.github/workflows/publish.yml

name: middle actions

on:
  push:
    branches: 
      - main
  pull_request:
    branches:
      - main

env:
  IMAGE_NAME: middle

jobs:
  test:
    runs-on: ubuntu-20.04

    services:
      mysql:
        image: mysql:8
        env:
          MYSQL_DATABASE: github-actions
          MYSQL_USER: mysql
          MYSQL_PASSWORD: password
          MYSQL_ROOT_PASSWORD: password
        options: >-
          --health-cmd "mysqladmin ping"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
        ports:
          - 3306:3306

    steps:
    - name: checkout code
      uses: actions/checkout@v2

    - name: cache dependencies
      uses: actions/cache@v2
      with:
        path: ~/.cache/pip
        key: ${{ runner.os }}-pip-${{ hashFiles('**/requirements.txt') }}
        restore-keys: |
          ${{ runner.os }}-pip-

    - name: create dotenv
      run: echo "${{ secrets.DOTENV }}" > ./.env

    - name: setup python
      uses: actions/setup-python@v2
      with:
        python-version: '3.8.5'

    - name: check python version and pwd
      run: |
        python --version
        ls

    - name: install dependencies
      run: pip install -r requirements.txt

    - name: check python formatting
      run: black --check .

    - name: migrate and test
      run: |
        python manage.py migrate
        coverage run manage.py test
      env:
        DJANGO_SETTINGS_MODULE: settings.ci

    - name: echo test coverage
      run: coverage report

    - uses: codecov/codecov-action@v1
      with:
        token: ${{ secrets.CODECOV_TOKEN }}

    - name: send slack noti
      if: github.ref == 'refs/heads/main'
      run: |
        curl -X POST  --data-urlencode "payload={\"channel\": \"#team-스누데이\", \"text\": \"테스트 통과!\"}" ${{ secrets.WEBHOOK }}

  push:
    needs: test

    runs-on: ubuntu-20.04
    if: github.event_name == 'push'

    steps:
      - uses: actions/checkout@v2

      - name: create dotenv
        run: echo "${{ secrets.DOTENV }}" > .env

      - name: Log into GitHub Container Registry
        run: echo "${{ secrets.TOKEN }}" | docker login https://docker.pkg.github.com -u ${{ secrets.USER }} --password-stdin

      - name: Build image
        run: docker-compose build middle

      - name: Push to GitHub Packages
        uses: docker/build-push-action@v1
        with:
          username: ${{ github.actor }}
          password: ${{ secrets.TOKEN }}
          registry: docker.pkg.github.com
          repository: wafflestudio/snuday-server/server-image
          tag_with_ref: true

      - name: Get Github action IP
        id: ip
        uses: haythem/public-ip@v1.2

      - name: Setting environment variables..
        run: |
          echo "AWS_DEFAULT_REGION=ap-northeast-2" >> $GITHUB_ENV
          echo "AWS_SG_ID=sg-05c27013c64cb142c" >> $GITHUB_ENV

      - name: Add Github Actions IP to Security group
        run: |
          aws ec2 authorize-security-group-ingress --group-id ${{ env.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: ${{ env.AWS_DEFAULT_REGION }}

      - name: executing remote ssh commands using password
        uses: appleboy/ssh-action@master
        env:
          DOCKER_TOKEN: ${{ secrets.TOKEN }}
          DOCKER_USERNAME: ${{ secrets.USER }}
        with:
          envs: DOCKER_TOKEN,DOCKER_USERNAME
          host: ${{ secrets.HOST }}
          key: ${{ secrets.KEY }}
          username: ec2-user
          script: |
            docker pull ghcr.io/wafflestudio/snuday-server/server-image:main
            docker stop $(docker ps -a -q)
            docker container run -d -p 8000:8000 ghcr.io/wafflestudio/snuday-server/server-image:main python manage.py runserver 0.0.0.0:8000
            docker rm $(docker ps -a -f status=exited -q)
            docker image prune


      - name: Remove Github Actions IP from security group
        run: |
          aws ec2 revoke-security-group-ingress --group-id ${{ env.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: ${{ env.AWS_DEFAULT_REGION }}
        if: always()

      - name: send slack noti
        run: |
          curl -X POST  --data-urlencode "payload={\"channel\": \"#team-스누데이\", \"text\": \"서버에 배포했다!!\"}" ${{ secrets.WEBHOOK }}