gistlyn/.deploy\docker-compose.yml

## .deploy\docker-compose.yml
version: "3.9"
services:
  app:
    image: ghcr.io/${IMAGE_REPO}:${RELEASE_VERSION}
    restart: always
    depends_on:
      app-litestream:
        condition: service_healthy
    ports:
      - "8080"
    container_name: ${APP_NAME}_app
    environment:
      VIRTUAL_HOST: ${HOST_DOMAIN}
      VIRTUAL_PORT: 8080 # New default ASP.NET port -> https://learn.microsoft.com/en-us/dotnet/core/compatibility/containers/8.0/aspnet-port
      LETSENCRYPT_HOST: ${HOST_DOMAIN}
      LETSENCRYPT_EMAIL: ${LETSENCRYPT_EMAIL}
    volumes:
      - app-mydb:/app/App_Data

  app-litestream:
    image: litestream/litestream
    entrypoint: ["/bin/sh", "-c"]
    # Timeout of health check will need to depend on size of db, and speed of network to host.
    healthcheck:
      test: /usr/local/bin/litestream restore -if-db-not-exists -if-replica-exists -o /data/app.db sftp://${SFTP_USERNAME}:${SFTP_PASSWORD}@${SFTP_HOST}:${SFTP_PORT}/MyApp.sqlite
      timeout: 10m
      retries: 1
    command:
      - /usr/local/bin/litestream replicate /data/app.db sftp://${SFTP_USERNAME}:${SFTP_PASSWORD}@${SFTP_HOST}:${SFTP_PORT}/MyApp.sqlite
    volumes:
      - app-mydb:/data

  app-migration:
    image: ghcr.io/${IMAGE_REPO}:${RELEASE_VERSION}
    restart: "no"
    container_name: ${APP_NAME}_app_migration
    profiles:
      - migration
    command: --AppTasks=migrate
    volumes:
      - app-mydb:/app/App_Data

networks:
  default:
    external: true
    name: nginx

volumes:
  app-mydb:

## .github\workflows\release.yml
name: Release
permissions:
  packages: write
  contents: write
on:
  # Triggered on new GitHub Release
  release:
    types: [published]
  # Triggered on every successful Build action
  workflow_run:
    workflows: ["Build"]
    branches: [main,master]
    types:
      - completed
  # Manual trigger for rollback to specific release or redeploy latest
  workflow_dispatch:
    inputs:
      version:
        default: latest
        description: Tag you want to release.
        required: true

jobs:
  push_to_registry:
    runs-on: ubuntu-22.04
    if: ${{ github.event.workflow_run.conclusion != 'failure' }}
    steps:
      # Checkout latest or specific tag
      - name: checkout
        if: ${{ github.event.inputs.version == '' || github.event.inputs.version == 'latest' }}
        uses: actions/checkout@v3
      - name: checkout tag
        if: ${{ github.event.inputs.version != '' && github.event.inputs.version != 'latest' }}
        uses: actions/checkout@v3
        with:
          ref: refs/tags/${{ github.event.inputs.version }}

      # Assign environment variables used in subsequent steps
      - name: Env variable assignment
        run: echo "image_repository_name=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
      # TAG_NAME defaults to 'latest' if not a release or manual deployment
      - name: Assign version
        run: |
          echo "TAG_NAME=latest" >> $GITHUB_ENV
          if [ "${{ github.event.release.tag_name }}" != "" ]; then
            echo "TAG_NAME=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
          fi;
          if [ "${{ github.event.inputs.version }}" != "" ]; then
            echo "TAG_NAME=${{ github.event.inputs.version }}" >> $GITHUB_ENV
          fi;
          if [ ! -z "${{ secrets.APPSETTINGS_PATCH }}" ]; then
            echo "HAS_APPSETTINGS_PATCH=true" >> $GITHUB_ENV
          else
            echo "HAS_APPSETTINGS_PATCH=false" >> $GITHUB_ENV
          fi;

      - name: Login to GitHub Container Registry
        uses: docker/login-action@v2
        with:
          registry: ghcr.io
          username: ${{ github.actor }}
          password: ${{ secrets.GITHUB_TOKEN }}


      - name: Setup dotnet
        uses: actions/setup-dotnet@v3
        with:
          dotnet-version: '8.0'

      - name: Install x tool
        if: env.HAS_APPSETTINGS_PATCH == 'true'
        run: dotnet tool install -g x

      - name: Apply Production AppSettings
        if: env.HAS_APPSETTINGS_PATCH == 'true'
        working-directory: ./MyApp
        run: |
          cat <<EOF >> appsettings.json.patch
          ${{ secrets.APPSETTINGS_PATCH }}
          EOF
          x patch appsettings.json.patch

      # Build and push new docker image, skip for manual redeploy other than 'latest'
      - name: Build and push Docker image
        run: |
          dotnet publish --os linux --arch x64 -c Release -p:ContainerRepository=${{ env.image_repository_name }} -p:ContainerRegistry=ghcr.io -p:ContainerImageTags=${{ env.TAG_NAME }} -p:ContainerPort=80

  deploy_via_ssh:
    needs: push_to_registry
    runs-on: ubuntu-22.04
    if: ${{ github.event.workflow_run.conclusion != 'failure' }}
    steps:
      # Checkout latest or specific tag
      - name: checkout
        if: ${{ github.event.inputs.version == '' || github.event.inputs.version == 'latest' }}
        uses: actions/checkout@v3
      - name: checkout tag
        if: ${{ github.event.inputs.version != '' && github.event.inputs.version != 'latest' }}
        uses: actions/checkout@v3
        with:
          ref: refs/tags/${{ github.event.inputs.version }}

      - name: repository name fix and env
        run: |
          echo "image_repository_name=$(echo ${{ github.repository }} | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
          echo "TAG_NAME=latest" >> $GITHUB_ENV
          if [ "${{ github.event.release.tag_name }}" != "" ]; then
            echo "TAG_NAME=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
          fi;
          if [ "${{ github.event.inputs.version }}" != "" ]; then
            echo "TAG_NAME=${{ github.event.inputs.version }}" >> $GITHUB_ENV
          fi;

      - name: Create .env file
        run: |
          echo "Generating .env file"

          echo "# Autogenerated .env file" > .deploy/.env
          echo "HOST_DOMAIN=${{ secrets.DEPLOY_HOST }}" >> .deploy/.env
          echo "LETSENCRYPT_EMAIL=${{ secrets.LETSENCRYPT_EMAIL }}" >> .deploy/.env
          echo "APP_NAME=${{ github.event.repository.name }}" >> .deploy/.env
          echo "IMAGE_REPO=${{ env.image_repository_name }}" >> .deploy/.env
          echo "RELEASE_VERSION=${{ env.TAG_NAME }}" >> .deploy/.env
          echo "SFTP_HOST=${{ secrets.SFTP_HOST }}" >> .deploy/.env
          echo "SFTP_USERNAME=${{ secrets.SFTP_USERNAME }}" >> .deploy/.env
          echo "SFTP_PASSWORD=${{ secrets.SFTP_PASSWORD }}" >> .deploy/.env
          echo "SFTP_PORT=${{ secrets.SFTP_PORT }}" >> .deploy/.env


      # Copy only the docker-compose.yml to remote server home folder
      - name: copy files to target server via scp
        uses: appleboy/scp-action@v0.1.3
        with:
          host: ${{ secrets.DEPLOY_HOST }}
          username: ${{ secrets.DEPLOY_USERNAME }}
          port: 22
          key: ${{ secrets.DEPLOY_KEY }}
          strip_components: 2
          source: "./.deploy/docker-compose.yml,./.deploy/.env"
          target: "~/.deploy/${{ github.event.repository.name }}/"

      - name: Run remote db migrations
        uses: appleboy/ssh-action@v0.1.5
        env:
          APPTOKEN: ${{ secrets.GITHUB_TOKEN }}
          USERNAME: ${{ secrets.DEPLOY_USERNAME }}
        with:
          host: ${{ secrets.DEPLOY_HOST }}
          username: ${{ secrets.DEPLOY_USERNAME }}
          key: ${{ secrets.DEPLOY_KEY }}
          port: 22
          envs: APPTOKEN,USERNAME
          script: |
            set -e
            echo $APPTOKEN | docker login ghcr.io -u $USERNAME --password-stdin
            cd ~/.deploy/${{ github.event.repository.name }}
            docker compose pull
            export APP_ID=$(docker compose run --entrypoint "id -u" --rm app)
            docker compose run --entrypoint "chown $APP_ID:$APP_ID /app/App_Data" --user root --rm app
            docker compose up app-migration --exit-code-from app-migration

      # Deploy Docker image with your application using `docker compose up` remotely
      - name: remote docker-compose up via ssh
        uses: appleboy/ssh-action@v0.1.5
        env:
          APPTOKEN: ${{ secrets.GITHUB_TOKEN }}
          USERNAME: ${{ secrets.DEPLOY_USERNAME }}
        with:
          host: ${{ secrets.DEPLOY_HOST }}
          username: ${{ secrets.DEPLOY_USERNAME }}
          key: ${{ secrets.DEPLOY_KEY }}
          port: 22
          envs: APPTOKEN,USERNAME
          script: |
            echo $APPTOKEN | docker login ghcr.io -u $USERNAME --password-stdin
            cd ~/.deploy/${{ github.event.repository.name }}
            docker compose pull
            docker compose up app -d
	version: "3.9"
	services:
	app:
	image: ghcr.io/${IMAGE_REPO}:${RELEASE_VERSION}
	restart: always
	depends_on:
	app-litestream:
	condition: service_healthy
	ports:
	- "8080"
	container_name: ${APP_NAME}_app
	environment:
	VIRTUAL_HOST: ${HOST_DOMAIN}
	VIRTUAL_PORT: 8080 # New default ASP.NET port -> https://learn.microsoft.com/en-us/dotnet/core/compatibility/containers/8.0/aspnet-port
	LETSENCRYPT_HOST: ${HOST_DOMAIN}
	LETSENCRYPT_EMAIL: ${LETSENCRYPT_EMAIL}
	volumes:
	- app-mydb:/app/App_Data

	app-litestream:
	image: litestream/litestream
	entrypoint: ["/bin/sh", "-c"]
	# Timeout of health check will need to depend on size of db, and speed of network to host.
	healthcheck:
	test: /usr/local/bin/litestream restore -if-db-not-exists -if-replica-exists -o /data/app.db sftp://${SFTP_USERNAME}:${SFTP_PASSWORD}@${SFTP_HOST}:${SFTP_PORT}/MyApp.sqlite
	timeout: 10m
	retries: 1
	command:
	- /usr/local/bin/litestream replicate /data/app.db sftp://${SFTP_USERNAME}:${SFTP_PASSWORD}@${SFTP_HOST}:${SFTP_PORT}/MyApp.sqlite
	volumes:
	- app-mydb:/data

	app-migration:
	image: ghcr.io/${IMAGE_REPO}:${RELEASE_VERSION}
	restart: "no"
	container_name: ${APP_NAME}_app_migration
	profiles:
	- migration
	command: --AppTasks=migrate
	volumes:
	- app-mydb:/app/App_Data

	networks:
	default:
	external: true
	name: nginx

	volumes:
	app-mydb:
	name: Release
	permissions:
	packages: write
	contents: write
	on:
	# Triggered on new GitHub Release
	release:
	types: [published]
	# Triggered on every successful Build action
	workflow_run:
	workflows: ["Build"]
	branches: [main,master]
	types:
	- completed
	# Manual trigger for rollback to specific release or redeploy latest
	workflow_dispatch:
	inputs:
	version:
	default: latest
	description: Tag you want to release.
	required: true

	jobs:
	push_to_registry:
	runs-on: ubuntu-22.04
	if: ${{ github.event.workflow_run.conclusion != 'failure' }}
	steps:
	# Checkout latest or specific tag
	- name: checkout
	if: ${{ github.event.inputs.version == '' \|\| github.event.inputs.version == 'latest' }}
	uses: actions/checkout@v3
	- name: checkout tag
	if: ${{ github.event.inputs.version != '' && github.event.inputs.version != 'latest' }}
	uses: actions/checkout@v3
	with:
	ref: refs/tags/${{ github.event.inputs.version }}

	# Assign environment variables used in subsequent steps
	- name: Env variable assignment
	run: echo "image_repository_name=$(echo ${{ github.repository }} \| tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
	# TAG_NAME defaults to 'latest' if not a release or manual deployment
	- name: Assign version
	run: \|
	echo "TAG_NAME=latest" >> $GITHUB_ENV
	if [ "${{ github.event.release.tag_name }}" != "" ]; then
	echo "TAG_NAME=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
	fi;
	if [ "${{ github.event.inputs.version }}" != "" ]; then
	echo "TAG_NAME=${{ github.event.inputs.version }}" >> $GITHUB_ENV
	fi;
	if [ ! -z "${{ secrets.APPSETTINGS_PATCH }}" ]; then
	echo "HAS_APPSETTINGS_PATCH=true" >> $GITHUB_ENV
	else
	echo "HAS_APPSETTINGS_PATCH=false" >> $GITHUB_ENV
	fi;

	- name: Login to GitHub Container Registry
	uses: docker/login-action@v2
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.GITHUB_TOKEN }}


	- name: Setup dotnet
	uses: actions/setup-dotnet@v3
	with:
	dotnet-version: '8.0'

	- name: Install x tool
	if: env.HAS_APPSETTINGS_PATCH == 'true'
	run: dotnet tool install -g x

	- name: Apply Production AppSettings
	if: env.HAS_APPSETTINGS_PATCH == 'true'
	working-directory: ./MyApp
	run: \|
	cat <<EOF >> appsettings.json.patch
	${{ secrets.APPSETTINGS_PATCH }}
	EOF
	x patch appsettings.json.patch

	# Build and push new docker image, skip for manual redeploy other than 'latest'
	- name: Build and push Docker image
	run: \|
	dotnet publish --os linux --arch x64 -c Release -p:ContainerRepository=${{ env.image_repository_name }} -p:ContainerRegistry=ghcr.io -p:ContainerImageTags=${{ env.TAG_NAME }} -p:ContainerPort=80

	deploy_via_ssh:
	needs: push_to_registry
	runs-on: ubuntu-22.04
	if: ${{ github.event.workflow_run.conclusion != 'failure' }}
	steps:
	# Checkout latest or specific tag
	- name: checkout
	if: ${{ github.event.inputs.version == '' \|\| github.event.inputs.version == 'latest' }}
	uses: actions/checkout@v3
	- name: checkout tag
	if: ${{ github.event.inputs.version != '' && github.event.inputs.version != 'latest' }}
	uses: actions/checkout@v3
	with:
	ref: refs/tags/${{ github.event.inputs.version }}

	- name: repository name fix and env
	run: \|
	echo "image_repository_name=$(echo ${{ github.repository }} \| tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
	echo "TAG_NAME=latest" >> $GITHUB_ENV
	if [ "${{ github.event.release.tag_name }}" != "" ]; then
	echo "TAG_NAME=${{ github.event.release.tag_name }}" >> $GITHUB_ENV
	fi;
	if [ "${{ github.event.inputs.version }}" != "" ]; then
	echo "TAG_NAME=${{ github.event.inputs.version }}" >> $GITHUB_ENV
	fi;

	- name: Create .env file
	run: \|
	echo "Generating .env file"

	echo "# Autogenerated .env file" > .deploy/.env
	echo "HOST_DOMAIN=${{ secrets.DEPLOY_HOST }}" >> .deploy/.env
	echo "LETSENCRYPT_EMAIL=${{ secrets.LETSENCRYPT_EMAIL }}" >> .deploy/.env
	echo "APP_NAME=${{ github.event.repository.name }}" >> .deploy/.env
	echo "IMAGE_REPO=${{ env.image_repository_name }}" >> .deploy/.env
	echo "RELEASE_VERSION=${{ env.TAG_NAME }}" >> .deploy/.env
	echo "SFTP_HOST=${{ secrets.SFTP_HOST }}" >> .deploy/.env
	echo "SFTP_USERNAME=${{ secrets.SFTP_USERNAME }}" >> .deploy/.env
	echo "SFTP_PASSWORD=${{ secrets.SFTP_PASSWORD }}" >> .deploy/.env
	echo "SFTP_PORT=${{ secrets.SFTP_PORT }}" >> .deploy/.env


	# Copy only the docker-compose.yml to remote server home folder
	- name: copy files to target server via scp
	uses: appleboy/scp-action@v0.1.3
	with:
	host: ${{ secrets.DEPLOY_HOST }}
	username: ${{ secrets.DEPLOY_USERNAME }}
	port: 22
	key: ${{ secrets.DEPLOY_KEY }}
	strip_components: 2
	source: "./.deploy/docker-compose.yml,./.deploy/.env"
	target: "~/.deploy/${{ github.event.repository.name }}/"

	- name: Run remote db migrations
	uses: appleboy/ssh-action@v0.1.5
	env:
	APPTOKEN: ${{ secrets.GITHUB_TOKEN }}
	USERNAME: ${{ secrets.DEPLOY_USERNAME }}
	with:
	host: ${{ secrets.DEPLOY_HOST }}
	username: ${{ secrets.DEPLOY_USERNAME }}
	key: ${{ secrets.DEPLOY_KEY }}
	port: 22
	envs: APPTOKEN,USERNAME
	script: \|
	set -e
	echo $APPTOKEN \| docker login ghcr.io -u $USERNAME --password-stdin
	cd ~/.deploy/${{ github.event.repository.name }}
	docker compose pull
	export APP_ID=$(docker compose run --entrypoint "id -u" --rm app)
	docker compose run --entrypoint "chown $APP_ID:$APP_ID /app/App_Data" --user root --rm app
	docker compose up app-migration --exit-code-from app-migration

	# Deploy Docker image with your application using `docker compose up` remotely
	- name: remote docker-compose up via ssh
	uses: appleboy/ssh-action@v0.1.5
	env:
	APPTOKEN: ${{ secrets.GITHUB_TOKEN }}
	USERNAME: ${{ secrets.DEPLOY_USERNAME }}
	with:
	host: ${{ secrets.DEPLOY_HOST }}
	username: ${{ secrets.DEPLOY_USERNAME }}
	key: ${{ secrets.DEPLOY_KEY }}
	port: 22
	envs: APPTOKEN,USERNAME
	script: \|
	echo $APPTOKEN \| docker login ghcr.io -u $USERNAME --password-stdin
	cd ~/.deploy/${{ github.event.repository.name }}
	docker compose pull
	docker compose up app -d