diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index e09b3c8..9f21306 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -19,15 +19,14 @@ name: Build and Deploy on: push: branches: - - main # Calculates version, deploys to production, then creates release - - development # Development environment + - main + - development permissions: id-token: write contents: read jobs: - # Calculate the next version number — deployment and release creation happen in subsequent jobs calculate-version: runs-on: ubuntu-latest if: "github.ref == 'refs/heads/main' && !contains(github.event.head_commit.message, '[skip deploy]') && !contains(github.event.head_commit.message, '[no deploy]')" @@ -116,7 +115,6 @@ jobs: echo "New version: $NEW_VERSION" echo "new_version=$NEW_VERSION" >> $GITHUB_OUTPUT - # Production deployment (runs after version is calculated) build-and-deploy-production: needs: calculate-version runs-on: ubuntu-latest @@ -124,14 +122,17 @@ jobs: if: "github.ref == 'refs/heads/main' && !contains(github.event.head_commit.message, '[skip deploy]') && !contains(github.event.head_commit.message, '[no deploy]')" steps: - uses: actions/checkout@v6 + - name: Get Runner IP id: ip - uses: haythem/public-ip@v1.3 + run: echo "ipv4=$(curl -s https://checkip.amazonaws.com)" >> "$GITHUB_OUTPUT" + - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v6 with: role-to-assume: arn:aws:iam::147899039648:role/GitHubActionsDeployRole aws-region: ${{ secrets.AWS_REGION }} + - name: Whitelist Runner IP in AWS Security Group run: | aws ec2 authorize-security-group-ingress \ @@ -140,11 +141,13 @@ jobs: --protocol tcp \ --port 22 \ --cidr ${{ steps.ip.outputs.ipv4 }}/32 + - name: Setup PHP uses: shivammathur/setup-php@v2 with: - php-version: '8.3' + php-version: '8.5' extensions: mbstring, xml, bcmath, ctype, json, tokenizer, pdo, pdo_mysql + - name: Cache Composer packages id: composer-cache uses: actions/cache@v5 @@ -153,23 +156,29 @@ jobs: key: ${{ runner.os }}-php-v3-${{ hashFiles('**/composer.lock') }} restore-keys: | ${{ runner.os }}-php-v3- + - name: Create storage directories run: | mkdir -p storage/framework/cache/data mkdir -p storage/framework/sessions mkdir -p storage/framework/views mkdir -p bootstrap/cache - - name: Install Composer dependencies (without scripts) - run: composer install --prefer-dist --no-progress --no-dev --optimize-autoloader --no-scripts + + - name: Install Composer dependencies for deployment runner + run: composer install --prefer-dist --no-progress --optimize-autoloader --no-scripts + - name: Setup Node.js uses: actions/setup-node@v6 with: node-version: '20' cache: 'yarn' + - name: Install Yarn dependencies run: yarn install --frozen-lockfile --ignore-engines + - name: Build assets for Production run: npm run production + - name: Create deployment package run: | rm -rf deployment-package || true @@ -184,22 +193,33 @@ jobs: . "$TEMP_DIR/" cp -r public/css public/js public/fonts public/images public/svg public/mix-manifest.json "$TEMP_DIR/public/" || true mv "$TEMP_DIR" deployment-package + - name: Upload deployment artifact uses: actions/upload-artifact@v7 with: name: digitizationacademy-${{ github.sha }} path: deployment-package/ retention-days: 30 - - name: Deploy with Deployer - uses: deployphp/action@v1 + + - name: Setup SSH key + uses: webfactory/ssh-agent@v0.10.0 with: - private-key: ${{ secrets.DEPLOY_PRIVATE_KEY }} - dep: deploy production + ssh-private-key: ${{ secrets.DEPLOY_PRIVATE_KEY }} + + - name: Add production host key + run: | + mkdir -p ~/.ssh + ssh-keyscan -H 3.142.169.134 >> ~/.ssh/known_hosts + + - name: Deploy with Deployer + run: vendor/bin/dep deploy production env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_SHA: ${{ github.sha }} GITHUB_REPO: ${{ github.repository }} + API_TOKEN: ${{ secrets.API_TOKEN }} OPCACHE_WEBHOOK_TOKEN: ${{ secrets.OPCACHE_WEBHOOK_TOKEN }} + - name: Revoke Runner IP from AWS Security Group if: always() run: | @@ -210,7 +230,6 @@ jobs: --port 22 \ --cidr ${{ steps.ip.outputs.ipv4 }}/32 - # Create release only after a successful production deployment create-release: needs: [calculate-version, build-and-deploy-production] runs-on: ubuntu-latest @@ -261,14 +280,17 @@ jobs: if: "github.ref == 'refs/heads/development' && !contains(github.event.head_commit.message, '[skip deploy]') && !contains(github.event.head_commit.message, '[no deploy]')" steps: - uses: actions/checkout@v6 + - name: Get Runner IP id: ip - uses: haythem/public-ip@v1.3 + run: echo "ipv4=$(curl -s https://checkip.amazonaws.com)" >> "$GITHUB_OUTPUT" + - name: Configure AWS Credentials uses: aws-actions/configure-aws-credentials@v6 with: role-to-assume: arn:aws:iam::147899039648:role/GitHubActionsDeployRole aws-region: ${{ secrets.AWS_REGION }} + - name: Whitelist Runner IP in AWS Security Group run: | aws ec2 authorize-security-group-ingress \ @@ -277,11 +299,13 @@ jobs: --protocol tcp \ --port 22 \ --cidr ${{ steps.ip.outputs.ipv4 }}/32 + - name: Setup PHP uses: shivammathur/setup-php@v2 with: php-version: '8.3' extensions: mbstring, xml, bcmath, ctype, json, tokenizer, pdo, pdo_mysql + - name: Cache Composer packages id: composer-cache uses: actions/cache@v5 @@ -290,23 +314,29 @@ jobs: key: ${{ runner.os }}-php-v3-${{ hashFiles('**/composer.lock') }} restore-keys: | ${{ runner.os }}-php-v3- + - name: Create storage directories run: | mkdir -p storage/framework/cache/data mkdir -p storage/framework/sessions mkdir -p storage/framework/views mkdir -p bootstrap/cache - - name: Install Composer dependencies (without scripts) - run: composer install --prefer-dist --no-progress --no-dev --optimize-autoloader --no-scripts + + - name: Install Composer dependencies for deployment runner + run: composer install --prefer-dist --no-progress --optimize-autoloader --no-scripts + - name: Setup Node.js uses: actions/setup-node@v6 with: node-version: '20' cache: 'yarn' + - name: Install Yarn dependencies run: yarn install --frozen-lockfile --ignore-engines + - name: Build assets for Development run: npm run production + - name: Create deployment package run: | rm -rf deployment-package || true @@ -321,22 +351,33 @@ jobs: . "$TEMP_DIR/" cp -r public/css public/js public/fonts public/images public/svg public/mix-manifest.json "$TEMP_DIR/public/" || true mv "$TEMP_DIR" deployment-package + - name: Upload deployment artifact uses: actions/upload-artifact@v7 with: name: digitizationacademy-${{ github.sha }} path: deployment-package/ retention-days: 30 - - name: Deploy with Deployer - uses: deployphp/action@v1 + + - name: Setup SSH key + uses: webfactory/ssh-agent@v0.10.0 with: - private-key: ${{ secrets.DEPLOY_PRIVATE_KEY }} - dep: deploy development + ssh-private-key: ${{ secrets.DEPLOY_PRIVATE_KEY }} + + - name: Add development host key + run: | + mkdir -p ~/.ssh + ssh-keyscan -H 3.138.217.206 >> ~/.ssh/known_hosts + + - name: Deploy with Deployer + run: vendor/bin/dep deploy development env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} GITHUB_SHA: ${{ github.sha }} GITHUB_REPO: ${{ github.repository }} + API_TOKEN: ${{ secrets.API_TOKEN }} OPCACHE_WEBHOOK_TOKEN: ${{ secrets.OPCACHE_WEBHOOK_TOKEN }} + - name: Revoke Runner IP from AWS Security Group if: always() run: | diff --git a/deploy.php b/deploy.php index 64c84e6..bb9b0e4 100644 --- a/deploy.php +++ b/deploy.php @@ -39,7 +39,7 @@ set('repository', 'https://github.com/AustinMastLab/DigitizationAcademy.git'); set('base_path', '/data/web'); set('remote_user', 'ubuntu'); -set('php_fpm_version', '8.3'); +set('php_fpm_version', '8.5'); set('ssh_multiplexing', true); set('writable_mode', 'chmod'); set('keep_releases', 3); // Keep only 3 recent releases