-
Notifications
You must be signed in to change notification settings - Fork 2
132 lines (110 loc) · 4.69 KB
/
prod-cd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: Deploy to PROD
on:
workflow_dispatch:
push:
branches: [ "prod" ]
jobs:
ip-setup:
runs-on: ubuntu-latest
steps:
- name: Github Actions 호스트 IP 가져오기
id: ip
uses: haythem/public-ip@bdddd92c198b0955f0b494a8ebeac529754262ff
- name: IP 설정
run: |
echo "AWS_DEFAULT_REGION=${{ secrets.AWS_DEFAULT_REGION }}" >> $GITHUB_ENV
echo "AWS_SECURITY_GROUP_NAME=${{ secrets.AWS_SECURITY_GROUP_NAME }}" >> $GITHUB_ENV
- name: AWS 로그인
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
- name: IP 허용
run: |
aws ec2 authorize-security-group-ingress --group-name ${{ secrets.AWS_SECURITY_GROUP_NAME }} --protocol tcp --port ${{ secrets.PROD_EC2_PORT }} --cidr ${{ steps.ip.outputs.ipv4 }}/32
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
- name: IP를 파일로 저장
run: echo "${{ steps.ip.outputs.ipv4 }}" > ip_address.txt
- name: IP 주소를 아티팩트로 업로드
uses: actions/upload-artifact@v3
with:
name: ip-address
path: ip_address.txt
deploy:
needs: [ ip-setup ]
runs-on: ubuntu-latest
steps:
- name: 아티팩트에서 IP 주소 읽어 저장하기
uses: actions/download-artifact@v3
with:
name: ip-address
path: .
- name: IP 주소 읽기
run: |
IP_ADDRESS=$(cat ip_address.txt)
echo "IP_ADDRESS=${IP_ADDRESS}" >> $GITHUB_ENV
- name: 저장소 Checkout
uses: actions/checkout@v4
- name: 자바 17 셋업
uses: actions/setup-java@v4
with:
java-version: '17'
cache: 'gradle'
distribution: 'corretto'
- name: 설정 파일 추가
run: |
cd ./src/main/resources/
cat <<EOF > application-prod.yml
${{ secrets.APPLICATION_PROD_YML }}
EOF
cat <<EOF > application-oauth.yml
${{ secrets.APPLICATION_OAUTH_YML }}
EOF
cat <<EOF > application-storage.yml
${{ secrets.APPLICATION_STORAGE_YML }}
EOF
- name: 애플리케이션 빌드
run: |
cd /home/runner/work/ListyWave-back/ListyWave-back/
./gradlew bootJar
- name: Gradle 캐시
uses: actions/cache@v4
with:
path: ~/.gradle/caches
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
restore-keys: |
${{ runner.os }}-gradle-
- name: 도커 이미지 빌드
run: docker build -t ${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }} ./
- name: 도커 허브에 로그인
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: 도커 허브에 Push
run: docker push ${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }}
- name: 인스턴스 접속 및 배포 스크립트 실행
uses: appleboy/[email protected]
with:
host: ${{ secrets.PROD_EC2_HOST }}
username: ${{ secrets.PROD_EC2_USERNAME }}
key: ${{ secrets.PROD_EC2_PRIVATE_KEY }}
port: ${{ secrets.PROD_EC2_PORT }}
script: |
docker stop "${{ secrets.PROD_CONTAINER_NAME }}"
docker rm -f "${{ secrets.PROD_CONTAINER_NAME }}"
docker rmi "${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }}"
docker pull "${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }}"
docker run -d -p 8080:8080 --name "${{ secrets.PROD_CONTAINER_NAME }}" "${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }}"
- name: IP 제거
if: ${{ always() }}
run: |
aws ec2 revoke-security-group-ingress --group-name ${{ secrets.AWS_SECURITY_GROUP_NAME }} --protocol tcp --port ${{ secrets.PROD_EC2_PORT }} --cidr ${{ env.IP_ADDRESS }}/32
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}