prod: test35 (#prod) #35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to PROD | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [ "prod" ] | |
| jobs: | |
| ip-setup: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Github Actions 호스트 IP 가져오기 | |
| id: ip | |
| uses: haythem/public-ip@bdddd92c198b0955f0b494a8ebeac529754262ff | |
| - name: AWS 로그인 | |
| uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
| - name: IP 허용 | |
| run: | | |
| aws ec2 authorize-security-group-ingress --group-name ${{ secrets.AWS_SECURITY_GROUP_ID }} --protocol "tcp" --port "${{ secrets.PROD_EC2_PORT }}" --cidr "${{ steps.ip.outputs.ipv4 }}/32" | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
| - name: IP를 파일로 저장 | |
| run: echo "${{ steps.ip.outputs.ipv4 }}" > ip_address.txt | |
| - name: IP 주소를 아티팩트로 업로드 | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: ip-address | |
| path: ip_address.txt | |
| deploy: | |
| needs: [ ip-setup ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 아티팩트에서 IP 주소 읽어 저장하기 | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: ip-address | |
| path: . | |
| - name: IP 주소 읽기 | |
| run: | | |
| IP_ADDRESS=$(cat ip_address.txt) | |
| echo "IP_ADDRESS=${IP_ADDRESS}" >> $GITHUB_ENV | |
| - name: 저장소 Checkout | |
| uses: actions/checkout@v4 | |
| - name: 자바 17 셋업 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| cache: 'gradle' | |
| distribution: 'corretto' | |
| - name: 설정 파일 추가 | |
| run: | | |
| cd ./src/main/resources/ | |
| cat <<EOF > application-prod.yml | |
| ${{ secrets.APPLICATION_PROD_YML }} | |
| EOF | |
| cat <<EOF > application-oauth.yml | |
| ${{ secrets.APPLICATION_OAUTH_YML }} | |
| EOF | |
| cat <<EOF > application-storage.yml | |
| ${{ secrets.APPLICATION_STORAGE_YML }} | |
| EOF | |
| - name: 애플리케이션 빌드 | |
| run: | | |
| cd /home/runner/work/ListyWave-back/ListyWave-back/ | |
| ./gradlew bootJar | |
| - name: 도커 이미지 빌드 | |
| run: docker build -t ${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }} ./ | |
| - name: 도커 허브에 로그인 | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
| - name: 도커 허브에 Push | |
| run: docker push ${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }} | |
| - name: 인스턴스 접속 및 배포 스크립트 실행 | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ secrets.PROD_EC2_HOST }} | |
| username: ${{ secrets.PROD_EC2_USERNAME }} | |
| key: ${{ secrets.PROD_EC2_PRIVATE_KEY }} | |
| script_stop: true | |
| script: | | |
| docker rm -f "${{ secrets.PROD_CONTAINER_NAME }}" | |
| docker rmi "${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }}" | |
| docker pull "${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }}" | |
| docker run -d -p 8080:8080 --name "${{ secrets.PROD_CONTAINER_NAME }}" "${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }}" | |
| - name: IP 제거 | |
| if: ${{ always() }} | |
| run: | | |
| aws ec2 revoke-security-group-ingress --group-name "${{ secrets.AWS_SECURITY_GROUP_ID }}" --protocol "tcp" --port "${{ secrets.PROD_EC2_PORT }}" --cidr "${{ env.IP_ADDRESS }}/32" | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} |