Implemented multi stage deployment with private repo for prod stage

git-user-9 · git-user-9 · commit d9fd2479637d · 2025-07-14T23:29:10.000+05:30
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -3,7 +3,7 @@ name: EC2 Deploy
 on:
   push:
     branches:
-      - devops/a3
+      - devops/a4
     tags:
       - deploy-dev
       - deploy-prod
@@ -60,19 +60,30 @@ jobs:
 
         echo "🛠️ Deployment stage: $STAGE"
 
-    # Terraform Init & Workspace
-    - name: Terraform Init & Workspace
-      working-directory: ${{ env.TF_WORKING_DIR }}
+    # Clone private repo for prod config
+    - name: Clone Private Repo for Prod Config
+      if: env.STAGE == 'prod'
       run: |
-        terraform init
-        terraform workspace select ${STAGE} || terraform workspace new ${STAGE}
+        echo "🔒 Cloning private repo for prod configuration..."
+        git clone https://${{ secrets.PRIVATE_REPO_KEY }}@${{ secrets.PRIVATE_REPO }} private-config
+        echo "✅ Cloned private config repo"
+
+    # Terraform Init
+    - name: Terraform Init
+      working-directory: ${{ env.TF_WORKING_DIR }}
+      run: terraform init
 
     # Terraform Apply (Full Infra)
     - name: Terraform Apply
       working-directory: ${{ env.TF_WORKING_DIR }}
       run: |
-        terraform apply -var-file="${STAGE}_config.tfvars" -auto-approve \
-          -var "stage=${STAGE}"
+        if [ "${STAGE}" == "prod" ]; then
+          echo "Applying Terraform with private prod configuration..."
+          terraform apply -var-file=../private-config/prod_config.tfvars -auto-approve
+        else
+          echo "Applying Terraform with public dev configuration..."
+          terraform apply -var-file="${STAGE}_config.tfvars" -auto-approve
+        fi
 
     # Get Outputs: App IP, Verifier IP, S3 Bucket
     - name: Get Terraform Outputs
@@ -117,8 +128,7 @@ jobs:
       working-directory: ${{ env.TF_WORKING_DIR }}
       run: |
         terraform apply -var-file="${STAGE}_config.tfvars" \
-          -target=aws_instance.log_verifier -auto-approve \
-          -var "stage=${STAGE}"
+          -target=aws_instance.log_verifier -auto-approve
 
     # Get Verifier IP
     - name: Get Verifier IP
@@ -145,14 +155,12 @@ jobs:
       run: |
         echo "🔐 Validating logs in S3 from verifier EC2"
 
-        # Retry SSH if EC2 not yet ready
         for attempt in {1..5}; do
           ssh -o StrictHostKeyChecking=no ubuntu@${VERIFIER_IP} "echo '✅ SSH to verifier successful'" && break
           echo "⏳ Verifier not ready, retrying SSH (attempt $attempt)..."
           sleep 15
         done
 
-        # Validate logs in S3
         for log in system/cloud-init.log app/my-app.log; do
           ssh -o StrictHostKeyChecking=no ubuntu@${VERIFIER_IP} \
           "if aws s3 ls s3://${S3_BUCKET}/${STAGE}/$log > /dev/null 2>&1; then
@@ -161,22 +169,19 @@ jobs:
              echo '❌ Missing: $log'; exit 1;
            fi"
         done
-
         echo "🎉 All required logs are present in S3"
 
     # Print Logs from Verifier EC2
     - name: Print Logs from Verifier EC2
       run: |
         echo "📄 Fetching logs from /mylogs/${STAGE} on verifier EC2"
 
-        # Retry SSH if EC2 not yet ready
         for attempt in {1..5}; do
           ssh -o StrictHostKeyChecking=no ubuntu@${VERIFIER_IP} "echo '✅ SSH to verifier successful for log fetch'" && break
           echo "⏳ Verifier not ready for log fetch, retrying SSH (attempt $attempt)..."
           sleep 15
         done
 
-        # Print system log
         ssh -o StrictHostKeyChecking=no ubuntu@${VERIFIER_IP} \
         "if [ -f /mylogs/${STAGE}/system/cloud-init.log ]; then
           echo '📄 ====== system/cloud-init.log ======'
@@ -185,7 +190,6 @@ jobs:
           echo '❌ system/cloud-init.log not found'
         fi"
 
-        # Print app log
         ssh -o StrictHostKeyChecking=no ubuntu@${VERIFIER_IP} \
         "if [ -f /mylogs/${STAGE}/app/my-app.log ]; then
           echo '📄 ====== app/my-app.log ======'
@@ -196,28 +200,14 @@ jobs:
 
         echo "✅ Printed last 20 lines of logs from verifier EC2"
 
-    # # Verify Logs in S3 using AWS CLI
-    # - name: Verify Logs in S3
-    #   run: |
-    #     echo "📦 Checking for logs in S3 bucket: $S3_BUCKET"
-    #     aws s3 ls s3://$S3_BUCKET/${STAGE}/system/cloud-init.log || { echo "❌ system logs missing"; exit 1; }
-    #     aws s3 ls s3://$S3_BUCKET/${STAGE}/app/my-app.log || { echo "❌ app logs missing"; exit 1; }
-    #     echo "✅ Logs found in S3 bucket"
-
-
     # Destroy Infrastructure
     - name: Destroy Infrastructure
       if: always()
       working-directory: ${{ env.TF_WORKING_DIR }}
       run: |
         echo "🗑️ Destroying infrastructure for stage: ${STAGE}"
-        terraform destroy -var-file="${STAGE}_config.tfvars" -auto-approve \
-          -var "stage=${STAGE}"
-
-    # Cleanup Terraform Workspace
-    - name: Cleanup Terraform Workspace
-      if: always()
-      working-directory: ${{ env.TF_WORKING_DIR }}
-      run: |
-        terraform workspace select default
-        terraform workspace delete ${STAGE}
+        if [ "${STAGE}" == "prod" ]; then
+          terraform destroy -var-file=../private-config/prod_config.tfvars -auto-approve
+        else
+          terraform destroy -var-file="${STAGE}_config.tfvars" -auto-approve
+        fi
