[TSK-59] 리프레시 토큰 쿠키 구현, 로그아웃 구현 #385
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Workflow 이름 | |
| name: Spring Boot CI/CD with Docker and EC2 | |
| # 어떤 이벤트가 발생하면 workflow 실행할 지 명시 | |
| on: | |
| # main 브랜치와 dev 브랜치에 push나 pull request 발생 시 | |
| push: | |
| branches: [ "main", "dev" ] | |
| pull_request: | |
| branches: [ "main", "dev" ] | |
| # 위 이벤트 발생 시 실행될 작업들 | |
| jobs: | |
| build: | |
| # VM의 실행 환경 지정 => 우분투 최신 버전 | |
| runs-on: ubuntu-latest | |
| # 실행될 jobs를 순서대로 명시 | |
| steps: | |
| # 리포지토리 체크아웃 | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| # JDK 17 설치 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| # Gradle Build를 위한 권한 부여 | |
| - name: Grant execute permission for gradlew | |
| run: chmod +x gradlew | |
| # # Gradle로 빌드 실행 | |
| # - name: Build with Gradle | |
| # run: ./gradlew clean build | |
| # Gradle Build (test 제외) | |
| - name: Build with Gradle without test | |
| run: ./gradlew clean build --exclude-task test | |
| # Docker Buildx 설정 | |
| - name: Docker Setup Buildx | |
| uses: docker/[email protected] | |
| # DockerHub 로그인 | |
| - name: Log in to DockerHub | |
| uses: docker/[email protected] | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| # 이미지 이름을 날짜와 함께 설정 | |
| - name: Set image name with date | |
| run: echo "IMAGE_NAME=${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.PROJECT_NAME }}:$(date +%Y%m%d%H%M%S)" >> $GITHUB_ENV | |
| # Docker 이미지 빌드 및 푸시 | |
| - name: Build and push Docker image | |
| run: | | |
| docker build . --no-cache --file Dockerfile -t ${{ env.IMAGE_NAME }} | |
| docker push ${{ env.IMAGE_NAME }} | |
| # docker build . --file Dockerfile -t ${{ env.IMAGE_NAME }} | |
| # 이미지 이름을 파일에 저장 | |
| - name: Save image name to file | |
| run: echo ${{ env.IMAGE_NAME }} > image-name.txt | |
| # 이미지 이름 아티팩트 업로드 | |
| - name: Upload image name artifact | |
| uses: actions/[email protected] | |
| with: | |
| name: image-name | |
| path: image-name.txt | |
| deploy: | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| # 리포지토리 체크아웃 | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| # 이미지 이름 아티팩트 다운로드 | |
| - name: Download image name artifact | |
| uses: actions/[email protected] | |
| with: | |
| name: image-name | |
| # 파일에서 이미지 이름 읽기 | |
| - name: Read image name from file | |
| id: read-image-name | |
| run: echo "IMAGE_NAME=$(cat image-name.txt)" >> $GITHUB_ENV | |
| # 프로젝트 이름을 환경 변수로 설정 | |
| - name: Set project name | |
| run: echo "PROJECT_NAME=${{ secrets.PROJECT_NAME }}" >> $GITHUB_ENV | |
| # EC2에 SSH로 접속하여 배포 | |
| - name: SSH into EC2 and deploy | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ${{ secrets.EC2_USER }} | |
| key: ${{ secrets.EC2_SSH_KEY }} | |
| script: | | |
| set -x | |
| sudo docker login -u ${{ secrets.DOCKERHUB_USERNAME }} -p ${{ secrets.DOCKERHUB_PASSWORD }} | |
| sudo docker pull ${{ env.IMAGE_NAME }} | |
| EXISTING_CONTAINER=$(sudo docker ps -a -q --filter name=${{ env.PROJECT_NAME }}) | |
| if [ -n "$EXISTING_CONTAINER" ]; then | |
| sudo docker stop $EXISTING_CONTAINER | |
| sudo docker rm $EXISTING_CONTAINER | |
| fi | |
| sudo docker run -d --name ${{ env.PROJECT_NAME }} -p 8080:8080 \ | |
| --log-driver=awslogs \ | |
| --log-opt awslogs-region=${{ secrets.AWS_REGION }} \ | |
| --log-opt awslogs-group=${{ secrets.LOG_GROUP_NAME }} \ | |
| --log-opt awslogs-stream=${{ secrets.LOG_STREAM_NAME }} \ | |
| -e SPRING_DATASOURCE_URL="${{ secrets.DB_URL }}" \ | |
| -e SPRING_DATASOURCE_USERNAME="${{ secrets.DB_USERNAME }}" \ | |
| -e SPRING_DATASOURCE_PASSWORD="${{ secrets.DB_PASSWORD }}" \ | |
| -e SECURITY_JWT_TOKEN_SECRET_KEY="${{ secrets.JWT_SECRET_KEY }}" \ | |
| -e S3_ACCESS_KEY_ID="${{ secrets.S3_ACCESS_KEY_ID }}" \ | |
| -e S3_SECRET_ACCESS_KEY="${{ secrets.S3_SECRET_ACCESS_KEY }}" \ | |
| -e S3_BUCKET_NAME="${{ secrets.S3_BUCKET_NAME }}" \ | |
| -e S3_REGION="${{ secrets.S3_REGION }}" \ | |
| -e OPENAI_API_KEY="${{ secrets.OPENAI_API_KEY }}" \ | |
| -e FFMPEG_PATH="${{ secrets.FFMPEG_PATH }}" \ | |
| -e FFPROBE_PATH="${{ secrets.FFPROBE_PATH }}" \ | |
| ${{ env.IMAGE_NAME }} | |
| sudo docker ps -a | |
| sudo docker system prune -f | |
| set +x |