diff --git a/.github/workflows/prod-cd.yml b/.github/workflows/prod-cd.yml index e92e1727..45a7258a 100644 --- a/.github/workflows/prod-cd.yml +++ b/.github/workflows/prod-cd.yml @@ -6,7 +6,35 @@ on: branches: [ "prod" ] jobs: + ip-setup: + runs-on: ubuntu-latest + steps: + - name: Github Actions 호스트 IP 가져오기 + id: ip + uses: haythem/public-ip@bdddd92c198b0955f0b494a8ebeac529754262ff + + - name: IP 설정 + run: | + echo "AWS_DEFAULT_REGION=${{ secrets.AWS_DEFAULT_REGION }}" >> $GITHUB_ENV + echo "AWS_SECURITY_GROUP_NAME=${{ secrets.AWS_SECURITY_GROUP_NAME }}" >> $GITHUB_ENV + + - name: AWS 로그인 + uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ secrets.AWS_DEFAULT_REGION }} + + - name: IP 허용 + run: | + aws ec2 authorize-security-group-ingress --group-name ${{ secrets.AWS_SECURITY_GROUP_NAME }} --protocol tcp --port ${{ secrets.PROD_EC2_PORT }} --cidr ${{ steps.ip.outputs.ipv4 }}/32 + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} + deploy: + if: ${{ success(jobs.ip-setup) }} runs-on: ubuntu-latest steps: - name: 저장소 Checkout @@ -21,7 +49,6 @@ jobs: - name: 설정 파일 추가 run: | - curl ifconfig.me cd ./src/main/resources/ cat < application-prod.yml @@ -36,6 +63,14 @@ jobs: ${{ secrets.APPLICATION_STORAGE_YML }} EOF + - name: Gradle 캐시 + uses: actions/cache@v4 + with: + path: ~/.gradle/caches + key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} + restore-keys: | + ${{ runner.os }}-gradle- + - name: 애플리케이션 빌드 run: | cd /home/runner/work/ListyWave-back/ListyWave-back/ @@ -66,3 +101,11 @@ jobs: docker rmi "${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }}" docker pull "${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }}" docker run -d -p 8080:8080 --name "${{ secrets.PROD_CONTAINER_NAME }}" "${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }}" + + - name: IP 제거 + run: | + aws ec2 revoke-security-group-ingress --group-name ${{ secrets.AWS_SECURITY_GROUP_NAME }} --protocol tcp --port ${{ secrets.PROD_EC2_PORT }} --cidr ${{ steps.ip.outputs.ipv4 }}/32 + env: + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}