Skip to content
Deploy to dev.login.hotosm.org

Bump web component to v0.3.1 #74

Sign in to view logs

Bump web component to v0.3.1

Bump web component to v0.3.1 #74

Workflow file for this run

.github/workflows/deploy-dev.yml at 5a6eb7d
name: Deploy to dev.login.hotosm.org
on:
push:
branches:
- develop
env:
REGISTRY: ghcr.io
IMAGE_PREFIX: ${{ github.repository }}
jobs:
deploy:
name: Build and Deploy to dev.login.hotosm.org
runs-on: ubuntu-latest
environment: Development
if: github.ref == 'refs/heads/develop'
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup SSH
uses: webfactory/ssh-agent@v0.9.0
with:
ssh-private-key: ${{ secrets.EC2_SSH_KEY }}
- name: Add EC2 host to known hosts
env:
EC2_HOST: ${{ secrets.EC2_HOST }}
run: |
mkdir -p ~/.ssh
ssh-keyscan -H $EC2_HOST >> ~/.ssh/known_hosts
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ${{ env.REGISTRY }}
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build and push backend image
run: |
docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-backend:latest \
-t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-backend:${{ github.sha }} \
--target production \
--pull \
./backend
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-backend:latest
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-backend:${{ github.sha }}
- name: Build and push frontend image
run: |
docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend:latest \
-t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend:${{ github.sha }} \
--target production \
--build-arg VITE_HANKO_URL=https://dev.login.hotosm.org \
--build-arg VITE_BACKEND_URL=https://dev.login.hotosm.org/api \
--build-arg BUILD_DATE=$(date -u +%Y-%m-%dT%H:%M:%SZ) \
--no-cache \
--pull \
./frontend
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend:latest
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-frontend:${{ github.sha }}
- name: Build and push osm-userinfo image
run: |
docker build -t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-osm-userinfo:latest \
-t ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-osm-userinfo:${{ github.sha }} \
./osm-userinfo
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-osm-userinfo:latest
docker push ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}-osm-userinfo:${{ github.sha }}
- name: Deploy to EC2
env:
EC2_HOST: ${{ secrets.EC2_HOST }}
EC2_USER: ${{ secrets.EC2_USER }}
POSTGRES_PASSWORD: ${{ secrets.POSTGRES_PASSWORD }}
COOKIE_SECRET: ${{ secrets.COOKIE_SECRET }}
OSM_CLIENT_ID: ${{ secrets.OSM_CLIENT_ID }}
OSM_CLIENT_SECRET: ${{ secrets.OSM_CLIENT_SECRET }}
OSM_REDIRECT_URI: ${{ secrets.OSM_REDIRECT_URI }}
SMTP_HOST: ${{ secrets.SMTP_HOST }}
SMTP_USER: ${{ secrets.SMTP_USER }}
SMTP_PASSWORD: ${{ secrets.SMTP_PASSWORD }}
SMTP_FROM_ADDRESS: ${{ secrets.SMTP_FROM_ADDRESS }}
GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }}
run: |
ssh $EC2_USER@$EC2_HOST << 'EOF'
set -e
# Navigate to application directory
cd /opt/login || exit 1
# Pull latest changes (reset to avoid divergent branches)
git fetch origin develop
git reset --hard origin/develop
# Remove compose.yaml if it exists (use docker-compose.yml only)
if [ -f compose.yaml ]; then
rm compose.yaml
echo "✓ Removed compose.yaml (using docker-compose.yml)"
fi
# Create config files if they don't exist
if [ ! -f .env ]; then
cp .env.example .env
echo "✓ Created .env from .env.example"
fi
if [ ! -f hanko-config.yaml ]; then
cp hanko-config.yaml.example hanko-config.yaml
echo "✓ Created hanko-config.yaml from example"
fi
# Fix CORS config in hanko-config.yaml (ensure wildcard is disabled)
sed -i 's/unsafe_wildcard_origin_allowed: true/unsafe_wildcard_origin_allowed: false/' hanko-config.yaml
echo "✓ Updated CORS config in hanko-config.yaml"
# Transform login.hotosm.test to dev.login.hotosm.org (must be first)
sed -i 's|login\.hotosm\.test|dev.login.hotosm.org|g' hanko-config.yaml
# Transform remaining .hotosm.test URLs to .hotosm.org
sed -i 's|\.hotosm\.test|.hotosm.org|g' hanko-config.yaml
# Fix cookie domain (ensure it's .hotosm.org for cross-subdomain cookies)
sed -i 's|domain: "\.login\.hotosm\.org"|domain: ".hotosm.org"|g' hanko-config.yaml
sed -i 's|domain: "\.dev\.login\.hotosm\.org"|domain: ".hotosm.org"|g' hanko-config.yaml
# Add testlogin domains to all required sections
for domain in "testlogin.dronetm.hotosm.org" "testlogin.fair.hotosm.org"; do
# CORS allow_origins (check specifically in allow_origins section)
if ! grep -A 10 'allow_origins:' hanko-config.yaml | grep -q "$domain"; then
sed -i '/allow_origins:/a\ - "https://'"$domain"'"' hanko-config.yaml
fi
# Session audience
if ! grep -A 10 '^ audience:' hanko-config.yaml | grep -q "$domain"; then
sed -i '/^ audience:/a\ - "https://'"$domain"'"' hanko-config.yaml
fi
# Third-party allowed redirect URLs
if ! grep -A 10 'allowed_redirect_urls:' hanko-config.yaml | grep -q "$domain"; then
sed -i '/allowed_redirect_urls:/a\ - "https://'"$domain"'/**"' hanko-config.yaml
fi
done
echo "✓ Updated URLs and CORS in hanko-config.yaml"
# Update SMTP settings in hanko-config.yaml (replace any existing values)
sed -i 's|host: ".*"|host: "${{ secrets.SMTP_HOST }}"|' hanko-config.yaml
sed -i '/smtp:/,/from_address:/ s|user: ".*"|user: "${{ secrets.SMTP_USER }}"|' hanko-config.yaml
sed -i '/smtp:/,/from_address:/ s|password: ".*"|password: "${{ secrets.SMTP_PASSWORD }}"|' hanko-config.yaml
sed -i 's|from_address: ".*"|from_address: "${{ secrets.SMTP_FROM_ADDRESS }}"|' hanko-config.yaml
echo "✓ Updated SMTP settings"
# Update Google OAuth secrets in hanko-config.yaml
sed -i 's|client_id: "GOOGLE_CLIENT_ID_PLACEHOLDER"|client_id: "${{ secrets.GOOGLE_CLIENT_ID }}"|' hanko-config.yaml
sed -i 's|secret: "GOOGLE_CLIENT_SECRET_PLACEHOLDER"|secret: "${{ secrets.GOOGLE_CLIENT_SECRET }}"|' hanko-config.yaml
# Also replace if already set (for redeployments)
sed -i '/provider_id: "google"/,/allow_linking:/ s|client_id: ".*\.apps\.googleusercontent\.com"|client_id: "${{ secrets.GOOGLE_CLIENT_ID }}"|' hanko-config.yaml
sed -i '/provider_id: "google"/,/allow_linking:/ s|secret: "GOCSPX-.*"|secret: "${{ secrets.GOOGLE_CLIENT_SECRET }}"|' hanko-config.yaml
echo "✓ Updated Google OAuth secrets"
# Update secrets in .env
# Add HANKO_API_URL if it doesn't exist, otherwise update it
if grep -q '^HANKO_API_URL=' .env; then
sed -i 's|^HANKO_API_URL=.*|HANKO_API_URL=https://dev.login.hotosm.org|' .env
else
echo 'HANKO_API_URL=https://dev.login.hotosm.org' >> .env
fi
sed -i 's|^POSTGRES_PASSWORD=.*|POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}|' .env
sed -i 's|^COOKIE_SECRET=.*|COOKIE_SECRET=${{ secrets.COOKIE_SECRET }}|' .env
sed -i 's|^OSM_CLIENT_ID=.*|OSM_CLIENT_ID=${{ secrets.OSM_CLIENT_ID }}|' .env
sed -i 's|^OSM_CLIENT_SECRET=.*|OSM_CLIENT_SECRET=${{ secrets.OSM_CLIENT_SECRET }}|' .env
sed -i 's|^OSM_REDIRECT_URI=.*|OSM_REDIRECT_URI=${{ secrets.OSM_REDIRECT_URI }}|' .env
echo "✓ Updated secrets in .env"
# Login to GitHub Container Registry
echo ${{ secrets.GITHUB_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin
# Pull latest images
docker compose -f docker-compose.yml pull
# Restart services with force recreate
docker compose -f docker-compose.yml up -d --force-recreate --pull always
# Clean up old images
docker image prune -af
echo "✓ Deployment completed successfully"
EOF
- name: Notify deployment status
if: always()
run: |
if [ ${{ job.status }} == 'success' ]; then
echo "✓ Deployment to dev.login.hotosm.org successful"
else
echo "✗ Deployment failed"
exit 1
fi