From fa9068f4c35278f2e2fb3e0242d6fc29f9a3aae9 Mon Sep 17 00:00:00 2001
From: kdkdhoho <hkim4410@naver.com>
Date: Tue, 28 May 2024 17:22:33 +0900
Subject: [PATCH] prod: test15 (#prod)

---
 .github/workflows/prod-cd.yml | 45 ++++++++++++++++++++++++++++++++++-
 1 file changed, 44 insertions(+), 1 deletion(-)

diff --git a/.github/workflows/prod-cd.yml b/.github/workflows/prod-cd.yml
index e92e1727..45a7258a 100644
--- a/.github/workflows/prod-cd.yml
+++ b/.github/workflows/prod-cd.yml
@@ -6,7 +6,35 @@ on:
     branches: [ "prod" ]
 
 jobs:
+  ip-setup:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Github Actions 호스트 IP 가져오기
+        id: ip
+        uses: haythem/public-ip@bdddd92c198b0955f0b494a8ebeac529754262ff
+
+      - name: IP 설정
+        run: |
+          echo "AWS_DEFAULT_REGION=${{ secrets.AWS_DEFAULT_REGION }}" >> $GITHUB_ENV
+          echo "AWS_SECURITY_GROUP_NAME=${{ secrets.AWS_SECURITY_GROUP_NAME }}" >> $GITHUB_ENV
+
+      - name: AWS 로그인
+        uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_DEFAULT_REGION }}
+
+      - name: IP 허용
+        run: |
+          aws ec2 authorize-security-group-ingress --group-name ${{ secrets.AWS_SECURITY_GROUP_NAME }} --protocol tcp --port ${{ secrets.PROD_EC2_PORT }} --cidr ${{ steps.ip.outputs.ipv4 }}/32
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}
+  
   deploy:
+    if: ${{ success(jobs.ip-setup) }}
     runs-on: ubuntu-latest
     steps:
       - name: 저장소 Checkout
@@ -21,7 +49,6 @@ jobs:
 
       - name: 설정 파일 추가
         run: |
-          curl ifconfig.me
           cd ./src/main/resources/
           
           cat <<EOF > application-prod.yml
@@ -36,6 +63,14 @@ jobs:
           ${{ secrets.APPLICATION_STORAGE_YML }}
           EOF
 
+      - name: Gradle 캐시
+        uses: actions/cache@v4
+        with:
+          path: ~/.gradle/caches
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
+          restore-keys: |
+            ${{ runner.os }}-gradle-
+
       - name: 애플리케이션 빌드
         run: |
           cd /home/runner/work/ListyWave-back/ListyWave-back/
@@ -66,3 +101,11 @@ jobs:
             docker rmi "${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }}"
             docker pull "${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }}"
             docker run -d -p 8080:8080 --name "${{ secrets.PROD_CONTAINER_NAME }}" "${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }}"
+
+      - name: IP 제거
+        run: |
+          aws ec2 revoke-security-group-ingress --group-name ${{ secrets.AWS_SECURITY_GROUP_NAME }} --protocol tcp --port ${{ secrets.PROD_EC2_PORT }} --cidr ${{ steps.ip.outputs.ipv4 }}/32
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }}