name: Build, Push and Deploy on: push: branches: - main jobs: build-and-deploy: runs-on: ubuntu-latest steps: - name: Checkout Code uses: actions/checkout@v4 - name: Set up Java uses: actions/setup-java@v4 with: java-version: '21' distribution: 'temurin' cache: 'maven' - name: Build with Maven run: mvn clean package -DskipTests - name: Login to Container Registry uses: docker/login-action@v3 with: registry: ${{ vars.REGISTRY_URL }} username: ${{ secrets.CI_GITEA_USER }} password: ${{ secrets.CI_GITEA_TOKEN }} - name: Extract metadata for Docker id: meta run: | echo "image_tag=${{ vars.REGISTRY_URL }}/${{ vars.NAMESPACE }}/${{ vars.REPO_NAME }}:${{ github.sha }}" >> $GITHUB_OUTPUT echo "image_latest=${{ vars.REGISTRY_URL }}/${{ vars.NAMESPACE }}/${{ vars.REPO_NAME }}:latest" >> $GITHUB_OUTPUT - name: Build and Push Docker Image uses: docker/build-push-action@v5 with: context: . file: ./docker/Dockerfile push: true tags: | ${{ steps.meta.outputs.image_tag }} ${{ steps.meta.outputs.image_latest }} - name: Deploy to Remote Server uses: appleboy/ssh-action@v1.0.3 with: host: ${{ secrets.SSH_HOST }} username: ${{ secrets.SSH_USERNAME }} key: ${{ secrets.SSH_PRIVATE_KEY }} port: ${{ secrets.SSH_PORT }} script: | # Navigate to deployment directory cd ${{ secrets.DEPLOY_PATH }} # Create .env file with all secrets cat > .env << 'EOF' # Deployment REGISTRY_URL=${{ vars.REGISTRY_URL }} NAMESPACE=${{ vars.NAMESPACE }} REPO_NAME=${{ vars.REPO_NAME }} IMAGE_TAG=${{ github.sha }} CI_GITEA_USER=${{ secrets.CI_GITEA_USER }} CI_GITEA_TOKEN=${{ secrets.CI_GITEA_TOKEN }} # Application APP_PORT=${{ secrets.APP_PORT }} SPRING_PROFILES_ACTIVE=${{ secrets.SPRING_PROFILES_ACTIVE }} APPLICATION_NAME=${{ secrets.APPLICATION_NAME }} CORS_ALLOWED_ORIGINS=${{ secrets.CORS_ALLOWED_ORIGINS }} # PostgreSQL Configuration POSTGRES_HOST=${{ secrets.POSTGRES_HOST }} POSTGRES_PORT=${{ secrets.POSTGRES_PORT }} POSTGRES_DB=${{ secrets.POSTGRES_DB }} POSTGRES_USER=${{ secrets.POSTGRES_USER }} POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} # Keycloak Configuration KEYCLOAK_URL=${{ secrets.KEYCLOAK_URL }} KEYCLOAK_REALM=${{ secrets.KEYCLOAK_REALM }} KEYCLOAK_ISSUER_URI=${{ secrets.KEYCLOAK_ISSUER_URI }} # MinIO (S3) Configuration MINIO_ENDPOINT=${{ secrets.MINIO_ENDPOINT }} MINIO_ACCESS_KEY=${{ secrets.MINIO_ACCESS_KEY }} MINIO_SECRET_KEY=${{ secrets.MINIO_SECRET_KEY }} # AWS S3 Configuration (if needed) AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} AWS_S3_BUCKET_NAME=${{ secrets.AWS_S3_BUCKET_NAME }} AWS_S3_REGION=${{ secrets.AWS_S3_REGION }} AWS_S3_ENDPOINT=${{ secrets.AWS_S3_ENDPOINT }} # Hibernate Configuration HIBERNATE_DDL_AUTO=${{ secrets.HIBERNATE_DDL_AUTO }} # Java Options JAVA_OPTS=${{ secrets.JAVA_OPTS }} EOF # Set proper permissions chmod 600 .env # Login to Container Registry echo "${{ secrets.CI_GITEA_TOKEN }}" | docker login ${{ vars.REGISTRY_URL }} -u ${{ secrets.CI_GITEA_USER }} --password-stdin # Pull latest image docker compose pull # Restart services with new image docker compose up -d --remove-orphans # Clean up old images docker image prune -af --filter "until=168h" # Show running containers docker compose ps