setup-cicd.sh

setup-cicd.sh

Sets up GitHub Actions CI/CD for a new project by creating the prod environment, setting environment variables, and generating workflow files.

Location: Run locally (developer machine)

Prerequisites:

• GitHub CLI installed and authenticated
• Repository already created under phonlab-tcd organization

Installing GitHub CLI

macOS:

brew install gh

Ubuntu/Debian:

sudo mkdir -p -m 755 /etc/apt/keyrings
wget -qO- https://cli.github.com/packages/githubcli-archive-keyring.gpg | sudo tee /etc/apt/keyrings/githubcli-archive-keyring.gpg > /dev/null
sudo chmod go+r /etc/apt/keyrings/githubcli-archive-keyring.gpg
echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/githubcli-archive-keyring.gpg] https://cli.github.com/packages stable main" | sudo tee /etc/apt/sources.list.d/github-cli.list > /dev/null
sudo apt update
sudo apt install gh

Windows:

winget install GitHub.cli

After installation, authenticate:

gh auth login

Usage

Run from the root of your project directory:

./setup-cicd.sh <project_name>

Example:

./setup-cicd.sh my-app

This will:

1. Create a prod environment in the GitHub repository
2. Set all required environment variables and the DOCKER_PASSWORD secret
3. Generate .github/workflows/ci.yml and cd.yml

Remaining Manual Steps

After running the script:

1. Set the SSH_PRIVATE_KEY secret (get from Admin after they run the server-side setup):

   gh secret set SSH_PRIVATE_KEY --env prod -R phonlab-tcd/<project_name>

2. Commit and push the generated workflow files:

   git add .github/workflows && git commit -m "Add CI/CD workflows" && git push

#!/bin/bash
set -e

PROJECT_NAME="$1"

if [[ -z "$PROJECT_NAME" ]]; then
  echo "Usage: $0 <project_name>"
  exit 1
fi

REPO="phonlab-tcd/$PROJECT_NAME"

echo "Setting up CI/CD for $REPO..."

# Create prod environment
echo "Creating prod environment..."
gh api "repos/$REPO/environments/prod" -X PUT

# Set environment variables
echo "Setting environment variables..."
gh variable set PROJECT_NAME       --env prod --body "$PROJECT_NAME" -R "$REPO"
gh variable set DOCKER_REGISTRY    --env prod --body "registry.abair.ie:5000" -R "$REPO"
gh variable set DOCKER_USERNAME    --env prod --body "admin" -R "$REPO"
gh variable set HOST               --env prod --body "srv.abair.ie" -R "$REPO"
gh variable set USERNAME           --env prod --body "services" -R "$REPO"
gh variable set PORT               --env prod --body "22102" -R "$REPO"
gh variable set DEPLOY_SCRIPT_PATH --env prod --body "/home/services/$PROJECT_NAME/deploy-$PROJECT_NAME.sh" -R "$REPO"

# Set DOCKER_PASSWORD secret
echo "Setting DOCKER_PASSWORD secret..."
gh secret set DOCKER_PASSWORD --env prod --body "KiVGdGsRnMNcrmgt822w" -R "$REPO"

# Create workflows directory
mkdir -p .github/workflows

# Generate ci.yml
echo "Generating .github/workflows/ci.yml..."
cat > .github/workflows/ci.yml << 'EOF'
name: Node.js CI

on:
  pull_request:
    branches: [main]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Use Node.js LTS
        uses: actions/setup-node@v3
        with:
          node-version: 18.16.0
      - run: npm i
EOF

# Generate cd.yml
echo "Generating .github/workflows/cd.yml..."
cat > .github/workflows/cd.yml << 'EOF'
name: Publish Docker image

on:
  push:
    branches:
      - main

jobs:
  push_to_registry:
    name: Push Docker image to Docker Registry
    runs-on: ubuntu-latest
    environment: prod
    steps:
      - name: Check out the repo
        uses: actions/checkout@v2

      - name: Log in to Docker Hub
        uses: docker/login-action@f054a8b539a109f9f41c372932f1ae047eff08c9
        with:
          registry: ${{ vars.DOCKER_REGISTRY }}
          username: ${{ vars.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: docker/metadata-action@v4
        with:
          images: registry.abair.ie:5000/${{ vars.PROJECT_NAME }}

      - name: Build and push Docker image
        uses: docker/build-push-action@v3
        with:
          context: .
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          labels: ${{ steps.meta.outputs.labels }}

  update_ssh:
    name: Update running software
    needs: push_to_registry
    runs-on: ubuntu-latest
    environment: prod
    steps:
      - name: Deploy via SSH
        uses: appleboy/ssh-action@master
        with:
          host: ${{ vars.HOST }}
          username: ${{ vars.USERNAME }}
          key: ${{ secrets.SSH_PRIVATE_KEY }}
          port: ${{ vars.PORT }}
          script: bash ${{ vars.DEPLOY_SCRIPT_PATH }}
EOF

echo ""
echo "Done!"
echo "  - Created prod environment for $REPO"
echo "  - Set environment variables"
echo "  - Set DOCKER_PASSWORD secret"
echo "  - Generated .github/workflows/ci.yml"
echo "  - Generated .github/workflows/cd.yml"
echo ""
echo "Remaining manual steps:"
echo "  1. Set SSH_PRIVATE_KEY secret:"
echo "     gh secret set SSH_PRIVATE_KEY --env prod -R $REPO"
echo "  2. Commit and push the workflow files:"
echo "     git add .github/workflows && git commit -m 'Add CI/CD workflows' && git push"