[fix] security config 수정 #19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow uses actions that are not certified by GitHub. | |
| # They are provided by a third-party and are governed by | |
| # separate terms of service, privacy policy, and support | |
| # documentation. | |
| # This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time | |
| # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle | |
| name: Java CI with Gradle | |
| on: | |
| push: | |
| branches: [ "master" ] | |
| pull_request: | |
| branches: [ "master" ] | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' # https://github.com/actions/setup-java | |
| ## create env file | |
| - name: create env file | |
| run: | | |
| cd ./src/main/resources | |
| touch security.properties | |
| echo "${{ secrets.PROPERTIES }}" > security.properties | |
| ## create firebase key | |
| - name: create firebase key | |
| run: | | |
| cd ./src/main/resources | |
| touch kimgreen-f33e5-firebase-adminsdk-63srz-6817b2eec4.json | |
| echo "${{ secrets.FIREBASE_KEY }}" > kimgreen-f33e5-firebase-adminsdk-63srz-6817b2eec4.json | |
| # 에러발생 : 권한부여 | |
| - name: Run chomod to make gradlew executable | |
| run: chmod +x ./gradlew | |
| # Build | |
| - name: Build with Gradle | |
| uses: gradle/gradle-build-action@0d13054264b0bb894ded474f08ebb30921341cee | |
| with: | |
| arguments: clean build -x test | |
| # zip : 랜덤 파일명 위한 깃허브 기본환경변수 사용 | |
| - name: make zip file | |
| run: zip -qq -r ./$GITHUB_SHA.zip . | |
| shell: bash | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Upload to S3 | |
| run: aws s3 cp --region ${{ secrets.AWS_REGION }} ./$GITHUB_SHA.zip s3://${{ secrets.S3_BUCKET_NAME }}/$GITHUB_SHA.zip | |
| - name: Code Deploy | |
| run: aws deploy create-deployment --application-name ${{ secrets.AWS_APP_NAME }} --deployment-config-name CodeDeployDefault.AllAtOnce --deployment-group-name ${{ secrets.AWS_GROUP_NAME }} --s3-location bucket=${{ secrets.S3_BUCKET_NAME }},bundleType=zip,key=$GITHUB_SHA.zip |