diff --git a/.github/workflows/deploy-docker-to-ont.yml b/.github/workflows/deploy-docker-to-ont.yml new file mode 100644 index 0000000..c1a61ba --- /dev/null +++ b/.github/workflows/deploy-docker-to-ont.yml @@ -0,0 +1,186 @@ +name: Docker Image CI + +on: + push: + branches: + - feature/** + tags: + - "docker-build-*" + +jobs: + build-and-push: + runs-on: ubuntu-latest + + steps: + # Stap 1: Code ophalen + - uses: actions/checkout@v4 + + # Stap 2: Versienummer ophalen uit pom.xml en opslaan als artifact + - name: Setup Java + uses: actions/setup-java@v3 + with: + java-version: '17' + distribution: 'temurin' + + - name: Setup Maven + Java + uses: s4u/setup-maven-action@v1.6.0 + with: + java-version: '21' + maven-version: '3.9.5' + + - name: Extract Quarkus version from pom.xml + run: | + VERSION=$(mvn help:evaluate -Dexpression=project.version -q -DforceStdout) + echo $VERSION > version.txt + + - name: Inject private key into resources + run: | + mkdir -p src/main/resources + echo "${{ secrets.PRIVATE_KEY }}" > src/main/resources/privateKey.pem + chmod 600 src/main/resources/privateKey.pem + + - name: Decode keystore + run: | + echo "${{ secrets.KEYSTORE_BASE64 }}" | base64 -d > src/main/resources/keystore.jks + chmod 600 src/main/resources/keystore.jks + + - name: Inject public key into resources + run: | + mkdir -p src/main/resources + echo "${{ secrets.PUBLIC_KEY }}" > src/main/resources/publicKey.pem + chmod 600 src/main/resources/publicKey.pem + + - name: Save version as artifact + uses: actions/upload-artifact@v3 + with: + name: version + path: version.txt + + # Stap 3: Notify Mattermost via Bot (Build gestart) + - name: Notify Mattermost via Bot + env: + VERSION: ${{ env.VERSION }} + REPO: ${{ gitea.repository }} + BRANCH: ${{ gitea.ref }} + MATTERMOST_BOT_TOKEN: ${{ secrets.MATTERMOST_BOT_TOKEN }} + run: | + curl --fail -X POST -H "Authorization: Bearer $MATTERMOST_BOT_TOKEN" \ + -H 'Content-Type: application/json' \ + -d '{ + "channel_id": "wgcfotx7x3bipcwchzn45tuxxr", + "message": "🚀 *Build gestart!* Een nieuwe build is begonnen voor de repository *'"$REPO"'* op branch *'"$BRANCH"'*." + }' \ + https://mattermost.melvanveen.nl/api/v4/posts + + # Stap 4: Inloggen bij Docker Hub + - name: Log in to Docker Hub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_PASSWORD }} + + # Stap 5: Quarkus JAR bouwen (via Maven) en Docker-image bouwen + - name: Build the Quarkus JAR and Docker image + run: | + VERSION=$(cat version.txt) + mvn clean package -DskipTests -Dquarkus.profile=test + docker buildx build . --file Dockerfile-tst --tag veenm/paypoint-backend-jvm:$VERSION --platform linux/amd64 + + # Stap 6: Docker-image pushen naar Docker Hub (huidige versie tag) + - name: Push the Docker image (version) + run: | + VERSION=$(cat version.txt) + docker push veenm/paypoint-backend-jvm:$VERSION + + deploy: + needs: build-and-push + runs-on: ubuntu-latest + + steps: + # Stap 1: Artifact ophalen + - name: Download version artifact + uses: actions/download-artifact@v3 + with: + name: version + + # Stap 2: Lees versie uit het artifact + - name: Read version + id: read_version + run: echo "VERSION=$(cat version.txt)" >> $GITHUB_ENV + + - name: SSH into Alpine and update Docker container + uses: appleboy/ssh-action@v0.1.10 + with: + host: ${{ secrets.ALPINE_HOST_ONT }} + username: root + key: ${{ secrets.ALPINE_SSH_KEY }} + envs: VERSION,DB_HOST,DB_PORT,DB_USERNAME,DB_PASSWORD,CORS_ORIGINS,MAILER_FROM,MAILER_HOST,MAILER_PORT,MAILER_USERNAME,MAILER_PASSWORD + script: | + echo "Gekozen versie: $VERSION" + + docker stop paypoint-backend || true + docker rm paypoint-backend || true + + docker pull veenm/paypoint-backend-jvm:$VERSION + + docker run -d --name paypoint-backend --restart unless-stopped -p 15001:8080 \ + -e DB_HOST="$DB_HOST" \ + -e DB_PORT="$DB_PORT" \ + -e DB_USERNAME="$DB_USERNAME" \ + -e DB_PASSWORD="$DB_PASSWORD" \ + -e CORS_ORIGINS="$CORS_ORIGINS" \ + -e MAILER_FROM="$MAILER_FROM" \ + -e MAILER_HOST="$MAILER_HOST" \ + -e MAILER_PORT="$MAILER_PORT" \ + -e MAILER_USERNAME="$MAILER_USERNAME" \ + -e MAILER_PASSWORD="$MAILER_PASSWORD" \ + veenm/paypoint-backend-jvm:$VERSION + + docker image prune -f + env: + VERSION: ${{ env.VERSION }} + DB_HOST: ${{ secrets.ALPINE_HOST_ONT }} + DB_PORT: ${{ secrets.DB_PORT_TEST }} + DB_USERNAME: ${{ secrets.DB_USERNAME_TEST }} + DB_PASSWORD: ${{ secrets.DB_PASSWORD_TEST }} + CORS_ORIGINS: ${{ secrets.CORS_ORIGINS_TEST }} + MAILER_FROM: ${{ secrets.MAILER_FROM }} + MAILER_HOST: ${{ secrets.MAILER_HOST }} + MAILER_PORT: ${{ secrets.MAILER_PORT }} + MAILER_USERNAME: ${{ secrets.MAILER_USERNAME }} + MAILER_PASSWORD: ${{ secrets.MAILER_PASSWORD }} + + + # Stap 4: Notify Mattermost via Bot (Build is geslaagd) + - name: Notify Mattermost via Bot + env: + MATTERMOST_BOT_TOKEN: ${{ secrets.MATTERMOST_BOT_TOKEN }} + VERSION: ${{ env.VERSION }} + run: | + curl --fail -X POST -H "Authorization: Bearer $MATTERMOST_BOT_TOKEN" \ + -H 'Content-Type: application/json' \ + -d '{ + "channel_id": "wgcfotx7x3bipcwchzn45tuxxr", + "message": "*Build is geslaagd!* Versie '"$VERSION"' van de backend staat klaar op ontwikkel!" + }' \ + https://mattermost.melvanveen.nl/api/v4/posts + + notify-failure: + needs: [ build-and-push, deploy ] + runs-on: ubuntu-latest + if: failure() + + steps: + - name: Notify Mattermost via Bot on failure + env: + MATTERMOST_BOT_TOKEN: ${{ secrets.MATTERMOST_BOT_TOKEN }} + REPO: ${{ gitea.repository }} + BRANCH: ${{ gitea.ref }} + run: | + curl --fail -X POST -H "Authorization: Bearer $MATTERMOST_BOT_TOKEN" \ + -H 'Content-Type: application/json' \ + -d '{ + "channel_id": "wgcfotx7x3bipcwchzn45tuxxr", + "message": "❌ *Build gefaald!* De pipeline is stukgelopen voor *'"$REPO"'* op branch *'"$BRANCH"'*." + }' \ + https://mattermost.melvanveen.nl/api/v4/posts