social-media/.gitea/workflows/deploy-socialize.yml

name: deploy-socialize

on:
  push:
    branches:
      - main

jobs:
  image:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v4
      - name: Install Docker CLI
        run: apt-get update && apt-get install -y docker.io
      - name: Login to Gitea container registry
        env:
          REGISTRY_USER: ${{ secrets.REGISTRY_USER }}
          REGISTRY_PASSWORD: ${{ secrets.REGISTRY_PASSWORD }}
        run: printf '%s' "$REGISTRY_PASSWORD" | docker login git.mapachotes.com -u "$REGISTRY_USER" --password-stdin
      - name: Build images
        run: |
          docker build \
            -t git.mapachotes.com/jbourdon/socialize-api:${{ gitea.sha }} \
            -t git.mapachotes.com/jbourdon/socialize-api:latest \
            -f backend/src/Socialize.Api/Dockerfile .
          docker build \
            --build-arg VITE_API_URL=/ \
            -t git.mapachotes.com/jbourdon/socialize-web:${{ gitea.sha }} \
            -t git.mapachotes.com/jbourdon/socialize-web:latest \
            -f frontend/Dockerfile .
      - name: Push images
        run: |
          docker push git.mapachotes.com/jbourdon/socialize-api:${{ gitea.sha }}
          docker push git.mapachotes.com/jbourdon/socialize-api:latest
          docker push git.mapachotes.com/jbourdon/socialize-web:${{ gitea.sha }}
          docker push git.mapachotes.com/jbourdon/socialize-web:latest

  deploy:
    needs: image
    runs-on: bookworm
    steps:
      - name: Install SSH client
        run: apt-get update && apt-get install -y openssh-client
      - name: Deploy on sobina
        env:
          DEPLOY_HOST: ${{ secrets.DEPLOY_HOST }}
          DEPLOY_USER: ${{ secrets.DEPLOY_USER }}
          DEPLOY_SSH_PRIVATE_KEY_B64: ${{ secrets.DEPLOY_SSH_PRIVATE_KEY_B64 }}
          POSTGRES_HOST: ${{ secrets.POSTGRES_HOST }}
          POSTGRES_PORT: ${{ secrets.POSTGRES_PORT }}
          POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
          RESEND_API_KEY: ${{ secrets.RESEND_API_KEY }}
          RESEND_FROM_EMAIL: ${{ secrets.RESEND_FROM_EMAIL }}
          JWT_SIGNING_KEY: ${{ secrets.JWT_SIGNING_KEY }}
          SOCIALIZE_IMAGE_TAG: ${{ gitea.sha }}
        run: |
          : "${POSTGRES_PASSWORD:?POSTGRES_PASSWORD secret is required}"
          : "${RESEND_API_KEY:?RESEND_API_KEY secret is required}"
          : "${RESEND_FROM_EMAIL:?RESEND_FROM_EMAIL secret is required}"
          : "${JWT_SIGNING_KEY:?JWT_SIGNING_KEY secret is required}"
          : "${SOCIALIZE_IMAGE_TAG:?SOCIALIZE_IMAGE_TAG is required}"
          POSTGRES_HOST="${POSTGRES_HOST:-db}"
          POSTGRES_PORT="${POSTGRES_PORT:-5432}"

          mkdir -p ~/.ssh
          printf '%s' "$DEPLOY_SSH_PRIVATE_KEY_B64" | base64 -d > ~/.ssh/deploy_key
          chmod 600 ~/.ssh/deploy_key

          write_env_value() {
            key="$1"
            value="$2"
            escaped_value="$(printf '%s' "$value" | sed "s/'/'\\\\''/g")"
            printf "%s='%s'\n" "$key" "$escaped_value"
          }

          deploy_env="$(mktemp)"
          {
            write_env_value POSTGRES_USER sa
            write_env_value POSTGRES_HOST "$POSTGRES_HOST"
            write_env_value POSTGRES_PORT "$POSTGRES_PORT"
            write_env_value POSTGRES_PASSWORD "$POSTGRES_PASSWORD"
            write_env_value POSTGRES_DB socialize
            write_env_value ConnectionStrings__PostgresConnection "Host=$POSTGRES_HOST;Port=$POSTGRES_PORT;Database=socialize;Username=sa;Password=$POSTGRES_PASSWORD"
            write_env_value ASPNETCORE_ENVIRONMENT Production
            write_env_value ASPNETCORE_URLS http://0.0.0.0:8080
            write_env_value WEBSITE_FRONTEND_BASE_URL https://socialize.mapachotes.com
            write_env_value Website__FrontendBaseUrl https://socialize.mapachotes.com
            write_env_value RESEND_API_KEY "$RESEND_API_KEY"
            write_env_value Emailer__ApiKey "$RESEND_API_KEY"
            write_env_value RESEND_FROM_EMAIL "$RESEND_FROM_EMAIL"
            write_env_value Emailer__FromEmail "$RESEND_FROM_EMAIL"
            write_env_value JWT_ISSUER https://socialize.mapachotes.com
            write_env_value Authentication__Jwt__Issuer https://socialize.mapachotes.com
            write_env_value JWT_AUDIENCE socialize-preprod
            write_env_value Authentication__Jwt__Audience socialize-preprod
            write_env_value JWT_SIGNING_KEY "$JWT_SIGNING_KEY"
            write_env_value Authentication__Jwt__Key "$JWT_SIGNING_KEY"
            write_env_value JWT_LIFETIME 00:05:00
            write_env_value Authentication__Jwt__Lifetime 00:05:00
            write_env_value JWT_REFRESH_TOKEN_LIFETIME 0.00:30:00
            write_env_value Authentication__Jwt__RefreshTokenLifetime 0.00:30:00
            write_env_value SOCIALIZE_IMAGE_TAG "$SOCIALIZE_IMAGE_TAG"
          } > "$deploy_env"

          scp -i ~/.ssh/deploy_key -o StrictHostKeyChecking=accept-new "$deploy_env" "$DEPLOY_USER@$DEPLOY_HOST:/srv/prod/socialize/.env"
          rm -f "$deploy_env"

          ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=accept-new "$DEPLOY_USER@$DEPLOY_HOST" \
            'cd /srv/prod/socialize && set -a && . ./.env && set +a && ./deploy.sh'