test: 디바이스 토큰 및 푸시 활성화 갱신 이벤트 검증 (#103) #119
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Backend CD | |
on: | |
push: | |
branches: | |
- main | |
- develop | |
jobs: | |
build-and-push: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up JDK 21 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: "21" | |
distribution: "temurin" | |
- name: Gradle Caching | |
uses: actions/cache@v3 | |
with: | |
path: | | |
~/.gradle/caches | |
~/.gradle/wrapper | |
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
restore-keys: | | |
${{ runner.os }}-gradle- | |
- name: Build with Gradle | |
uses: gradle/gradle-build-action@67421db6bd0bf253fb4bd25b31ebb98943c375e1 | |
with: | |
arguments: clean bootJar | |
- name: Set up Docker Build | |
uses: docker/setup-buildx-action@v2 | |
- name: Docker build and push to NCP container registry | |
run: | | |
sudo docker build --build-arg DEPENDENCY=build/dependency -t ${{ secrets.NCP_CONTAINER_REGISTRY_API }}/goalpanzi-api --platform linux/amd64 . | |
sudo docker login ${{ secrets.NCP_CONTAINER_REGISTRY_API }} -u ${{ secrets.NCP_ACCESS_KEY }} -p ${{ secrets.NCP_SECRET_KEY }} | |
sudo docker push ${{ secrets.NCP_CONTAINER_REGISTRY_API }}/goalpanzi-api | |
sshpass -p ${{ secrets.API_SERVER_PASSWORD }} scp -P ${{ secrets.SSH_PORT }} -o StrictHostKeyChecking=no ./docker-compose.yml ${{ secrets.API_SERVER_USERNAME }}@${{ secrets.API_SERVER_HOST }}:${{ secrets.DOCKER_COMPOSE_PATH }} | |
shell: bash | |
deploy-to-server: | |
name: Connect api server ssh and pull from container registry | |
needs: build-and-push | |
runs-on: ubuntu-latest | |
steps: | |
## docker compose up | |
- name: Deploy to api server | |
uses: appleboy/ssh-action@master | |
with: | |
host: ${{ secrets.API_SERVER_HOST }} | |
port: ${{ secrets.SSH_PORT }} | |
username: ${{ secrets.API_SERVER_USERNAME }} | |
password: ${{ secrets.API_SERVER_PASSWORD }} | |
script: | | |
export DB_HOSTNAME=${{ secrets.DB_HOSTNAME }} | |
export DB_PORT=${{ secrets.DB_PORT }} | |
export DB_DATABASE=${{ secrets.DB_DATABASE }} | |
export DB_USERNAME=${{ secrets.DB_USERNAME }} | |
export DB_PASSWORD=${{ secrets.DB_PASSWORD }} | |
export OAUTH_APPLE_CLIENT_ID=${{ secrets.OAUTH_APPLE_CLIENT_ID }} | |
export NCP_CONTAINER_REGISTRY_API=${{ secrets.NCP_CONTAINER_REGISTRY_API }} | |
export NCP_CONTAINER_REGISTRY_BATCH=${{ secrets.NCP_CONTAINER_REGISTRY_BATCH }} | |
export JWT_SECRET=${{ secrets.JWT_SECRET }} | |
export REDIS_HOST=${{ secrets.REDIS_HOST }} | |
export OBJECT_STORAGE_BUCKET_NAME=${{ secrets.OBJECT_STORAGE_BUCKET_NAME }} | |
export OBJECT_STORAGE_ACCESS_KEY_ID=${{ secrets.OBJECT_STORAGE_ACCESS_KEY_ID }} | |
export OBJECT_STORAGE_SECRET_KEY=${{ secrets.OBJECT_STORAGE_SECRET_KEY }} | |
export ENCODED_FIREBASE_ADMIN_SDK=${{ secrets.ENCODED_FIREBASE_ADMIN_SDK }} | |
export SLACK_WEBHOOK_URI=${{ secrets.SLACK_WEBHOOK_URI }} | |
sudo docker rm -f $(docker ps -qa) | |
sudo docker login ${{ secrets.NCP_CONTAINER_REGISTRY_API }} -u ${{ secrets.NCP_ACCESS_KEY }} -p ${{ secrets.NCP_SECRET_KEY }} | |
sudo docker pull ${{ secrets.NCP_CONTAINER_REGISTRY_API }}/goalpanzi-api | |
docker-compose -f ${{ secrets.DOCKER_COMPOSE_PATH }}/docker-compose.yml up -d | |
docker image prune -f |