Merge pull request #15 from ifsp-projects/feat/otel-in-dev #54
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Build and Deploy" | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| PROJECT_NAME: ${{ vars.PROJECT_NAME }} | |
| GCP_PROJECT_ID: ${{ vars.GCP_PROJECT_ID }} | |
| REGION: ${{ vars.REGION }} | |
| ZONE: ${{ vars.ZONE }} | |
| IMAGE_TAG: ${{ github.sha }} | |
| NODE_VERSION: ${{ vars.NODE_VERSION }} | |
| IMAGE_REPOSITORY: ifsp-extensao-api-module-prod | |
| jobs: | |
| build-deploy: | |
| name: "Build and Deploy" | |
| runs-on: ubuntu-latest | |
| timeout-minutes: 30 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: GCP Auth | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| credentials_json: ${{ secrets.GCP_CREDENTIALS }} | |
| - name: Setup gcloud | |
| uses: google-github-actions/setup-gcloud@v2 | |
| - name: Setup Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| with: | |
| terraform_wrapper: false | |
| - name: Terraform Init | |
| working-directory: ./tf | |
| run: terraform init | |
| env: | |
| GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS }} | |
| - name: Terraform Apply | |
| working-directory: ./tf | |
| run: | | |
| terraform apply -auto-approve | |
| echo "VM_HOST=$(terraform output -raw vm_public_ip)" >> $GITHUB_ENV | |
| echo "REGISTRY_URL=$(terraform output -raw artifact_registry_url)" >> $GITHUB_ENV | |
| env: | |
| GOOGLE_CREDENTIALS: ${{ secrets.GCP_CREDENTIALS }} | |
| TF_VAR_ssh_public_key: ${{ secrets.VM_SSH_PUBLIC_KEY }} | |
| TF_VAR_project_name: ${{ env.PROJECT_NAME }} | |
| TF_VAR_project_id: ${{ env.GCP_PROJECT_ID }} | |
| TF_VAR_env: "prod" | |
| - name: Load .env from GitHub Secrets | |
| run: echo "${{ secrets.APP_ENV_FILE }}" > .env | |
| - name: Configure Docker for Artifact Registry | |
| run: gcloud auth configure-docker ${{ env.REGION }}-docker.pkg.dev --quiet | |
| - name: Build, tag, and push image | |
| run: | | |
| docker build -t $REGISTRY_URL/$IMAGE_REPOSITORY:$IMAGE_TAG \ | |
| -f Dockerfile \ | |
| --build-arg NODE_VERSION="${{ env.NODE_VERSION }}" \ | |
| --no-cache=true . | |
| docker push $REGISTRY_URL/$IMAGE_REPOSITORY:$IMAGE_TAG | |
| - name: Copy .env to VM | |
| uses: appleboy/scp-action@master | |
| with: | |
| host: ${{ env.VM_HOST }} | |
| username: gcpuser | |
| key: ${{ secrets.VM_SSH_KEY }} | |
| source: ".env" | |
| target: "/home/gcpuser/app" | |
| - name: Prepare OTel directory on VM | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ env.VM_HOST }} | |
| username: gcpuser | |
| key: ${{ secrets.VM_SSH_KEY }} | |
| script: | | |
| sudo mkdir -p /opt/otel | |
| sudo chown gcpuser:gcpuser /opt/otel | |
| sudo chmod 755 /opt/otel | |
| - name: Copy OTel config to VM | |
| uses: appleboy/scp-action@master | |
| with: | |
| host: ${{ env.VM_HOST }} | |
| username: gcpuser | |
| key: ${{ secrets.VM_SSH_KEY }} | |
| source: "devops/otel/collector-config.prod.yaml" | |
| target: "/opt/otel" | |
| strip_components: 2 | |
| - name: Deploy via SSH | |
| uses: appleboy/ssh-action@master | |
| env: | |
| REGISTRY_URL: ${{ env.REGISTRY_URL }} | |
| IMAGE_REPOSITORY: ifsp-extensao-api-module-prod | |
| IMAGE_TAG: ${{ github.sha }} | |
| CONTAINER_NAME: api-ifsp | |
| REGION: ${{ env.REGION }} | |
| GRAFANA_CLOUD_OTLP_ENDPOINT: ${{ secrets.GRAFANA_CLOUD_OTLP_ENDPOINT }} | |
| GRAFANA_CLOUD_AUTH: ${{ secrets.GRAFANA_CLOUD_AUTH }} | |
| with: | |
| host: ${{ env.VM_HOST }} | |
| username: gcpuser | |
| key: ${{ secrets.VM_SSH_KEY }} | |
| envs: REGISTRY_URL,IMAGE_REPOSITORY,IMAGE_TAG,CONTAINER_NAME,REGION,GRAFANA_CLOUD_OTLP_ENDPOINT,GRAFANA_CLOUD_AUTH | |
| script: | | |
| until sudo docker info >/dev/null 2>&1; do sleep 3; done | |
| TOKEN=$(curl -sf "http://metadata.google.internal/computeMetadata/v1/instance/service-accounts/default/token" \ | |
| -H "Metadata-Flavor: Google" | python3 -c "import sys,json; print(json.load(sys.stdin)['access_token'])") | |
| echo $TOKEN | sudo docker login -u oauth2accesstoken --password-stdin https://$REGION-docker.pkg.dev | |
| sudo docker network create observability 2>/dev/null || true | |
| sudo docker rm -f otel-collector 2>/dev/null || true | |
| sudo docker run -d \ | |
| --name otel-collector \ | |
| --restart always \ | |
| --network observability \ | |
| --memory 128m \ | |
| --cpus 0.15 \ | |
| -p 127.0.0.1:4317:4317 \ | |
| -p 127.0.0.1:4318:4318 \ | |
| -v /opt/otel/collector-config.prod.yaml:/etc/otelcol-contrib/config.yaml:ro \ | |
| -e GRAFANA_CLOUD_OTLP_ENDPOINT="$GRAFANA_CLOUD_OTLP_ENDPOINT" \ | |
| -e GRAFANA_CLOUD_AUTH="$GRAFANA_CLOUD_AUTH" \ | |
| otel/opentelemetry-collector-contrib:0.96.0 | |
| sudo docker pull $REGISTRY_URL/$IMAGE_REPOSITORY:$IMAGE_TAG | |
| sudo docker stop $CONTAINER_NAME 2>/dev/null || true | |
| sudo docker rm $CONTAINER_NAME 2>/dev/null || true | |
| sudo docker run -d \ | |
| --name $CONTAINER_NAME \ | |
| --restart unless-stopped \ | |
| --network observability \ | |
| --env-file /home/gcpuser/app/.env \ | |
| -p 80:8000 \ | |
| $REGISTRY_URL/$IMAGE_REPOSITORY:$IMAGE_TAG | |
| sudo docker system prune -f |