-
Notifications
You must be signed in to change notification settings - Fork 4
122 lines (94 loc) ยท 3.92 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
name: Deploy to GCP
on:
push:
branches:
- Master
workflow_dispatch:
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Set up JDK 21
uses: actions/setup-java@v3
with:
java-version: '21'
distribution: 'adopt'
- name : Override APPLICATION PROPERTIES
run : echo "${{ secrets.APPLICATION_PROPERTIES }}" > ./src/main/resources/application.properties
- name: Configure Production Properties
run: |
touch ./src/main/resources/application-prod.properties
echo "${{ secrets.APPLICATION_PROD_PROPERTIES }}" > ./src/main/resources/application-prod.properties
- name: Configure GCS Properties
run: |
touch ./src/main/resources/application-gcs.properties
echo "${{ secrets.APPLICATION_GCS_PROPERTIES }}" > ./src/main/resources/application-gcs.properties
- name: Configure Test Properties
run: |
touch ./src/main/resources/application-test.properties
echo "${{ secrets.APPLICATION_TEST_PROPERTIES }}" > ./src/main/resources/application-test.properties
- name: gradlew์ ์คํ ๊ถํ ๋ถ์ฌ
run: chmod +x ./gradlew
- name: ๋ฐฐํฌ ํ์ผ ์์ฑ
run: ./gradlew bootJar
- name: Upload JAR file
uses: actions/upload-artifact@v3
with:
name: team18-be-jar
path: build/libs/team18-be-0.0.1-SNAPSHOT.jar
deploy:
runs-on: ubuntu-latest
needs: build
steps:
- name: Download JAR file
uses: actions/download-artifact@v3
with:
name: team18-be-jar
- name: Authenticate with GCP
uses: google-github-actions/auth@v1
with:
credentials_json: "${{ secrets.GCP_SERVICE_ACCOUNT_KEY }}"
- name: Set up Google Cloud SDK
uses: google-github-actions/setup-gcloud@v1
with:
project_id: ${{ secrets.GCP_PROJECT_ID }}
- name: Get GitHub Actions Runner IP
id: get_ip
run: |
echo $(curl -s https://api64.ipify.org) > RUNNER_IP.txt
- name: Add GitHub Actions IP to GCP Firewall
run: |
RUNNER_IP=$(cat RUNNER_IP.txt)
# ๊ธฐ์กด์ source-ranges ๊ฐ ๊ฐ์ ธ์ค๊ธฐ
EXCLUDE_IPS=$(gcloud compute firewall-rules describe default-allow-ssh --format="get(sourceRanges)" || echo "")
# ์ธ๋ฏธ์ฝ๋ก ์ ๊ฑฐ
EXCLUDE_IPS=$(echo $EXCLUDE_IPS | sed 's/;/,/g')
# GitHub Actions IP๋ฅผ ์ถ๊ฐ
gcloud compute firewall-rules update default-allow-ssh \
--allow tcp:22 \
--source-ranges="${EXCLUDE_IPS},${RUNNER_IP}/32"
- name: Configure SSH private key
run: |
touch ./key-hirehigher
echo "${{ secrets.HIREHIGHER_GCP_SSH_KEY }}" > ./key-hirehigher
chmod 600 ./key-hirehigher
- name: Add GCP VM to known_hosts
run: |
mkdir -p ~/.ssh
ssh-keyscan -H "${{ secrets.GCP_VM_IP }}" >> ~/.ssh/known_hosts
- name: Deploy to GCP
run: |
# scp๋ก VM์ jar ํ์ผ ์ ์ก
scp -o StrictHostKeyChecking=no -i ./key-hirehigher ./team18-be-0.0.1-SNAPSHOT.jar hirehigher@${{ secrets.GCP_VM_IP }}:/home/hirehigher/repository
- name: Remove GitHub Actions IP from GCP Firewall
run: |
RUNNER_IP=$(cat RUNNER_IP.txt)
# ๊ธฐ์กด firewall ๊ท์น ๊ฐ์ ธ์ค๊ธฐ
EXCLUDE_IPS=$(gcloud compute firewall-rules describe default-allow-ssh --format="get(sourceRanges)" || echo "")
# GitHub Actions IP๋ฅผ ์ ์ธํ source ranges ์ค์
NEW_SOURCE_RANGES=$(echo $EXCLUDE_IPS | sed "s/$RUNNER_IP\/32//g" | sed 's/;/,/g')
# ์
๋ฐ์ดํธ๋ firewall ๊ท์น ์ ์ฉ
gcloud compute firewall-rules update default-allow-ssh \
--source-ranges=$NEW_SOURCE_RANGES