Merge branch 'feature/kafka-notification' into develop #94
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # github repository actions 페이지에 나타날 이름 | |
| name: CI/CD using github actions & docker | |
| # event trigger | |
| # main이나 develop 브랜치에 push가 되었을 때 실행 | |
| on: | |
| push: | |
| branches: [ "main", "develop" ] | |
| permissions: | |
| contents: read | |
| jobs: | |
| CI-CD: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # JDK setting - github actions에서 사용할 JDK 설정 (프로젝트나 AWS의 java 버전과 달라도 무방) | |
| - uses: actions/checkout@v3 | |
| - name: JDK 17 설치 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'corretto' | |
| # gradle caching - 빌드 시간 향상 | |
| - name: Gradle Caching | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| # 환경별 yml 파일 생성(1) - application.yml | |
| - name: make application.yaml | |
| if: | | |
| contains(github.ref, 'main') || | |
| contains(github.ref, 'develop') | |
| run: | | |
| if [ ! -d "./src/main/resources" ]; then mkdir -p ./src/main/resources; fi # resources 폴더가 없으면 생성 | |
| if [ ! -d "./src/main/resources/firebase" ]; then mkdir -p ./src/main/resources/firebase; fi # firebase 폴더가 없으면 생성 | |
| cd ./src/main/resources | |
| echo "${{ secrets.PUSH_YAML }}" > ./application-push.yaml | |
| echo "${{ secrets.MAIL_YAML }}" > ./application-mail.yaml | |
| echo "${{ secrets.FIREBASE_JSON }}" | base64 -d > ./firebase/gazi-81f38-firebase-adminsdk-g89dw-44998f3667.json | |
| shell: bash | |
| # 환경별 yml 파일 생성(2) - dev | |
| - name: make application-dev.yaml | |
| if: contains(github.ref, 'develop') | |
| run: | | |
| cd ./src/main/resources | |
| touch ./application.yaml | |
| echo "${{ secrets.YAML_DEV }}" > ./application.yaml | |
| touch ./application-aws-dev.yaml | |
| echo "${{ secrets.AWS_YAML_DEV }}" > ./application-aws-dev.yaml | |
| touch ./application-oauth-dev.yaml | |
| echo "${{ secrets.OAUTH_YAML_DEV }}" > ./application-oauth-dev.yaml | |
| shell: bash | |
| # 환경별 yml 파일 생성(3) - prod | |
| - name: make application-prod.yml | |
| if: contains(github.ref, 'main') | |
| run: | | |
| cd ./src/main/resources | |
| touch ./application.yaml | |
| echo "${{ secrets.YAML_PROD }}" > ./application.yaml | |
| touch ./application-aws-prod.yaml | |
| echo "${{ secrets.AWS_YAML_PROD }}" > ./application-aws-prod.yaml | |
| touch ./application-oauth-prod.yaml | |
| echo "${{ secrets.OAUTH_YAML_PROD }}" > ./application-oauth-prod.yaml | |
| shell: bash | |
| # gradle build | |
| - name: Build with Gradle | |
| run: ./gradlew build -x test | |
| # docker build & push to production | |
| - name: Docker build & push to prod | |
| run: | | |
| echo ${{ secrets.DOCKER_PASSWORD }} | docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin | |
| docker build -t ${{ secrets.DOCKER_USERNAME }}/docker-test-dev . | |
| docker push ${{ secrets.DOCKER_USERNAME }}/docker-test-dev | |
| - name: Get Public IP | |
| id: ip | |
| uses: haythem/public-ip@v1.3 | |
| - name: Configure AWS credentials for Dev | |
| if: contains(github.ref, 'develop') | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: 'ap-northeast-2' | |
| - name: Configure AWS credentials for Prod | |
| if: contains(github.ref, 'main') | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.PROD_AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }} | |
| aws-region: 'ap-northeast-2' | |
| - name: Add GitHub Actions IP to Dev Security Group | |
| if: contains(github.ref, 'develop') | |
| run: | | |
| aws ec2 authorize-security-group-ingress \ | |
| --group-id ${{ secrets.SECURITY_GROUP_ID }} \ | |
| --protocol tcp \ | |
| --port 22 \ | |
| --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
| - name: Add GitHub Actions IP to Prod Security Group | |
| if: contains(github.ref, 'main') | |
| run: | | |
| aws ec2 authorize-security-group-ingress \ | |
| --group-id ${{ secrets.PROD_SECURITY_GROUP_ID }} \ | |
| --protocol tcp \ | |
| --port 22 \ | |
| --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
| ## deploy to production | |
| - name: Deploy to prod | |
| uses: appleboy/ssh-action@master | |
| id: deploy-prod | |
| if: contains(github.ref, 'main') | |
| with: | |
| host: ${{ secrets.HOST_PROD }} # EC2 퍼블릭 IPv4 DNS | |
| username: ubuntu | |
| key: ${{ secrets.PRIVATE_KEY }} | |
| envs: GITHUB_SHA | |
| script: | | |
| # 기존 컨테이너 중지 및 삭제 | |
| sudo docker stop gazi-server || true | |
| sudo docker rm gazi-server || true | |
| # 새로운 이미지 가져오기 | |
| sudo docker pull ${{ secrets.DOCKER_USERNAME }}/docker-test-dev | |
| # 새로운 컨테이너 실행 | |
| sudo docker run -d -p 8080:8080 --name gazi-server --network gazi-dev ${{ secrets.DOCKER_USERNAME }}/docker-test-dev | |
| # 사용하지 않는 이미지 정리 | |
| sudo docker image prune -f | |
| ## deploy to develop | |
| - name: Deploy to dev | |
| uses: appleboy/ssh-action@master | |
| id: deploy-dev | |
| if: contains(github.ref, 'develop') | |
| with: | |
| host: ${{ secrets.HOST_DEV }} # EC2 퍼블릭 IPv4 DNS | |
| username: ubuntu | |
| key: ${{ secrets.DEV_PRIVATE_KEY }} | |
| envs: GITHUB_SHA | |
| script: | | |
| # 기존 컨테이너 중지 및 삭제 | |
| sudo docker stop gazi-server || true | |
| sudo docker rm gazi-server || true | |
| # 새로운 이미지 가져오기 | |
| sudo docker pull ${{ secrets.DOCKER_USERNAME }}/docker-test-dev | |
| # 새로운 컨테이너 실행 | |
| sudo docker run -d -p 8080:8080 --name gazi-server --network gazi-dev ${{ secrets.DOCKER_USERNAME }}/docker-test-dev | |
| # 사용하지 않는 이미지 정리 | |
| sudo docker image prune -f |