Chore/#6/cicd aws deploy apply

.github/workflows/gradle.yml

@@ -1,60 +1,136 @@
-name: Java CI with Gradle2141352
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle
+
+name: CI/CD gradle
 
 on:
   push:
     branches: [ "main" ]
   pull_request:
     branches: [ "main" ]
-
+
+env:
+  AWS_REGION: ap-northeast-2
+  S3_BUCKET_NAME: github-action-sample-s3-bucket
+  CODE_DEPLOY_APPLICATION_NAME: space-code-deploy
+  CODE_DEPLOY_DEPLOYMENT_GROUP_NAME: space-code-deploy
+
 permissions:
   contents: read
 
 jobs:
-  build2:
+  build:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up JDK 17
+      uses: actions/setup-java@v4
+      with:
+        java-version: '17'
+        distribution: 'temurin'
+
+    # Configure Gradle for optimal use in GitHub Actions, including caching of downloaded dependencies.
+    # See: https://github.com/gradle/actions/blob/main/setup-gradle/README.md
+    # (3) gradlew 권한 추가 
+    - name: Run chmod to make gradlew executable
+      run: chmod +x ./gradlew
+    - name: Setup Gradle
+      uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
+
+    - name: Build with Gradle Wrapper
+      run: ./gradlew build
+
+    # NOTE: The Gradle Wrapper is the default and recommended way to run Gradle (https://docs.gradle.org/current/userguide/gradle_wrapper.html).
+    # If your project does not have the Gradle Wrapper configured, you can use the following configuration to run Gradle with a specified version.
+    #
+    # - name: Setup Gradle
+    #   uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
+    #   with:
+    #     gradle-version: '8.5'
+    #
+    # - name: Build with Gradle 8.5
+    #   run: gradle build
+  deploy:
+    name: deploy
     runs-on: ubuntu-latest
+    needs: build
+    environment: production
     steps:
-      - uses: actions/checkout@v3
-      - name: Set up JDK 17
-        uses: actions/setup-java@v3
-        with:
-          java-version: '17'
-          distribution: 'temurin'
-      - name: Run chmod to make gradlew executable
-        run: chmod +x ./gradlew
-      - name: Build with Gradle
-        uses: gradle/gradle-build-action@67421db6bd0bf253fb4bd25b31ebb98943c375e1
-        with:
-          arguments: build
-      - name: Upload artifact
-        uses: actions/upload-artifact@v2
-        with:
-          name: cicdsample
-          path: build/libs/*.jar
-
-      - name: Copy jar file to remote
-        uses: appleboy/scp-action@master
-        with:
-          username: ${{ secrets.EC2_USER }}
-          host: ${{ secrets.EC2_HOST }}
-          key: ${{ secrets.PRIVATE_KEY }}
-          source: "./build/libs/*.jar"
-          target: "/home/ubuntu/cicd"
-          strip_components: 2
-      - name: Copy deploy script file to remote
-        uses: appleboy/scp-action@master
-        with:
-          username: ${{ secrets.EC2_USER }}
-          host: ${{ secrets.EC2_HOST }}
-          key: ${{ secrets.PRIVATE_KEY }}
-          source: "deploy.sh"
-          target: "/home/ubuntu/cicd"
-      - name: Execute deploy script
-        uses: appleboy/ssh-action@master
-        with:
-          username: ${{ secrets.EC2_USER }}
-          host: ${{ secrets.EC2_HOST }}
-          key: ${{ secrets.PRIVATE_KEY }}
-          script_stop: true
-          script: |
-            chmod +x /home/ubuntu/cicd/deploy.sh
-            sh /home/ubuntu/cicd/deploy.sh
+    # (1) 기본 체크아웃
+    - name: Checkout
+      uses: actions/checkout@v3
+    # (2) application.properties 설정
+    # - uses: actions/checkout@v3
+    # - run: touch ./src/main/resources/application.properties
+    # - run: echo "${{ secrets.APPLICATION }}" > ./src/main/resources/application.properties
+    # - run: cat ./src/main/resources/application.properties
+
+    # (3) gradlew 권한 추가 
+    - name: Run chmod to make gradlew executable
+      run: chmod +x ./gradlew
+
+    # (4) JDK 세팅
+    - name: Set up JDK 17
+      uses: actions/setup-java@v3
+      with:
+        distribution: 'temurin'
+        java-version: '17'
+    # (5) Gradle build (Test 제외)
+    - name: Build with Gradle
+      uses: gradle/gradle-build-action@0d13054264b0bb894ded474f08ebb30921341cee
+      with:
+        arguments: clean build -x test
+
+
+    # (6) AWS 인증 (IAM 사용자 Access Key, Secret Key 활용)
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: ${{ env.AWS_REGION }}
+    # (7) 빌드 결과물을 S3 버킷에 업로드
+    - name: Upload to AWS S3
+      run: |
+        aws deploy push \
+          --application-name ${{ env.CODE_DEPLOY_APPLICATION_NAME }} \
+          --ignore-hidden-files \
+          --s3-location s3://$S3_BUCKET_NAME/$GITHUB_SHA.zip \
+          --source .
+
+      # (6) S3 버킷에 있는 파일을 대상으로 CodeDeploy 실행
+    - name: Deploy to AWS EC2 from S3
+      run: |
+        aws deploy create-deployment \
+          --application-name ${{ env.CODE_DEPLOY_APPLICATION_NAME }} \
+          --deployment-config-name CodeDeployDefault.AllAtOnce \
+          --deployment-group-name ${{ env.CODE_DEPLOY_DEPLOYMENT_GROUP_NAME }} \
+          --s3-location bucket=$S3_BUCKET_NAME,key=$GITHUB_SHA.zip,bundleType=zip
+
+
+  dependency-submission:
+
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+
+    steps:
+    - uses: actions/checkout@v4
+    - name: Set up JDK 17
+      uses: actions/setup-java@v4
+      with:
+        java-version: '17'
+        distribution: 'temurin'
+
+    # Generates and submits a dependency graph, enabling Dependabot Alerts for all project dependencies.
+    # See: https://github.com/gradle/actions/blob/main/dependency-submission/README.md
+    - name: Generate and submit dependency graph
+      uses: gradle/actions/dependency-submission@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0

appspec.yml

@@ -0,0 +1,23 @@
+version: 0.0
+os: linux
+
+files:
+  - source:  /
+    destination: /home/ubuntu/app
+    overwrite: yes
+
+permissions:
+  - object: /
+    pattern: "**"
+    owner: ubuntu
+    group: ubuntu
+
+hooks:
+  AfterInstall:
+    - location: scripts/stop.sh
+      timeout: 60
+      runas: ubuntu
+  ApplicationStart:
+    - location: scripts/start.sh
+      timeout: 60
+      runas: ubuntu