feat(authorization): enable two roles: user and admin #2
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| push: | |
| branches: | |
| - master | |
| permissions: | |
| contents: write | |
| pull-requests: write | |
| packages: write | |
| env: | |
| # Use docker.io for Docker Hub if empty | |
| REGISTRY: ghcr.io | |
| # Image name MUST have a pattern like <org_name_lowercase>/<repo_name_lowercase> | |
| IMAGE_NAME: ngyngcphu/tick3D-be | |
| # username login to ghcr MUST be organization or personal name in lower case | |
| CD_USERNAME: ngyngcphu | |
| name: Release and deploy | |
| jobs: | |
| release: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| build: ${{ steps.release.outputs.release_created }} | |
| tag_name: ${{ steps.release.outputs.tag_name }} | |
| steps: | |
| - uses: google-github-actions/release-please-action@v3 | |
| id: release | |
| with: | |
| release-type: node | |
| pull-request-header: "Bot (:robot:) requested to create a new release on ${{ github.ref_name }}" | |
| # Use if need to build package | |
| build: | |
| name: Build | |
| needs: [release] | |
| runs-on: ubuntu-latest | |
| # if: ${{ needs.release.outputs.build == 'true' }} | |
| steps: | |
| - uses: actions/checkout@v3 | |
| name: Checkout repository | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| - name: Setup Docker buildx | |
| uses: docker/setup-buildx-action@v2 | |
| with: | |
| version: v0.9.1 | |
| - name: Log into registry ${{ env.REGISTRY }} | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ env.CD_USERNAME }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and push | |
| uses: docker/build-push-action@v3 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ needs.release.outputs.tag_name }}, ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest | |
| # Use if need to deploy on a server | |
| deploy: | |
| name: Deploy | |
| runs-on: ubuntu-latest | |
| needs: [build] | |
| env: | |
| POSTGRES_URL: postgresql://${{ secrets.POSTGRES_USER }}:${{ secrets.POSTGRES_PASSWORD }}@postgres:5432/${{ secrets.POSTGRES_DB }}?schema=public | |
| steps: | |
| - name: Deploy | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.VPS_HOST }} | |
| port: ${{ secrets.VPS_PORT }} | |
| username: ${{ secrets.VPS_USERNAME }} | |
| password: ${{ secrets.VPS_PASSWORD }} | |
| # TODO: Remove docker volumes in Dev stage only | |
| script: | | |
| export CR_PAT=${{ secrets.GITHUB_TOKEN }} | |
| echo $CR_PAT | docker login ${{ env.REGISTRY }} -u ${{ env.CD_USERNAME }} --password-stdin | |
| docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:latest | |
| cd tick3D-be | |
| rm -f .env | |
| echo POSTGRES_USER=${{ secrets.POSTGRES_USER }} >> .env | |
| echo POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }} >> .env | |
| echo POSTGRES_DB=${{ secrets.POSTGRES_DB }} >> .env | |
| echo POSTGRES_URL=${{ env.POSTGRES_URL }} >> .env | |
| echo COOKIE_SECRET=${{ secrets.COOKIE_SECRET }} >> .env | |
| echo JWT_SECRET=${{ secrets.JWT_SECRET }} >> .env | |
| echo CORS_WHITE_LIST=${{ vars.CORS_WHITE_LIST }} >> .env | |
| curl https://raw.githubusercontent.com/ngyngcphu/tick3D-be/main/docker-compose.yml -o docker-compose.yml | |
| docker-compose stop tick3D-be | |
| docker-compose rm -f tick3D-be | |
| docker-compose up -d tick3D-be | |
| docker logout ${{ env.REGISTRY }} | |