prod: test26 (#prod) #26
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to PROD | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [ "prod" ] | |
| jobs: | |
| ip-setup: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Github Actions 호스트 IP 가져오기 | |
| id: ip | |
| uses: haythem/public-ip@bdddd92c198b0955f0b494a8ebeac529754262ff | |
| - name: IP 설정 | |
| run: | | |
| echo "AWS_DEFAULT_REGION=${{ secrets.AWS_DEFAULT_REGION }}" >> $GITHUB_ENV | |
| echo "AWS_SECURITY_GROUP_NAME=${{ secrets.AWS_SECURITY_GROUP_NAME }}" >> $GITHUB_ENV | |
| - name: AWS 로그인 | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
| - name: IP 허용 | |
| run: | | |
| aws ec2 authorize-security-group-ingress --group-name ${{ secrets.AWS_SECURITY_GROUP_NAME }} --protocol tcp --port ${{ secrets.PROD_EC2_PORT }} --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
| - name: IP를 파일로 저장 | |
| run: echo "${{ steps.ip.outputs.ipv4 }}" > ip_address.txt | |
| - name: IP 주소를 아티팩트로 업로드 | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: ip-address | |
| path: ip_address.txt | |
| deploy: | |
| needs: [ ip-setup ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 아티팩트에서 IP 주소 읽어 저장하기 | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: ip-address | |
| path: . | |
| - name: IP 주소 읽기 | |
| run: | | |
| IP_ADDRESS=$(cat ip_address.txt) | |
| echo "IP_ADDRESS=${IP_ADDRESS}" >> $GITHUB_ENV | |
| - name: 저장소 Checkout | |
| uses: actions/checkout@v4 | |
| - name: 자바 17 셋업 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| cache: 'gradle' | |
| distribution: 'corretto' | |
| - name: 설정 파일 추가 | |
| run: | | |
| cd ./src/main/resources/ | |
| cat <<EOF > application-prod.yml | |
| ${{ secrets.APPLICATION_PROD_YML }} | |
| EOF | |
| cat <<EOF > application-oauth.yml | |
| ${{ secrets.APPLICATION_OAUTH_YML }} | |
| EOF | |
| cat <<EOF > application-storage.yml | |
| ${{ secrets.APPLICATION_STORAGE_YML }} | |
| EOF | |
| - name: 애플리케이션 빌드 | |
| run: | | |
| cd /home/runner/work/ListyWave-back/ListyWave-back/ | |
| ./gradlew bootJar | |
| - name: Gradle 캐시 | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.gradle/caches | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| - name: 도커 이미지 빌드 | |
| run: docker build -t ${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }} ./ | |
| - name: 도커 허브에 로그인 | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
| - name: 도커 허브에 Push | |
| run: docker push ${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }} | |
| - name: 인스턴스 접속 및 배포 스크립트 실행 | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ secrets.PROD_EC2_HOST }} | |
| username: ${{ secrets.PROD_EC2_USERNAME }} | |
| key: ${{ secrets.PROD_EC2_PRIVATE_KEY }} | |
| port: ${{ secrets.PROD_EC2_PORT }} | |
| script: | | |
| docker stop "${{ secrets.PROD_CONTAINER_NAME }}" | |
| docker rm -f "${{ secrets.PROD_CONTAINER_NAME }}" | |
| docker rmi "${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }}" | |
| docker pull "${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }}" | |
| docker run -d -p 8080:8080 --name "${{ secrets.PROD_CONTAINER_NAME }}" "${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }}" | |
| - name: IP 제거 | |
| if: ${{ always() }} | |
| run: | | |
| aws ec2 revoke-security-group-ingress --group-name ${{ secrets.AWS_SECURITY_GROUP_NAME }} --protocol tcp --port ${{ secrets.PROD_EC2_PORT }} --cidr ${{ env.IP_ADDRESS }}/32 | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} |