.github/workflows/gradle.yml

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle

name: CI/CD gradle

on:
  push:
    branches:
      - "main"
      - "develop"
      - "deploy"
  pull_request:
    branches:
      - "main"
      - "develop"
      - "deploy"
    
env:
  AWS_REGION: ap-northeast-2
  S3_BUCKET_NAME: github-action-sample-s3-bucket
  CODE_DEPLOY_APPLICATION_NAME: space-code-deploy
  CODE_DEPLOY_DEPLOYMENT_GROUP_NAME: space-code-deploy
  RESOURCE_PATH: ./src/main/resources/application.yml
  
permissions:
  contents: read

jobs:
  build:

    runs-on: ubuntu-latest
    permissions:
      contents: read

    steps:
    - uses: actions/checkout@v4
    - name: Set up JDK 17
      uses: actions/setup-java@v4
      with:
        java-version: '17'
        distribution: 'temurin'

    # Configure Gradle for optimal use in GitHub Actions, including caching of downloaded dependencies.
    # See: https://github.com/gradle/actions/blob/main/setup-gradle/README.md
    # (3) gradlew 권한 추가 
    - name: Run chmod to make gradlew executable
      run: chmod +x ./gradlew
    - name: Setup Gradle
      uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0

    - name: Build with Gradle Wrapper
      run: ./gradlew build

    # NOTE: The Gradle Wrapper is the default and recommended way to run Gradle (https://docs.gradle.org/current/userguide/gradle_wrapper.html).
    # If your project does not have the Gradle Wrapper configured, you can use the following configuration to run Gradle with a specified version.
    #
    # - name: Setup Gradle
    #   uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
    #   with:
    #     gradle-version: '8.5'
    #
    # - name: Build with Gradle 8.5
    #   run: gradle build
  deploy:
    name: deploy
    runs-on: ubuntu-latest
    needs: build
    if: |
      github.ref == 'refs/heads/main' || 
      github.base_ref == 'deploy'|| 
      github.ref == 'refs/heads/deploy' || 
      startsWith(github.head_ref, 'chore/') ||
      startsWith(github.head_ref, 'set')
    environment: production
    steps:
    # (1) 기본 체크아웃
    - name: Checkout
      uses: actions/checkout@v3
    # (2) application.properties 설정
    # - uses: actions/checkout@v3
    # - run: touch ./src/main/resources/application.properties
    # - run: echo "${{ secrets.APPLICATION }}" > ./src/main/resources/application.properties
    # - run: cat ./src/main/resources/application.properties

    # (3) gradlew 권한 추가 
    - name: Run chmod to make gradlew executable
      run: chmod +x ./gradlew

    # (4) JDK 세팅
    - name: Set up JDK 17
      uses: actions/setup-java@v3
      with:
        distribution: 'temurin'
        java-version: '17'
    # (4.5) application.yml file 설정
    #- name: Set yml file
    #  uses: microsoft/variable-substitution@v1
    #  with:
    #    files: ${{ env.RESOURCE_PATH }}
    #  env:
    #    spring.datasource.url: ${{ secrets.RDS_HOST }}
    #    spring.datasource.username: ${{ secrets.RDS_USERNAME }}
    #    spring.datasource.password: ${{ secrets.RDS_PASSWORD }}
    #    secret.jwt-secret-key: ${{secrets.JWT_SECRET_KEY}}
    #    secret.jwt-login-secret-key: ${{secrets.JWT_SECRET_KEY_1}}
    #    secret.jwt-user-space-secret-key: ${{secrets.JWT_SECRET_KEY_2}}
    #    secret.jwt-expired-in: ${{secrets.JWT_EXPIRED_IN}}
    #    spring.datasource.driver-class-name: com.mysql.cj.jdbc.Driver

    - name: Set YML
      run: |
        echo "${{ secrets.APPLICATION_YML_DEV }}" | base64 --decode > src/main/resources/application.yml

      # (5) Gradle build (Test 제외)
    - name: Build with Gradle
      uses: gradle/gradle-build-action@0d13054264b0bb894ded474f08ebb30921341cee
      with:
        arguments: clean build -x test

        
    # (6) AWS 인증 (IAM 사용자 Access Key, Secret Key 활용)
    - name: Configure AWS credentials
      uses: aws-actions/configure-aws-credentials@v1
      with:
        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        aws-region: ${{ env.AWS_REGION }}
    # (7) 빌드 결과물을 S3 버킷에 업로드
    - name: Upload to AWS S3
      run: |
        aws deploy push \
          --application-name ${{ env.CODE_DEPLOY_APPLICATION_NAME }} \
          --ignore-hidden-files \
          --s3-location s3://$S3_BUCKET_NAME/$GITHUB_SHA.zip \
          --source .

      # (6) S3 버킷에 있는 파일을 대상으로 CodeDeploy 실행
    - name: Deploy to AWS EC2 from S3
      run: |
        aws deploy create-deployment \
          --application-name ${{ env.CODE_DEPLOY_APPLICATION_NAME }} \
          --deployment-config-name CodeDeployDefault.AllAtOnce \
          --deployment-group-name ${{ env.CODE_DEPLOY_DEPLOYMENT_GROUP_NAME }} \
          --s3-location bucket=$S3_BUCKET_NAME,key=$GITHUB_SHA.zip,bundleType=zip

        
  dependency-submission:

    runs-on: ubuntu-latest
    permissions:
      contents: write

    steps:
    - uses: actions/checkout@v4
    - name: Set up JDK 17
      uses: actions/setup-java@v4
      with:
        java-version: '17'
        distribution: 'temurin'

    # Generates and submits a dependency graph, enabling Dependabot Alerts for all project dependencies.
    # See: https://github.com/gradle/actions/blob/main/dependency-submission/README.md
    - name: Generate and submit dependency graph
      uses: gradle/actions/dependency-submission@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0