【发布时间】:2021-07-05 11:19:17
【问题描述】:
我正在使用 GitHub Actions 来触发 dockerfile 的 构建,它是 上传 容器到GitHub 容器注册表。在最后一步中,我通过 SSH 连接到我的 remote DigitalOcean Droplet 并执行脚本以 pull 和 install来自 GHCR 的新图像。这个工作流程对我有好处,因为我只是在项目中构建了一个单个容器。 现在我正在使用 docker compose,因为除了 API 之外,我还需要 NGINX。我想将容器保留在单个 dropplet 上,因为该项目目前对资源的要求不高。
在单个 VM 上使用 Github Actions 和 Docker Compose 自动部署到 DigitalOcean 的正确方法是什么?
我目前已知的选项是:
- 跳过在 GHCR 上构建容器并通过 ssh 获取 repo,通过执行生产 compose 文件开始从源远程构建
- 在 GHCR 上构建每个容器,在远程复制生产 compose 文件以从 GHCR 拉取和安装
如果您知道更多选项,可能会更清洁或更高效,请告诉我!
不幸的是,我找到了一个docker-compose with Github Actions for CI question 供参考。
单个容器的 GitHub 操作
name: Github Container Registry to DigitalOcean Droplet
on:
# Trigger the workflow via push on main branch
push:
branches:
- main
# use only trigger action if the backend folder changed
paths:
- "backend/**"
- ".github/workflows/**"
jobs:
# Builds a Docker Image and pushes it to Github Container Registry
push_to_github_container_registry:
name: Push to GHCR
runs-on: ubuntu-latest
# use the backend folder as the default working directory for the job
defaults:
run:
working-directory: ./backend
steps:
# Checkout the Repository
- name: Checking out the repository
uses: actions/checkout@v2
# Setting up Docker Builder
- name: Set up Docker Builder
uses: docker/setup-buildx-action@v1
# Set Github Access Token with "write:packages & read:packages" scope for Github Container Registry.
# Then go to repository setings and add the copied token as a secret called "CR_PAT"
# https://github.com/settings/tokens/new?scopes=repo,write:packages&description=Github+Container+Registry
# ! While GHCR is in Beta make sure to enable the feature
- name: Logging into GitHub Container Registry
uses: docker/login-action@v1
with:
registry: ghcr.io
username: ${{ github.repository_owner }}
password: ${{ secrets.CR_PAT }}
# Push to Github Container Registry
- name: Pushing Image to Github Container Registry
uses: docker/build-push-action@v2
with:
context: ./backend
version: latest
file: backend/dockerfile
push: true
tags: ghcr.io/${{ github.repository }}:latest
# Connect to existing Droplet via SSH and (re)installs add. runs the image
# ! Ensure you have installed the preconfigured Droplet with Docker
# ! Ensure you have added SSH Key to the Droplet
# ! - its easier to add the SSH Keys bevore createing the droplet
deploy_to_digital_ocean_dropplet:
name: Deploy to Digital Ocean Droplet
runs-on: ubuntu-latest
needs: push_to_github_container_registry
steps:
- name: Deploy to Digital Ocean droplet via SSH action
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.HOST }}
username: ${{ secrets.USERNAME }}
key: ${{ secrets.PRIVATE_KEY }}
port: ${{ secrets.PORT }}
script: |
# Stop all running Docker Containers
docker kill $(docker ps -q)
# Free up space
docker system prune -a
# Login to Github Container Registry
docker login https://ghcr.io -u ${{ github.repository_owner }} -p ${{ secrets.CR_PAT }}
# Pull the Docker Image
docker pull ghcr.io/${{ github.repository }}:latest
# Run a new container from a new image
docker run -d -p 80:8080 -p 443:443 -t ghcr.io/${{ github.repository }}:latest
当前的 Docker-Compose
version: "3"
services:
api:
build:
context: ./backend/api
networks:
api-network:
aliases:
- api-net
nginx:
build:
context: ./backend/nginx
ports:
- "80:80"
- "443:443"
networks:
api-network:
aliases:
- nginx-net
depends_on:
- api
networks:
api-network:
【问题讨论】:
-
嘿,好奇你最后做了什么?
-
我放弃了整个事情,并通过 SSH 在我的远程运行 docker-compose 上提取了 repo,因为我已经在 github 操作上花费了大量时间。
-
明白了。 FWIW,我一直在做你在第二个选项中大致描述的事情,它对 Github 动作的作用就像一个魅力。我基本上使用 docker compose build 构建(在上一步中创建我可能需要的任何 .env 文件),将其推送到 DigitalOcean 的容器注册表,然后 ssh 进入我的 prod compose 所在的目录并运行它(我使用docker swarm/stack deploy 在该节点上,但 docker compose 也很好)。工作得非常棒!
-
如果你能和我们分享一些最少的代码会很酷!
-
添加它作为答案 - 我希望它有帮助!
标签: docker github docker-compose digital-ocean github-actions