.github/workflows/notification-application-ci-cd-flow.yml

name: notification-ci/cd

on:
  push:
    branches:
      - develop_back_notification
      - 'hotfix/[0-9a-zA-z]+-B-notification-#[0-9a-zA-z]+'
  pull_request:
    branches:
      - develop_back_notification

jobs:
  build_and_test:
    name: build and test
    if: ${{github.event_name == 'pull_request' }}
    runs-on: ubuntu-latest

    defaults:
      run:
        working-directory: ./backend/core

    steps:
      - name: set up JDK 17
        uses: actions/setup-java@v3
        with:
          java-version: '17'
          distribution: 'liberica'

      - name: Checkout
        uses: actions/checkout@v4
        with:
          submodules: true
          token: ${{ secrets.CI_PAT }}

      - name: formatting
        uses: axel-op/googlejavaformat-action@v3
        with:
          args: "--replace"
          skip-commit: true

      - name: grant execute permission for gradlew
        run: chmod +x ./gradlew

      - name: test
        run: ./gradlew clean test

  deploy-notification:
    name: notification application deploy
    if: ${{ github.event_name == 'push' }}
    runs-on: ubuntu-latest

    defaults:
      run:
        working-directory: ./backend/notification

    permissions:
      id-token: write
      contents: read

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          submodules: true
          token: ${{ secrets.CI_PAT }}

      - name: set up JDK 17
        uses: actions/setup-java@v3
        with:
          java-version: '17'
          distribution: 'liberica'
          cache: gradle

      - name: grant execute permission for gradlew
        run: chmod +x ./gradlew

      - name: build gradle
        run: ./gradlew clean build

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
          aws-region: ${{ secrets.AWS_REGION }}

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Set up QEMU
        uses: docker/setup-qemu-action@v3

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v2

      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: |
            ${{ steps.login-ecr.outputs.registry }}/${{ secrets.AWS_ECR_NOTIFICATION_REPOSITORY_NAME }}
          tags: |
            type=raw,value=latest

      - name: Build and push
        uses: docker/build-push-action@v5
        with:
          context: ./backend/notification
          platforms: linux/arm64
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          provenance: false

      - name: Get Github action IP
        id: ip
        uses: haythem/public-ip@v1.3

      - name: Add Github Actions IP to Security group
        run: |
          aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_EC2_CORE_SG_ID }} --group-name ${{secrets.AWS_EC2_CORE_SG_NAME}} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32

      - name: Connect ec2 and Run Docker Container
        uses: appleboy/ssh-action@v0.1.6
        env:
          AWS_ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
        with:
          host: ${{ secrets.SSH_CORE_HOST }}
          username: ${{ secrets.SSH_USERNAME }}
          key: ${{ secrets.SSH_CORE_PRIVATE_KEY }}
          port: ${{ secrets.SSH_PORT }}
          script: |
            docker ps -q --filter "name=notification" | xargs -r docker stop
            docker ps -aq --filter "name=notification" | xargs -r docker rm
            aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | docker login --username ${{ secrets.AWS_DOCKER_USER }} --password-stdin ${{ secrets.AWS_USER_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
            docker image prune -f
            docker pull ${{ steps.meta.outputs.tags }}
            docker run -d -p 8081:8081 -e ENVIRONMENT=dev --name notification --network test_backend ${{ steps.meta.outputs.tags }}

      - name: Remove Github Actions IP from security group
        if: always()
        run: |
          aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_EC2_CORE_SG_ID }} --group-name ${{secrets.AWS_EC2_CORE_SG_NAME}} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32

      - uses: sarisia/actions-status-discord@v1
        if: success()
        with:
          webhook: ${{ secrets.DISCORD_WEBHOOK }}
          status: ${{ job.status }}
          content: "여러분 <@384742716933668867> <@1084774841460215839> <@545902166842408960> <@1081452554149449748>\n 배포 완료했습니다!!"
          title: "알림 서버 배포 완료 알림"
          description: "백엔드 알림 개발 브랜치에 깃허브 액션으로 배포 완료"
          image: ${{ secrets.EMBED_IMAGE }}
          color: 0x0000ff
          url: "https://github.com/tukcomCD2024/DroidBlossom/actions"
          username: GitHub Actions Bot
          avatar_url: ${{ secrets.AVATAR_URL }}