Files used for GitHub Action Docker Deployment via SSH to stand alone Linux server

.env

# Autogenerated .env file
HOST_DOMAIN=web.web-templates.io
LETSENCRYPT_EMAIL=you@example.com
APP_NAME=web
IMAGE_REPO=netcoretemplates/web
RELEASE_VERSION=latest

docker-compose.override.yml

version: "3.9"
services:
  app:
    build: .
    ports:
      - "5000:80"
    volumes:
      - app-mydb:/app/App_Data
  app-migration:
    build: .
    restart: "no"
    profiles:
      - migration
    command: --AppTasks=migrate
    volumes:
      - app-mydb:/app/App_Data

volumes:
  app-mydb:

docker-compose.prod.yml

version: "3.9"
services:
    app:
        image: ghcr.io/${IMAGE_REPO}:${RELEASE_VERSION}
        restart: always
        ports:
            - "80"
        container_name: ${APP_NAME}_app
        environment:
            VIRTUAL_HOST: ${HOST_DOMAIN}
            LETSENCRYPT_HOST: ${HOST_DOMAIN}
            LETSENCRYPT_EMAIL: ${LETSENCRYPT_EMAIL}
        volumes:
            - app-mydb:/app/App_Data
    app-migration:
        image: ghcr.io/${IMAGE_REPO}:${RELEASE_VERSION}
        restart: "no"
        container_name: ${APP_NAME}_app_migration
        profiles:
            - migration
        command: --AppTasks=migrate
        volumes:
            - app-mydb:/app/App_Data

networks:
  default:
    external: true
    name: nginx

volumes:
    app-mydb:

docker-compose.yml

version: "3.9"
services:
    app:
        volumes:
            - app-mydb:/app/App_Data
    app-migration:
        restart: "no"
        profiles:
            - migration
        command: --AppTasks=migrate
        volumes:
            - app-mydb:/app/App_Data

volumes:
    app-mydb:

nginx-proxy-compose.yml

version: "3.9"

services:
  nginx-proxy:
    image: nginxproxy/nginx-proxy
    container_name: nginx-proxy
    restart: always
    ports:
      - "80:80"
      - "443:443"
    volumes:
      - conf:/etc/nginx/conf.d
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - dhparam:/etc/nginx/dhparam
      - certs:/etc/nginx/certs:ro
      - /var/run/docker.sock:/tmp/docker.sock:ro
    labels:
      - "com.github.jrcs.letsencrypt_nginx_proxy_companion.nginx_proxy"

  letsencrypt:
    image: nginxproxy/acme-companion:2.2
    container_name: nginx-proxy-le
    restart: always
    depends_on:
      - "nginx-proxy"
    environment:
      - DEFAULT_EMAIL=you@example.com
    volumes:
      - certs:/etc/nginx/certs:rw
      - acme:/etc/acme.sh
      - vhost:/etc/nginx/vhost.d
      - html:/usr/share/nginx/html
      - /var/run/docker.sock:/var/run/docker.sock:ro

networks:
  default:
    name: nginx

volumes:
  conf:
  vhost:
  html:
  dhparam:
  certs:
  acme:

release.yml

name: Release
permissions:
  packages: write
  contents: write
on:
  # Triggered on new GitHub Release
  release:
    types: [published]
  # Triggered on every successful Build action
  workflow_run:
    workflows: ["Build"]
    branches: [main,master]
    types:
      - completed
  # Manual trigger for rollback to specific release or redeploy latest
  workflow_dispatch:
    inputs:
      version:
        default: latest
        description: Tag you want to release.
        required: true

jobs:
  push_to_registry:
    runs-on: ubuntu-22.04
    if: ${{ github.event.workflow_run.conclusion != 'failure' }}
    steps:
      # Checkout latest or specific tag
      - name: checkout
        if: ${{ github.event.inputs.version == '' || github.event.inputs.version == 'latest' }}
        uses: actions/checkout@v3
      - name: checkout tag
        if: ${{ github.event.inputs.version != '' && github.event.inputs.version != 'latest' }}
        uses: actions/checkout@v3
        with:
          ref: refs/tags/${{ github.event.inputs.version }}

      # Assign environment variables used in subsequent steps
      - name: Env variable assignment
        run: echo "image_repository_name=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
      # TAG_NAME defaults to 'latest' if not a release or manual deployment
      - name: Assign version
        run: |
          echo "TAG_NAME=latest" >> $GITHUB_ENV
          if [ "${{ github.event.release.tag_name }}" != "" ]; then
            echo "TAG_NAME=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
          fi;
          if [ "${{ github.event.inputs.version }}" != "" ]; then
            echo "TAG_NAME=${{ github.event.inputs.version }}" >> $GITHUB_ENV
          fi;

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}

      # Build and push new docker image, skip for manual redeploy other than 'latest'
      - name: Build and push Docker images
        uses: docker/build-push-action@v3
        if: ${{ github.event.inputs.version == '' || github.event.inputs.version == 'latest' }}
        with:
          file: Dockerfile
          context: .
          push: true
          tags: ghcr.io/${{ env.image_repository_name }}:${{ env.TAG_NAME }}

  deploy_via_ssh:
    needs: push_to_registry
    runs-on: ubuntu-22.04
    if: ${{ github.event.workflow_run.conclusion != 'failure' }}
    steps:
      # Checkout latest or specific tag
      - name: checkout
        if: ${{ github.event.inputs.version == '' || github.event.inputs.version == 'latest' }}
        uses: actions/checkout@v3
      - name: checkout tag
        if: ${{ github.event.inputs.version != '' && github.event.inputs.version != 'latest' }}
        uses: actions/checkout@v3
        with:
          ref: refs/tags/${{ github.event.inputs.version }}

      - name: repository name fix and env
        run: |
          echo "image_repository_name=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
          echo "domain=${{ secrets.DEPLOY_HOST }}" >> $GITHUB_ENV
          echo "letsencrypt_email=${{ secrets.LETSENCRYPT_EMAIL }}" >> $GITHUB_ENV
          echo "TAG_NAME=latest" >> $GITHUB_ENV
          if [ "${{ github.event.release.tag_name }}" != "" ]; then
            echo "TAG_NAME=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
          fi;
          if [ "${{ github.event.inputs.version }}" != "" ]; then
            echo "TAG_NAME=${{ github.event.inputs.version }}" >> $GITHUB_ENV
          fi;

      - name: Create .env file
        run: |
          echo "Generating .env file"

          echo "# Autogenerated .env file" > .env
          echo "HOST_DOMAIN=${{ secrets.DEPLOY_HOST }}" >> .env
          echo "LETSENCRYPT_EMAIL=${{ secrets.LETSENCRYPT_EMAIL }}" >> .env
          echo "APP_NAME=${{ github.event.repository.name }}" >> .env
          echo "IMAGE_REPO=${{ env.image_repository_name }}" >> .env
          echo "RELEASE_VERSION=${{ env.TAG_NAME }}" >> .env

      # Copy only the docker-compose.yml to remote server home folder
      - name: copy files to target server via scp
        uses: appleboy/scp-action@v0.1.3
        with:
          host: ${{ secrets.DEPLOY_HOST }}
          username: ${{ secrets.DEPLOY_USERNAME }}
          port: 22
          key: ${{ secrets.DEPLOY_KEY }}
          source: "./docker-compose.yml,./docker-compose.prod.yml,./.env"
          target: "~/.deploy/${{ github.event.repository.name }}/"

      - name: Run remote db migrations
        uses: appleboy/ssh-action@v0.1.5
        env:
          APPTOKEN: ${{ secrets.GITHUB_TOKEN }}
          USERNAME: ${{ secrets.DEPLOY_USERNAME }}
        with:
          host: ${{ secrets.DEPLOY_HOST }}
          username: ${{ secrets.DEPLOY_USERNAME }}
          key: ${{ secrets.DEPLOY_KEY }}
          port: 22
          envs: APPTOKEN,USERNAME
          script: |
            echo $APPTOKEN | docker login ghcr.io -u $USERNAME --password-stdin
            cd ~/.deploy/${{ github.event.repository.name }}
            docker compose -f ./docker-compose.yml -f ./docker-compose.prod.yml pull
            docker compose -f ./docker-compose.yml -f ./docker-compose.prod.yml up app-migration

      # Deploy Docker image with your application using `docker compose up` remotely
      - name: remote docker-compose up via ssh
        uses: appleboy/ssh-action@v0.1.5
        env:
          APPTOKEN: ${{ secrets.GITHUB_TOKEN }}
          USERNAME: ${{ secrets.DEPLOY_USERNAME }}
        with:
          host: ${{ secrets.DEPLOY_HOST }}
          username: ${{ secrets.DEPLOY_USERNAME }}
          key: ${{ secrets.DEPLOY_KEY }}
          port: 22
          envs: APPTOKEN,USERNAME
          script: |
            echo $APPTOKEN | docker login ghcr.io -u $USERNAME --password-stdin
            cd ~/.deploy/${{ github.event.repository.name }}
            docker compose -f ./docker-compose.yml -f ./docker-compose.prod.yml pull
            docker compose -f ./docker-compose.yml -f ./docker-compose.prod.yml up app -d

setup-ubuntu-server.sh

sudo apt-get update
sudo apt-get -y install ca-certificates curl gnupg
sudo install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg
sudo chmod a+r /etc/apt/keyrings/docker.gpg
echo \
  "deb [arch="$(dpkg --print-architecture)" signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu \
  "$(. /etc/os-release && echo "$VERSION_CODENAME")" stable" | \
  sudo tee /etc/apt/sources.list.d/docker.list > /dev/null
sudo apt-get update
sudo apt-get -y install docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin