Merge pull request #20 from Findy-org/feat/새로운-Custom-bookmark #41
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: FINDY CI-CD Workflow | |
on: | |
push: | |
branches: [ "main", "develop" ] | |
permissions: | |
contents: read | |
jobs: | |
integration: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
# Java JDK 설정 | |
- name: Setup Java JDK | |
uses: actions/setup-java@v3 | |
with: | |
java-version: 17 | |
distribution: 'temurin' | |
# 환경별 yml 파일 생성 | |
- name: make application.yml | |
if: contains(github.ref, 'develop') | |
run: | | |
cd ./src/main/resources | |
touch ./application.yml | |
echo "${{ secrets.YML }}" > ./application.yml | |
# 환경별 yml 파일 생성 - oauth | |
- name: make application-oauth.yml | |
if: contains(github.ref, 'develop') | |
run: | | |
cd ./src/main/resources | |
touch ./application-oauth.yml | |
echo "${{ secrets.YML_OAUTH }}" > ./application-oauth.yml | |
# 환경별 yml 파일 생성 - dev | |
- name: make application-dev.yml | |
if: contains(github.ref, 'develop') | |
run: | | |
cd ./src/main/resources | |
touch ./application-dev.yml | |
echo "${{ secrets.YML_DEV }}" > ./application-dev.yml | |
# Gradle 패키지 캐시 | |
- name: Cache Gradle packages | |
uses: actions/cache@v3 | |
with: | |
path: ~/.gradle/caches | |
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
# gradlew 실행 권한 부여 | |
- name: Grant execute permission for gradlew | |
run: chmod +x gradlew | |
# Spring Boot 애플리케이션 빌드 | |
- name: Build with Gradle | |
uses: gradle/gradle-build-action@v3 | |
with: | |
arguments: clean bootJar | |
# Docker Hub에 로그인 | |
- name: Log in to Docker Hub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
# Metadata action | |
- name: Metadata action | |
id: meta | |
uses: docker/metadata-action@v4 | |
with: | |
images: ${{ secrets.DOCKER_REPO }} | |
# Docker image Build & push | |
- name: Build and push Docker image | |
if: contains(github.ref, 'develop') | |
id: docker_build | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
file: ./docker/Dockerfile | |
push: true | |
tags: ${{ steps.meta.outputs.tags }}-${{ github.run_number }} | |
labels: ${{ steps.meta.outputs.labels }} | |
deploy: | |
runs-on: ubuntu-latest | |
needs: integration | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v3 | |
- name: Get GitHub Actions IP Address | |
id: get_ip | |
run: echo "ip=$(curl -s ifconfig.me)" >> $GITHUB_ENV | |
- name: Set environment variables for Docker Compose | |
run: | | |
echo "DOCKER_REPO=${{ secrets.DOCKER_REPO }}" >> $GITHUB_ENV | |
echo "GITHUB_RUN_NUMBER=${{ github.run_number }}" >> $GITHUB_ENV | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: 'ap-northeast-2' | |
- name: Add GitHub Actions IP to Security Group | |
env: | |
IP: ${{ env.ip }} | |
run: | | |
aws ec2 authorize-security-group-ingress \ | |
--group-id ${{ secrets.EC2_SECURITY_GROUP_ID }} \ | |
--protocol tcp --port 22 --cidr ${IP}/32 | |
- name: Copy docker-compose.yml | |
uses: appleboy/scp-action@master | |
with: | |
host: ${{ secrets.PUBLIC_DNS }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.PEM_KEY }} | |
source: "docker/docker-compose.yml" | |
target: "/home/${{ secrets.USERNAME }}/docker/" | |
overwrite: true | |
debug: true | |
- name: Copy NGINX Configuration | |
uses: appleboy/scp-action@master | |
with: | |
host: ${{ secrets.PUBLIC_DNS }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.PEM_KEY }} | |
source: "nginx/conf.d/nginx.conf" | |
target: "/home/${{ secrets.USERNAME }}/nginx/conf.d/" | |
overwrite: true | |
debug: true | |
- name: Deploy to EC2 dev | |
uses: appleboy/ssh-action@master | |
if: contains(github.ref, 'develop') | |
with: | |
host: ${{ secrets.PUBLIC_DNS }} | |
username: ${{ secrets.USERNAME }} | |
key: ${{ secrets.PEM_KEY }} | |
script: | | |
cd /home/${{ secrets.USERNAME }} | |
export DOCKER_REPO=${{ secrets.DOCKER_REPO }} | |
export GITHUB_RUN_NUMBER=${{ github.run_number }} | |
echo "DOCKER_REPO=${DOCKER_REPO}" | |
echo "GITHUB_RUN_NUMBER=${GITHUB_RUN_NUMBER}" | |
envsubst < <(echo "${{ secrets.DOCKER_COMPOSE_DEV }}") > docker-compose.yml | |
echo ${{ secrets.DOCKER_PASSWORD }} | sudo docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin | |
if [ "$(sudo docker ps -q)" ]; then sudo docker stop $(sudo docker ps -q); fi | |
if [ "$(sudo docker ps -a -q)" ]; then sudo docker rm $(sudo docker ps -a -q); fi | |
sudo docker pull ${{ secrets.DOCKER_REPO }}:develop-${{ github.run_number }} | |
sudo docker-compose -f docker-compose.yml up -d | |
sudo docker image prune -f | |
debug: true | |
- name: Remove GitHub Actions IP | |
run: | | |
aws ec2 revoke-security-group-ingress \ | |
--group-id ${{ secrets.EC2_SECURITY_GROUP_ID }} \ | |
--protocol tcp --port 22 --cidr "${{ env.ip }}/32" |