Skip to content

์ตœ์ข… README.md #70

์ตœ์ข… README.md

์ตœ์ข… README.md #70

Workflow file for this run

name: Deploy to GCP
on:
push:
branches:
- Master
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up JDK 21
uses: actions/setup-java@v3
with:
java-version: '21'
distribution: 'adopt'
- name : Override APPLICATION PROPERTIES
run : echo "${{ secrets.APPLICATION_PROPERTIES }}" > ./src/main/resources/application.properties
- name: Configure Production Properties
run: |
touch ./src/main/resources/application-prod.properties
echo "${{ secrets.APPLICATION_PROD_PROPERTIES }}" > ./src/main/resources/application-prod.properties
- name: Configure GCS Properties
run: |
touch ./src/main/resources/application-gcs.properties
echo "${{ secrets.APPLICATION_GCS_PROPERTIES }}" > ./src/main/resources/application-gcs.properties
- name: Configure Test Properties
run: |
touch ./src/main/resources/application-test.properties
echo "${{ secrets.APPLICATION_TEST_PROPERTIES }}" > ./src/main/resources/application-test.properties
- name: gradlew์— ์‹คํ–‰ ๊ถŒํ•œ ๋ถ€์—ฌ
run: chmod +x ./gradlew
- name: ๋ฐฐํฌ ํŒŒ์ผ ์ƒ์„ฑ
run: ./gradlew bootJar
- name: Upload JAR file
uses: actions/upload-artifact@v3
with:
name: team18-be-jar
path: build/libs/team18-be-0.0.1-SNAPSHOT.jar
deploy:
runs-on: ubuntu-latest
needs: build
steps:
- name: Download JAR file
uses: actions/download-artifact@v3
with:
name: team18-be-jar
- name: Authenticate with GCP
uses: google-github-actions/auth@v1
with:
credentials_json: "${{ secrets.GCP_SERVICE_ACCOUNT_KEY }}"
- name: Set up Google Cloud SDK
uses: google-github-actions/setup-gcloud@v1
with:
project_id: ${{ secrets.GCP_PROJECT_ID }}
- name: Get GitHub Actions Runner IP
id: get_ip
run: |
echo $(curl -s https://api64.ipify.org) > RUNNER_IP.txt
- name: Add GitHub Actions IP to GCP Firewall
run: |
RUNNER_IP=$(cat RUNNER_IP.txt)
# ๊ธฐ์กด์˜ source-ranges ๊ฐ’ ๊ฐ€์ ธ์˜ค๊ธฐ
EXCLUDE_IPS=$(gcloud compute firewall-rules describe default-allow-ssh --format="get(sourceRanges)" || echo "")
# ์„ธ๋ฏธ์ฝœ๋ก  ์ œ๊ฑฐ
EXCLUDE_IPS=$(echo $EXCLUDE_IPS | sed 's/;/,/g')
# GitHub Actions IP๋ฅผ ์ถ”๊ฐ€
gcloud compute firewall-rules update default-allow-ssh \
--allow tcp:22 \
--source-ranges="${EXCLUDE_IPS},${RUNNER_IP}/32"
- name: Configure SSH private key
run: |
touch ./key-hirehigher
echo "${{ secrets.HIREHIGHER_GCP_SSH_KEY }}" > ./key-hirehigher
chmod 600 ./key-hirehigher
- name: Add GCP VM to known_hosts
run: |
mkdir -p ~/.ssh
ssh-keyscan -H "${{ secrets.GCP_VM_IP }}" >> ~/.ssh/known_hosts
- name: Deploy to GCP
run: |
# scp๋กœ VM์— jar ํŒŒ์ผ ์ „์†ก
scp -o StrictHostKeyChecking=no -i ./key-hirehigher ./team18-be-0.0.1-SNAPSHOT.jar hirehigher@${{ secrets.GCP_VM_IP }}:/home/hirehigher/repository
- name: Remove GitHub Actions IP from GCP Firewall
run: |
RUNNER_IP=$(cat RUNNER_IP.txt)
# ๊ธฐ์กด firewall ๊ทœ์น™ ๊ฐ€์ ธ์˜ค๊ธฐ
EXCLUDE_IPS=$(gcloud compute firewall-rules describe default-allow-ssh --format="get(sourceRanges)" || echo "")
# GitHub Actions IP๋ฅผ ์ œ์™ธํ•œ source ranges ์„ค์ •
NEW_SOURCE_RANGES=$(echo $EXCLUDE_IPS | sed "s/$RUNNER_IP\/32//g" | sed 's/;/,/g')
# ์—…๋ฐ์ดํŠธ๋œ firewall ๊ทœ์น™ ์ ์šฉ
gcloud compute firewall-rules update default-allow-ssh \
--source-ranges=$NEW_SOURCE_RANGES
- name: Clean up SSH key
run: rm ./key-hirehigher