Deploy to Staging #95

Workflow file for this run

.github/workflows/deploy-staging.yml at a19c90b

	name: Deploy to Staging

	on:
	workflow_dispatch:

	env:
	REGISTRY: registry.digitalocean.com/first-israel-registry
	IMAGE_TAG: staging-${{ github.sha }}

	permissions: {}

	jobs:
	build-backend:
	name: Build & Push Backend
	uses: ./.github/workflows/deploy-backend.yml
	with:
	environment: staging
	image_tag: staging-${{ github.sha }}
	registry: registry.digitalocean.com/first-israel-registry
	secrets:
	DIGITALOCEAN_ACCESS_TOKEN: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}

	build-admin:
	name: Build & Push Admin
	uses: ./.github/workflows/deploy-admin.yml
	with:
	environment: staging
	image_tag: staging-${{ github.sha }}
	registry: registry.digitalocean.com/first-israel-registry
	secrets:
	DIGITALOCEAN_ACCESS_TOKEN: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}

	build-frontend:
	name: Build & Push Frontend LEMS
	uses: ./.github/workflows/deploy-lems.yml
	with:
	environment: staging
	image_tag: staging-${{ github.sha }}
	registry: registry.digitalocean.com/first-israel-registry
	secrets:
	DIGITALOCEAN_ACCESS_TOKEN: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}

	build-portal:
	name: Build & Push Portal
	uses: ./.github/workflows/deploy-portal.yml
	with:
	environment: staging
	image_tag: staging-${{ github.sha }}
	registry: registry.digitalocean.com/first-israel-registry
	secrets:
	DIGITALOCEAN_ACCESS_TOKEN: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}

	build-scheduler:
	name: Build & Push Scheduler
	uses: ./.github/workflows/deploy-scheduler.yml
	with:
	environment: staging
	image_tag: staging-${{ github.sha }}
	registry: registry.digitalocean.com/first-israel-registry
	secrets:
	DIGITALOCEAN_ACCESS_TOKEN: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}

	cleanup-old-images:
	name: Cleanup Old Staging Images
	needs: [build-backend, build-admin, build-frontend, build-portal, build-scheduler]
	uses: ./.github/workflows/cleanup-registry-images.yml
	with:
	tag_pattern: 'staging-'
	exclude_pattern: '-${{ github.sha }}$'
	secrets:
	DIGITALOCEAN_ACCESS_TOKEN: ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }}

	deploy:
	name: Deploy to Staging Server
	runs-on: ubuntu-latest
	timeout-minutes: 10
	environment: staging
	needs: cleanup-old-images

	steps:
	- name: Deploy to DigitalOcean Droplet
	uses: appleboy/ssh-action@v1.2.4
	env:
	# Metadata
	REGISTRY: ${{ env.REGISTRY }}
	IMAGE_TAG: ${{ env.IMAGE_TAG }}
	DEPLOY_REF: ${{ github.ref }}
	DEPLOY_SHA: ${{ github.sha }}

	# Database configuration
	DB_NAME: ${{ vars.DB_NAME }}
	MONGODB_URI: ${{ secrets.MONGODB_URI }}
	PG_HOST: ${{ secrets.PG_HOST }}
	PG_PORT: ${{ secrets.PG_PORT }}
	PG_USER: ${{ secrets.PG_USER }}
	PG_PASSWORD: ${{ secrets.PG_PASSWORD }}
	PG_SSL_CA: ${{ secrets.PG_SSL_CA }}

	# Redis Configuration
	REDIS_HOST: ${{ secrets.REDIS_HOST }}
	REDIS_PORT: ${{ secrets.REDIS_PORT }}
	REDIS_USERNAME: ${{ secrets.REDIS_USERNAME }}
	REDIS_PASSWORD: ${{ secrets.REDIS_PASSWORD }}
	REDIS_DB: ${{ vars.REDIS_DB }}

	# Authentication & Security
	JWT_SECRET: ${{ secrets.JWT_SECRET }}
	DASHBOARD_JWT_SECRET: ${{ secrets.DASHBOARD_JWT_SECRET }}
	SCHEDULER_JWT_SECRET: ${{ secrets.SCHEDULER_JWT_SECRET }}
	RECAPTCHA: ${{ vars.RECAPTCHA }}
	RECAPTCHA_SECRET_KEY: ${{ secrets.RECAPTCHA_SECRET_KEY }}

	# External Services
	LEMS_DOMAIN: ${{ vars.LEMS_DOMAIN }}
	SCHEDULER_URL: ${{ vars.SCHEDULER_URL }}
	LOCAL_BASE_URL: ${{ vars.LOCAL_BASE_URL }}

	# Cloud Storage (DigitalOcean Spaces)
	DIGITALOCEAN_ENDPOINT: ${{ vars.DIGITALOCEAN_ENDPOINT }}
	DIGITALOCEAN_SPACE: ${{ vars.DIGITALOCEAN_SPACE }}
	DIGITALOCEAN_KEY: ${{ secrets.DIGITALOCEAN_KEY }}
	DIGITALOCEAN_SECRET: ${{ secrets.DIGITALOCEAN_SECRET }}
	with:
	host: ${{ secrets.HOST }}
	username: ${{ secrets.USERNAME }}
	key: ${{ secrets.SSHKEY }}
	passphrase: ${{ secrets.PASSPHRASE }}
	envs: \|
	REGISTRY,
	IMAGE_TAG,
	DEPLOY_REF,
	DEPLOY_SHA,

	DB_NAME,
	MONGODB_URI,

	PG_HOST,
	PG_PORT,
	PG_USER,
	PG_PASSWORD,
	PG_SSL_CA,

	REDIS_HOST,
	REDIS_PORT,
	REDIS_USERNAME,
	REDIS_PASSWORD,
	REDIS_DB,

	JWT_SECRET,
	DASHBOARD_JWT_SECRET,
	SCHEDULER_JWT_SECRET,

	RECAPTCHA,
	RECAPTCHA_SECRET_KEY,

	LEMS_DOMAIN,
	SCHEDULER_URL,
	LOCAL_BASE_URL,

	DIGITALOCEAN_ENDPOINT,
	DIGITALOCEAN_SPACE,
	DIGITALOCEAN_KEY,
	DIGITALOCEAN_SECRET
	script: \|
	echo "🔐 Logging into DigitalOcean registry..."
	docker login -u ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} -p ${{ secrets.DIGITALOCEAN_ACCESS_TOKEN }} registry.digitalocean.com

	echo "📂 Navigating to project directory..."
	cd lems

	echo "🛑 Stopping existing containers..."
	docker compose down

	echo "🧹 Cleaning up old containers and images..."
	docker compose rm -f
	docker images --format "{{.Repository}}:{{.Tag}}" \| grep "first-israel-registry/lems:" \| xargs -r docker rmi -f \|\| echo "No images to remove"

	echo "📥 Pulling code from the deployed branch/commit..."
	echo " Branch/Ref: ${DEPLOY_REF}"
	echo " Commit SHA: ${DEPLOY_SHA}"
	git fetch origin
	git checkout ${DEPLOY_SHA}

	echo "ℹ️ Verifying we're on the correct commit..."
	CURRENT_SHA=$(git rev-parse HEAD)
	if [ "$CURRENT_SHA" != "${DEPLOY_SHA}" ]; then
	echo "❌ ERROR: Failed to checkout correct commit!"
	echo " Expected: ${DEPLOY_SHA}"
	echo " Got: $CURRENT_SHA"
	exit 1
	fi
	echo "✅ Confirmed on commit ${DEPLOY_SHA}"

	echo "🚀 Starting services with compose file from deployed commit..."
	docker compose up -d

	echo "✅ Deployment complete!"

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Deploy to Staging #95

Workflow file

Deploy to Staging #95

Uh oh!

Workflow file for this run