Merge branch 'dev' into main #77
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CD | |
| # main,cicd λΈλμΉμ push, PR μ΄λ²€νΈ λ°μμ λμ. | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| - 'cicd' | |
| pull_request: | |
| branches: | |
| - 'main' | |
| - 'cicd' | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| #μλ°λ²μ 17 μΈν | |
| - uses: actions/checkout@v3 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| #githubsecrets yml νκ²½λ³μ μ£Όμ . | |
| - name: Set Yaml | |
| uses: microsoft/variable-substitution@v1 | |
| with: | |
| files: ./src/main/resources/application.yml | |
| env: | |
| spring.datasource.url: ${{ secrets.DB_URL }} | |
| spring.datasource.username: ${{ secrets.DB_USERNAME }} | |
| spring.datasource.password: ${{ secrets.DB_PASSWORD }} | |
| spring.datasource.driver-class-name: ${{ secrets.DB_DRIVER }} | |
| spring.jwt.secret: ${{ secrets.JWT_SECRET }} | |
| spring.mail.username: ${{secrets.MAIL_USERNAME}} | |
| spring.mail.password: ${{secrets.MAIL_PASSWORD}} | |
| spring.data.redis.host: ${{secrets.REDIS_HOST}} | |
| spring.data.redis.port: ${{secrets.REDIS_PORT}} | |
| spring.data.redis.password: ${{secrets.REDIS_PASSWORD}} | |
| cloud.aws.credentials.accessKey: ${{secrets.S3_ACCESSKEY}} | |
| cloud.aws.credentials.secretKey: ${{secrets.S3_SECRETKEY}} | |
| cloud.aws.s3.bucketName: ${{secrets.S3_BUCKETNAME}} | |
| #gradlew μ€νμ μν κΆν μΆκ° | |
| - name: Grant execute permission for gradlew | |
| run: chmod +x gradlew | |
| # Spring Boot μ΄ν리μΌμ΄μ Build (1) | |
| - name: Spring Boot Build | |
| run: ./gradlew clean build -x test | |
| # Docker μ΄λ―Έμ§ Build (2) : μ΅λν λ컀νλΈμ΄μ© | |
| - name: docker image build | |
| run: docker build -t ulsandonghun/zigzzang . | |
| # DockerHub Login (3) | |
| - name: docker login | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| # Docker Hub push (4) | |
| - name: docker Hub push | |
| run: docker push ulsandonghun/zigzzang | |
| # GET GitHub IP (5) | |
| - name: get GitHub IP | |
| id: ip | |
| uses: haythem/[email protected] | |
| # Configure AWS Credentials (6) - AWS μ κ·Ό κΆν μ·¨λ(IAM) | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ap-northeast-2 | |
| # Add github ip to AWS (7) | |
| - name: Add GitHub IP to AWS | |
| run: | | |
| aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
| # AWS EC2 Server Connect & Docker λͺ λ Ήμ΄ μ€ν (8) | |
| - name: AWS EC2 Connection | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ubuntu | |
| password: ${{ secrets.EC2_PASSWORD }} | |
| port: ${{ secrets.EC2_SSH_PORT }} | |
| timeout: 60s | |
| script: | | |
| sudo docker stop zigzzang | |
| sudo docker rm zigzzang | |
| sudo docker pull ulsandonghun/zigzzang | |
| sudo docker run -it -p 8080:8080 --name zigzzang -d ulsandonghun/zigzzang | |
| docker rmi -f $(docker images -f "dangling=true" -q) | |
| # REMOVE Github IP FROM security group (9) | |
| - name: Remove IP FROM security group | |
| run: | | |
| aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 |