Deploy to GCP #59
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy to GCP | |
on: | |
push: | |
branches: | |
- Master | |
workflow_dispatch: | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Set up JDK 21 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '21' | |
distribution: 'adopt' | |
- name : Override APPLICATION PROPERTIES | |
run : echo "${{ secrets.APPLICATION_PROPERTIES }}" > ./src/main/resources/application.properties | |
- name: Configure Production Properties | |
run: | | |
touch ./src/main/resources/application-prod.properties | |
echo "${{ secrets.APPLICATION_PROD_PROPERTIES }}" > ./src/main/resources/application-prod.properties | |
- name: Configure GCS Properties | |
run: | | |
touch ./src/main/resources/application-gcs.properties | |
echo "${{ secrets.APPLICATION_GCS_PROPERTIES }}" > ./src/main/resources/application-gcs.properties | |
- name: Configure Test Properties | |
run: | | |
touch ./src/main/resources/application-test.properties | |
echo "${{ secrets.APPLICATION_TEST_PROPERTIES }}" > ./src/main/resources/application-test.properties | |
- name: gradlew์ ์คํ ๊ถํ ๋ถ์ฌ | |
run: chmod +x ./gradlew | |
- name: ๋ฐฐํฌ ํ์ผ ์์ฑ | |
run: ./gradlew bootJar | |
- name: Upload JAR file | |
uses: actions/upload-artifact@v3 | |
with: | |
name: team18-be-jar | |
path: build/libs/team18-be-0.0.1-SNAPSHOT.jar | |
deploy: | |
runs-on: ubuntu-latest | |
needs: build | |
steps: | |
- name: Download JAR file | |
uses: actions/download-artifact@v3 | |
with: | |
name: team18-be-jar | |
- name: Authenticate with GCP | |
uses: google-github-actions/auth@v1 | |
with: | |
credentials_json: "${{ secrets.GCP_SERVICE_ACCOUNT_KEY }}" | |
- name: Set up Google Cloud SDK | |
uses: google-github-actions/setup-gcloud@v1 | |
with: | |
project_id: ${{ secrets.GCP_PROJECT_ID }} | |
- name: Get GitHub Actions Runner IP | |
id: get_ip | |
run: | | |
echo $(curl -s https://api64.ipify.org) > RUNNER_IP.txt | |
- name: Add GitHub Actions IP to GCP Firewall | |
run: | | |
RUNNER_IP=$(cat RUNNER_IP.txt) | |
# ๊ธฐ์กด์ source-ranges ๊ฐ ๊ฐ์ ธ์ค๊ธฐ | |
EXCLUDE_IPS=$(gcloud compute firewall-rules describe default-allow-ssh --format="get(sourceRanges)" || echo "") | |
# ์ธ๋ฏธ์ฝ๋ก ์ ๊ฑฐ | |
EXCLUDE_IPS=$(echo $EXCLUDE_IPS | sed 's/;/,/g') | |
# GitHub Actions IP๋ฅผ ์ถ๊ฐ | |
gcloud compute firewall-rules update default-allow-ssh \ | |
--allow tcp:22 \ | |
--source-ranges="${EXCLUDE_IPS},${RUNNER_IP}/32" | |
- name: Configure SSH private key | |
run: | | |
touch ./key-hirehigher | |
echo "${{ secrets.HIREHIGHER_GCP_SSH_KEY }}" > ./key-hirehigher | |
chmod 600 ./key-hirehigher | |
- name: Add GCP VM to known_hosts | |
run: | | |
mkdir -p ~/.ssh | |
ssh-keyscan -H "${{ secrets.GCP_VM_IP }}" >> ~/.ssh/known_hosts | |
- name: Deploy to GCP | |
run: | | |
# scp๋ก VM์ jar ํ์ผ ์ ์ก | |
scp -o StrictHostKeyChecking=no -i ./key-hirehigher ./team18-be-0.0.1-SNAPSHOT.jar hirehigher@${{ secrets.GCP_VM_IP }}:/home/hirehigher/repository | |
- name: Remove GitHub Actions IP from GCP Firewall | |
run: | | |
RUNNER_IP=$(cat RUNNER_IP.txt) | |
# ๊ธฐ์กด firewall ๊ท์น ๊ฐ์ ธ์ค๊ธฐ | |
EXCLUDE_IPS=$(gcloud compute firewall-rules describe default-allow-ssh --format="get(sourceRanges)" || echo "") | |
# GitHub Actions IP๋ฅผ ์ ์ธํ source ranges ์ค์ | |
NEW_SOURCE_RANGES=$(echo $EXCLUDE_IPS | sed "s/$RUNNER_IP\/32//g" | sed 's/;/,/g') | |
# ์ ๋ฐ์ดํธ๋ firewall ๊ท์น ์ ์ฉ | |
gcloud compute firewall-rules update default-allow-ssh \ | |
--source-ranges=$NEW_SOURCE_RANGES | |
- name: Clean up SSH key | |
run: rm ./key-hirehigher |