Secrets for GitHub Actions
Set the following repository secrets for deployment:
Docker Maintenance
Delete all Docker-related data (network, volume, image):
docker system prune -a -f
Build and Run Inventory Service
To build and start only the inventory-service container:
sudo docker compose up -d --build inventory-service
To check the logs:
sudo docker logs inventory-service
Health Check from API Gateway
Check inventory service health from within the API Gateway container:
docker exec -it linqra-api-gateway-service-1 curl -k -v https://api-gateway-service:7777/r/inventory-service/health
Or, if you want to include a Bearer token (not required when calling from the API Gateway container):
docker exec -it linqra-api-gateway-service-1 curl -k -H "Authorization: Bearer <ACCESS_TOKEN>" -v https://api-gateway-service:7777/r/inventory-service/health
Note: The Bearer token is not required when making requests from within the API Gateway container as they are on the same network.
CI/CD Configuration
The inventory service uses GitHub Actions for continuous integration and deployment. Here’s the complete CI/CD configuration:
name: Linqra Inventory Service CI
on:
push:
branches: [ "master" ]
pull_request:
branches: [ "master" ]
permissions:
contents: write
jobs:
java-app:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# Upload Inventory Service source files
- name: Upload Inventory Service source
uses: actions/upload-artifact@v4
with:
name: inventory-service-source
path: |
.
# Upload docker-compose.yml
- name: Upload docker-compose file
uses: actions/upload-artifact@v4
with:
name: docker-compose
path: docker-compose-ec2.yml
# Upload root pom.xml
- name: Upload root pom file
uses: actions/upload-artifact@v4
with:
name: root-pom
path: pom.xml
# Debug and upload .kube directory with hidden files
- name: Debug .kube directory
run: |
echo "Checking .kube directory contents:"
ls -la .kube/
- name: Copy .kube to temporary directory
run: |
cp -r .kube kube-config
- name: Upload kube directory
uses: actions/upload-artifact@v4
with:
name: kube-config
path: kube-config/**
# Add this new step to upload keys directory
- name: Upload keys directory
uses: actions/upload-artifact@v4
with:
name: keys-config
path: keys/
if-no-files-found: error
deploy:
needs: [java-app]
runs-on: ubuntu-latest
if: github.ref == 'refs/heads/master'
steps:
- name: Download all artifacts
uses: actions/download-artifact@v4
with:
path: artifacts
- name: Install SSH key
uses: webfactory/ssh-agent@v0.9.0
with:
ssh-private-key: ${{ secrets.EC2_SSH_KEY_PROD }}
- name: Deploy to EC2
env:
EC2_HOST: ${{ secrets.HOST_DNS_PROD }}
EC2_USERNAME: ${{ secrets.USERNAME_PROD }}
TARGET_DIR: ${{ secrets.TARGET_DIR_PROD }}
run: |
# Disable strict host key checking
mkdir -p ~/.ssh
echo "StrictHostKeyChecking no" >> ~/.ssh/config
# Ensure the target directory exists
ssh $EC2_USERNAME@$EC2_HOST "sudo mkdir -p /var/www/inventory-service && sudo chown -R $EC2_USERNAME:$EC2_USERNAME /var/www/inventory-service && sudo chmod -R 755 /var/www/inventory-service"
# Rsync main directories
rsync -avz --delete artifacts/inventory-service-source/ $EC2_USERNAME@$EC2_HOST:/var/www/inventory-service
# Use rsync for sensitive files
rsync -avz artifacts/docker-compose/docker-compose-ec2.yml $EC2_USERNAME@$EC2_HOST:/var/www/inventory-service/docker-compose.yml
rsync -avz artifacts/root-pom/pom.xml $EC2_USERNAME@$EC2_HOST:/var/www/inventory-service/pom.xml
# .kube and keys (if needed, use scp or rsync as appropriate)
if [ -d "artifacts/kube-config" ]; then
rsync -avz --delete --rsync-path="sudo rsync" artifacts/kube-config/ $EC2_USERNAME@$EC2_HOST:/var/www/inventory-service/.kube/
fi
if [ -d "artifacts/keys-config" ]; then
rsync -avz --delete --rsync-path="sudo rsync" artifacts/keys-config/ $EC2_USERNAME@$EC2_HOST:/var/www/inventory-service/keys/
fi
ssh $EC2_USERNAME@$EC2_HOST "
# Set permissions
sudo chown -R ubuntu:ubuntu /var/www/inventory-service
sudo chmod -R 600 /var/www/inventory-service/keys/* || echo 'No keys to set permissions for'
sudo find /var/www/inventory-service/keys -type d -exec chmod 755 {} \;
sudo find /var/www/inventory-service/keys -type f -exec chmod 600 {} \;
# Move to the deployment directory
cd /var/www/inventory-service
# Prune unused images/containers/volumes/networks
echo 'Pruning unused images/containers/volumes/networks'
sudo docker system prune -a -f
# Check disk usage
echo 'Checking disk usage'
df -hT
# Ensure the Docker network exists
echo 'Ensuring the Docker network exists'
sudo docker network create linqra-network || true
# Build and start containers
echo 'Building and starting containers'
sudo docker compose -f docker-compose.yml -p linqra up -d --build inventory-service
# Check if containers are running
echo 'Checking if containers are running'
docker ps
"
dependency-review:
if: github.event_name == 'pull_request'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Dependency Review
uses: actions/dependency-review-action@v4
with:
fail-on-severity: high
This CI/CD pipeline:
- Triggers on pushes to master and pull requests
- Uploads necessary files as artifacts
- Deploys to EC2 when changes are pushed to master
- Includes dependency review for pull requests
- Handles sensitive files and permissions appropriately
- Manages Docker containers and networking
The pipeline requires the following GitHub secrets to be configured:
EC2_SSH_KEY_PRODHOST_DNS_PRODUSERNAME_PRODTARGET_DIR_PROD
