploy
runs-on: ubuntu-latest
needs: [build]
env:
POSTGRES_URL: postgresql://${{ secrets.POSTGRES_USER }}:${{ secrets.POSTGRES_PASSWORD }}@postgres:5432/${{ secrets.POSTGRES_DB }}?schema=public
steps:
- name: Deploy
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.VPS_HOST }}
port: ${{ secrets.VPS_PORT }}
username: ${{ secrets.VPS_USERNAME }}
password: ${{ secrets.VPS_PASSWORD }}
# TODO: Remove docker volumes in Dev stage only
script: |
export CR_PAT=${{ secrets.GITHUB_TOKEN }}
echo $CR_PAT | docker login ${{ env.REGISTRY }} -u ${{ env.CD_USERNAME }} --password-stdin
docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest
cd tick3D-be
rm -f .env
echo POSTGRES_USER=${{ secrets.POSTGRES_USER }} >> .env
echo POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} >> .env
echo POSTGRES_DB=${{ secrets.POSTGRES_DB }} >> .env
echo POSTGRES_URL=${{ env.POSTGRES_URL }} >> .env
echo COOKIE_SECRET=${{ secrets.COOKIE_SECRET }} >> .env
echo JWT_SECRET=${{ secrets.JWT_SECRET }} >> .env
echo CORS_WHITE_LIST=${{ vars.CORS_WHITE_LIST }} >> .env
curl https://raw.githubusercontent.com/ngyngcphu/tick3D-be/main/docker-compose.yml -o docker-compose.yml
docker-compose stop tick3D-be
docker-compose rm -f tick3D-be
docker-compose up -d tick3D-be
docker logout ${{ env.REGISTRY }}