prod: test19 (#prod) #19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy to PROD | |
on: | |
workflow_dispatch: | |
push: | |
branches: [ "prod" ] | |
jobs: | |
ip-setup: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Github Actions 호스트 IP 가져오기 | |
id: ip | |
uses: haythem/public-ip@bdddd92c198b0955f0b494a8ebeac529754262ff | |
- name: IP 설정 | |
run: | | |
echo "AWS_DEFAULT_REGION=${{ secrets.AWS_DEFAULT_REGION }}" >> $GITHUB_ENV | |
echo "AWS_SECURITY_GROUP_NAME=${{ secrets.AWS_SECURITY_GROUP_NAME }}" >> $GITHUB_ENV | |
- name: AWS 로그인 | |
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
- name: IP 허용 | |
run: | | |
aws ec2 authorize-security-group-ingress --group-name ${{ secrets.AWS_SECURITY_GROUP_NAME }} --protocol tcp --port ${{ secrets.PROD_EC2_PORT }} --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
deploy: | |
needs: [ ip-setup ] | |
runs-on: ubuntu-latest | |
steps: | |
- name: 저장소 Checkout | |
uses: actions/checkout@v4 | |
- name: 자바 17 셋업 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '17' | |
cache: 'gradle' | |
distribution: 'corretto' | |
- name: 설정 파일 추가 | |
run: | | |
cd ./src/main/resources/ | |
cat <<EOF > application-prod.yml | |
${{ secrets.APPLICATION_PROD_YML }} | |
EOF | |
cat <<EOF > application-oauth.yml | |
${{ secrets.APPLICATION_OAUTH_YML }} | |
EOF | |
cat <<EOF > application-storage.yml | |
${{ secrets.APPLICATION_STORAGE_YML }} | |
EOF | |
- name: Gradle 캐시 | |
uses: actions/cache@v4 | |
with: | |
path: ~/.gradle/caches | |
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} | |
restore-keys: | | |
${{ runner.os }}-gradle- | |
- name: 애플리케이션 빌드 | |
run: | | |
cd /home/runner/work/ListyWave-back/ListyWave-back/ | |
./gradlew bootJar | |
- name: 도커 이미지 빌드 | |
run: docker build -t ${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }} ./ | |
- name: 도커 허브에 로그인 | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
- name: 도커 허브에 Push | |
run: docker push ${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }} | |
- name: 인스턴스 접속 및 배포 스크립트 실행 | |
uses: appleboy/ssh-action@v1.0.3 | |
with: | |
host: ${{ secrets.PROD_EC2_HOST }} | |
username: ${{ secrets.PROD_EC2_USERNAME }} | |
password: ${{ secrets.PROD_EC2_PASSWORD }} | |
port: ${{ secrets.PROD_EC2_PORT }} | |
script: | | |
docker stop "${{ secrets.PROD_CONTAINER_NAME }}" | |
docker rm -f "${{ secrets.PROD_CONTAINER_NAME }}" | |
docker rmi "${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }}" | |
docker pull "${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }}" | |
docker run -d -p 8080:8080 --name "${{ secrets.PROD_CONTAINER_NAME }}" "${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }}" | |
Post-ip-setup: | |
runs-on: ubuntu-latest | |
steps: | |
- name: IP 제거 | |
run: | | |
aws ec2 revoke-security-group-ingress --group-name ${{ secrets.AWS_SECURITY_GROUP_NAME }} --protocol tcp --port ${{ secrets.PROD_EC2_PORT }} --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} |