name: CI/CD Pipeline on: push: branches: [ main, develop ] pull_request: branches: [ main ] env: REGISTRY: ghcr.io IMAGE_NAME: ${{ github.repository }} jobs: test: name: Test & Lint runs-on: ubuntu-latest steps: - name: Checkout code uses: actions/checkout@v4 - name: Setup Node.js uses: actions/setup-node@v4 with: node-version: '18' cache: 'yarn' - name: Install dependencies run: yarn install --frozen-lockfile - name: Run linter run: yarn lint - name: Build project run: yarn build - name: Run validation run: yarn validate build: name: Build Docker Image runs-on: ubuntu-latest needs: test if: github.event_name == 'push' permissions: contents: read packages: write steps: - name: Checkout code uses: actions/checkout@v4 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v3 - name: Login to GitHub Container Registry uses: docker/login-action@v3 with: registry: ${{ env.REGISTRY }} username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} - name: Extract metadata id: meta uses: docker/metadata-action@v5 with: images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} tags: | type=ref,event=branch type=ref,event=pr type=sha,prefix={{branch}}- type=raw,value=latest,enable={{is_default_branch}} - name: Build and push Docker image uses: docker/build-push-action@v5 with: context: . push: true tags: ${{ steps.meta.outputs.tags }} labels: ${{ steps.meta.outputs.labels }} cache-from: type=gha cache-to: type=gha,mode=max deploy: name: Deploy to Production runs-on: ubuntu-latest needs: build if: github.ref == 'refs/heads/main' environment: production steps: - name: Checkout code uses: actions/checkout@v4 - name: Deploy to server uses: appleboy/ssh-action@v1.0.0 with: host: ${{ secrets.HOST }} username: ${{ secrets.USERNAME }} key: ${{ secrets.SSH_KEY }} port: ${{ secrets.PORT }} script: | cd /opt/quixotic git pull origin main # Create production environment file from secrets cat > .env.docker << EOF NODE_ENV=production PORT=3000 POSTGRES_DB=${{ secrets.POSTGRES_DB }} POSTGRES_USER=${{ secrets.POSTGRES_USER }} POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} DOMAIN=${{ secrets.DOMAIN }} ACME_EMAIL=${{ secrets.ACME_EMAIL }} TRAEFIK_AUTH=${{ secrets.TRAEFIK_AUTH }} TELEGRAM_BOT_TOKEN=${{ secrets.TELEGRAM_BOT_TOKEN }} WEB_APP_URL=https://${{ secrets.DOMAIN }} DATABASE_URL=postgresql://${{ secrets.POSTGRES_USER }}:${{ secrets.POSTGRES_PASSWORD }}@postgres:5432/${{ secrets.POSTGRES_DB }} EOF # Login to GitHub Container Registry echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin # Pull latest image docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest # Deploy with zero downtime using production override docker-compose -f docker-compose.yml -f docker-compose.prod.yml --env-file .env.docker pull # Stop existing containers if they exist if docker-compose -f docker-compose.yml -f docker-compose.prod.yml --env-file .env.docker ps -q | grep -q .; then docker-compose -f docker-compose.yml -f docker-compose.prod.yml --env-file .env.docker down --remove-orphans fi docker-compose -f docker-compose.yml -f docker-compose.prod.yml --env-file .env.docker up -d # Cleanup old images docker image prune -f