Feature/client GitHub actions #36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy LDAP Infrastructure | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| deploy-server: | |
| runs-on: ubuntu-latest | |
| environment: dev | |
| steps: | |
| - name: Checkout the repository | |
| uses: actions/checkout@v2 | |
| - name: Set up Terraform | |
| uses: hashicorp/setup-terraform@v2 | |
| with: | |
| terraform_version: 1.3.0 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Fetch AMI ID for Amazon Linux | |
| id: fetch_ami | |
| run: | | |
| os_filter="al2023-ami-*-x86_64" | |
| owners="137112412989" # Amazon Linux owner ID | |
| ami_id=$(aws ec2 describe-images \ | |
| --filters "Name=name,Values=$os_filter" "Name=state,Values=available" \ | |
| --owners $owners \ | |
| --query "Images | sort_by(@, &CreationDate)[-1].ImageId" \ | |
| --output text) | |
| if [ -z "$ami_id" ]; then | |
| echo "Failed to find valid AMI ID" | |
| exit 1 | |
| fi | |
| echo "ami_id=$ami_id" >> "$GITHUB_ENV" | |
| - name: Initialize Terraform | |
| run: cd terraform && terraform init | |
| - name: Apply Terraform Configuration | |
| run: | | |
| cd terraform | |
| terraform apply -auto-approve -var="ami_id=${{ env.ami_id }}" | |
| - name: Fetch EC2 Instance Public IP | |
| id: get-ec2-ip | |
| run: | | |
| # Get the most recent instance with the LDAPServer tag | |
| IP=$(aws ec2 describe-instances \ | |
| --filters "Name=tag:Name,Values=LDAPServer" "Name=instance-state-name,Values=running" \ | |
| --query "Reservations[*].Instances[*].[PublicIpAddress]" \ | |
| --output text | head -n 1) | |
| # Check if we got a valid IP | |
| if [[ -z "$IP" ]]; then | |
| echo "Error: Could not find running instance with tag LDAPServer" | |
| exit 1 | |
| fi | |
| # Set the environment variable correctly | |
| echo "EC2_IP=${IP}" >> $GITHUB_ENV | |
| echo "Found Server IP: ${IP}" | |
| - name: Wait for EC2 to be ready | |
| run: sleep 50 # Ensure system is ready | |
| - name: Create .env file locally | |
| run: | | |
| cat > .env << EOF | |
| DB_TYPE=${{ vars.DB_TYPE }} | |
| MONGO_URI=${{ secrets.MONGO_URI }} | |
| MONGO_DATABASE=${{ vars.MONGO_DATABASE }} | |
| LDAP_BASE_DN=${{ vars.LDAP_BASE_DN }} | |
| LDAP_PORT=${{ vars.LDAP_PORT }} | |
| LDAP_CERT_CONTENT="${{ secrets.LDAP_CERT_CONTENT }}" | |
| LDAP_KEY_CONTENT="${{ secrets.LDAP_KEY_CONTENT }}" | |
| LDAP_URL=${{ secrets.LDAP_URL }} | |
| EOF | |
| echo "Created .env file" | |
| - name: Deploy app to EC2 | |
| run: | | |
| echo "${{ secrets.EC2_PRIVATE_KEY }}" > ec2-key.pem | |
| chmod 600 ec2-key.pem | |
| # First, clone the repository and set up the directory | |
| ssh -o StrictHostKeyChecking=no -i ec2-key.pem ec2-user@${{ env.EC2_IP }} << 'EOSSH' | |
| # Clone the repository | |
| if [ -d "/home/ec2-user/LDAPServer" ]; then | |
| rm -rf /home/ec2-user/LDAPServer | |
| fi | |
| git clone https://github.com/anishapant21/LDAPServer.git /home/ec2-user/LDAPServer | |
| EOSSH | |
| # Now copy the .env file to the server - place it in the src directory | |
| scp -o StrictHostKeyChecking=no -i ec2-key.pem .env ec2-user@${{ env.EC2_IP }}:/home/ec2-user/LDAPServer/src/.env | |
| # Finally, install dependencies and start the server | |
| ssh -o StrictHostKeyChecking=no -i ec2-key.pem ec2-user@${{ env.EC2_IP }} << 'EOSSH' | |
| # Install dependencies and start the Node.js server | |
| cd /home/ec2-user/LDAPServer/src | |
| npm install | |
| # Kill any existing node process | |
| pkill -f "node server.js" || true | |
| # Start the server (already in the src directory) | |
| nohup sudo node server.js > server.log 2>&1 & | |
| # Verify the server has started | |
| sleep 5 | |
| if pgrep -f "node server.js" > /dev/null; then | |
| echo "Server started successfully" | |
| ps aux | grep "node server.js" | grep -v grep | |
| else | |
| echo "Server failed to start" | |
| tail -n 20 server.log | |
| fi | |
| EOSSH | |
| - name: Output EC2 Instance Public IP | |
| run: echo "LDAP Server running at http://${{ env.EC2_IP }}" | |
| outputs: | |
| server_ip: ${{ env.EC2_IP }} | |
| deploy-client: | |
| needs: deploy-server # This ensures the client job runs after server deployment | |
| runs-on: ubuntu-latest | |
| environment: dev | |
| steps: | |
| - name: Checkout the repository | |
| uses: actions/checkout@v2 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Login to ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Create .env file for client | |
| run: | | |
| # Get the server IP from the previous job | |
| SERVER_IP="${{ needs.deploy-server.outputs.server_ip }}" | |
| cat > docker/client/.env << EOF | |
| # LDAP Environment Configuration | |
| LDAP_BASE="${{ vars.LDAP_BASE_DN }}" | |
| LDAP_DOMAIN="${{ vars.LDAP_DOMAIN }}" | |
| LDAP_ORG="${{ vars.LDAP_ORG }}" | |
| SSH_PORT=2222 | |
| LDAP_CERT_SUBJ="/C=US/ST=IN/L=City/O=${{ vars.LDAP_ORG }}/CN=localhost" | |
| LDAP_URI="ldaps://${SERVER_IP}:${{ vars.LDAP_PORT }}" | |
| LDAP_CERT="/certificates/ca-cert.pem" | |
| LDAP_CA_CERT="${{ secrets.LDAP_CERT_CONTENT }}" | |
| EOF | |
| echo "Created client .env file with LDAP Server IP: ${SERVER_IP}" | |
| cat docker/client/.env | grep -v "LDAP_CA_CERT" | |
| - name: Build and push Docker image to existing ECR | |
| run: | | |
| # Get ECR repository URI | |
| ECR_REGISTRY=${{ steps.login-ecr.outputs.registry }} | |
| ECR_REPOSITORY=ldap-client | |
| IMAGE_TAG=${{ github.sha }} | |
| # Build and push Docker image | |
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -t $ECR_REGISTRY/$ECR_REPOSITORY:latest ./docker/client | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
| echo "Image pushed to $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" | |
| echo "IMAGE_URI=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_ENV | |
| - name: Fetch EC2 Client Instance | |
| id: get-client-ip | |
| run: | | |
| # Get the instance with the LDAPClient tag | |
| CLIENT_IP=$(aws ec2 describe-instances \ | |
| --filters "Name=tag:Name,Values=LDAPClient" "Name=instance-state-name,Values=running" \ | |
| --query "Reservations[*].Instances[*].[PublicIpAddress]" \ | |
| --output text | head -n 1) | |
| # Check if we got a valid IP | |
| if [[ -z "$CLIENT_IP" ]]; then | |
| echo "Error: Could not find running instance with tag LDAPClient" | |
| exit 1 | |
| fi | |
| echo "CLIENT_IP=${CLIENT_IP}" >> $GITHUB_ENV | |
| echo "Found Client IP: ${CLIENT_IP}" | |
| - name: Deploy client to EC2 | |
| run: | | |
| echo "${{ secrets.EC2_PRIVATE_KEY }}" > ec2-key.pem | |
| chmod 600 ec2-key.pem | |
| ssh -o StrictHostKeyChecking=no -i ec2-key.pem ec2-user@${{ env.CLIENT_IP }} << EOSSH | |
| # Login to ECR | |
| aws ecr get-login-password --region us-east-1 | docker login --username AWS --password-stdin ${{ steps.login-ecr.outputs.registry }} | |
| # Pull the latest client image | |
| docker pull ${{ env.IMAGE_URI }} | |
| # Stop any running client container | |
| docker stop ldap-client || true | |
| docker rm ldap-client || true | |
| # Run the new container | |
| docker run -d --name ldap-client \ | |
| -p 2222:2222 \ | |
| --restart unless-stopped \ | |
| ${{ env.IMAGE_URI }} | |
| # Verify the container is running | |
| docker ps | grep ldap-client | |
| EOSSH | |
| - name: Output Client Deployment Info | |
| run: | | |
| echo "=============== DEPLOYMENT SUMMARY ===============" | |
| echo "LDAP Server IP: ${{ needs.deploy-server.outputs.server_ip }}" | |
| echo "LDAP Client IP: ${{ env.CLIENT_IP }}" | |
| echo "Client SSH accessible at: ssh -p 2222 user@${{ env.CLIENT_IP }}" | |
| echo "==================================================" |