-
Notifications
You must be signed in to change notification settings - Fork 0
129 lines (112 loc) · 4.27 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
name: deploy
on:
push:
branches: [ "dev" ]
pull_request:
branches: [ "dev" ]
jobs:
develop-cd:
# 실행 환경
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v3
# JDK 17
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'temurin'
# gradle caching
- name: Gradle Caching
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-
# application-dev.yml
- name: Copy dev secret
env:
DEV_SECRET: ${{ secrets.APPLICATION_DEV_YML }}
DEV_SECRET_DIR: src/main/resources
DEV_SECRET_DIR_FILE_NAME: application-dev.yml
run: echo $DEV_SECRET | base64 --decode >> $DEV_SECRET_DIR/$DEV_SECRET_DIR_FILE_NAME
# application-jwt.yml
- name: Copy jwt secret
env:
DEV_SECRET: ${{ secrets.APPLICATION_JWT_YML }}
DEV_SECRET_DIR: src/main/resources
DEV_SECRET_DIR_FILE_NAME: application-jwt.yml
run: echo $DEV_SECRET | base64 --decode >> $DEV_SECRET_DIR/$DEV_SECRET_DIR_FILE_NAME
# application-mail.yml
- name: Copy mail secret
env:
DEV_SECRET: ${{ secrets.APPLICATION_MAIL_YML }}
DEV_SECRET_DIR: src/main/resources
DEV_SECRET_DIR_FILE_NAME: application-mail.yml
run: echo $DEV_SECRET | base64 --decode >> $DEV_SECRET_DIR/$DEV_SECRET_DIR_FILE_NAME
# application-s3.yml
- name: Copy s3 secret
env:
DEV_SECRET: ${{ secrets.APPLICATION_S3_YML }}
DEV_SECRET_DIR: src/main/resources
DEV_SECRET_DIR_FILE_NAME: application-s3.yml
run: echo $DEV_SECRET | base64 --decode >> $DEV_SECRET_DIR/$DEV_SECRET_DIR_FILE_NAME
# ./gradlew 권한 설정
- name: ./gradlew 권한 설정
run: chmod +x ./gradlew
# Gradle build (Test 제외)
- name: Build with Gradle
run: ./gradlew build -x test
# docker build & push to production
- name: Docker build & push to DockerHub
run: |
docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
docker build -t ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_REPO }}:latest .
docker push ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_REPO }}:latest
# GET GitHub IP
- name: get GitHub IP
id: ip
uses: haythem/public-ip@v1.2
# AWS 세팅
- name: aws 세팅
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
aws-region: ap-northeast-2
# ADD Github IP to AWS
- name: Add GitHub IP to AWS
run: |
aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
# docker-compose.yml 파일 EC2로 복사
- name: Copy docker-compose.yml to EC2 via SCP
uses: appleboy/scp-action@master
with:
host: ${{ secrets.EC2_HOST }}
username: ${{ secrets.EC2_USERNAME }}
key: ${{ secrets.KEY }}
port: 22
source: "./docker-compose.yml"
target: "./jedero"
# 서버에 접속하여 도커 이미지를 pull 받고 실행하기
- name: executing remote ssh commands using password
uses: appleboy/ssh-action@v0.1.6
with:
host: ${{ secrets.EC2_HOST }}
username: ${{ secrets.EC2_USERNAME }}
key: ${{ secrets.KEY }}
port: 22
script: |
cd jedero
sudo docker-compose down
sudo docker-compose pull
sudo docker-compose up -d
sudo docker image prune -f
# REMOVE Github IP FROM Security Group
- name: Remove IP FROM Security Group
run: |
aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32