docker파일 수정 #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: 백엔드 dev 배포 | |
on: | |
push: | |
branches: | |
- "dev" | |
- "main" | |
# 환경 변수 설정 | |
env: | |
ACTIVE_PROFILE: ${{ github.ref == 'refs/heads/main' && 'prod' || 'dev' }} | |
AWS_REGION: ap-northeast-2 | |
CONTAINER_NAME: ${{ github.ref == 'refs/heads/main' && 'prod-yeohaeng-api' || 'dev-yeohaeng-api' }} | |
ECR_REPOSITORY: ${{ github.ref == 'refs/heads/main' && 'prod-yeohaeng-api' || 'dev-yeohaeng-api' }} | |
# ECS 클러스터명 | |
ECS_CLUSTER: ${{ github.ref == 'refs/heads/main' && 'yeohang-api-far-prod' || 'yeohang-api-far-dev' }} | |
# ECS 서비스명 | |
ECS_SERVICE: ${{ github.ref == 'refs/heads/main' && 'yeohang-api-far-prod-ser' || 'yeohang-api-far-dev-ser' }} | |
# ECS Task definition 파일명 | |
ECS_TASK_DEFINITION: ${{ github.ref == 'refs/heads/main' && './cicd/task-definition-prod.json' || './cicd/task-definition-dev.json' }} | |
JASYPT_SECRET: ${{ secrets.JASYPT_SECRET }} | |
CONFIG_IMPORT: ${{ secrets.CONFIG_IMPORT }} | |
permissions: | |
contents: read | |
jobs: | |
be-deploy: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout # 현재 Repo Clone | |
uses: actions/checkout@v3 | |
# JDK 설정 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
- name: Grant execute permisson for gradlew # gradlew 실행 권한 부여 | |
run: chmod +x gradlew | |
# Gradle clean build | |
- name: Build with Gradle | |
uses: gradle/gradle-build-action@67421db6bd0bf253fb4bd25b31ebb98943c375e1 | |
with: | |
arguments: clean build -x test # 임시로 테스트 안함 | |
env: | |
SPRING_PROFILES_ACTIVE: ${{ env.ACTIVE_PROFILE }} | |
# AWS 자격 인증 설정 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ env.AWS_REGION }} | |
# ECR 로그인 | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
# ECR에 도커 이미지 Push | |
- name: Push docker image to ECR | |
id: build-image | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
SERVICE_TAG: . # Dockerfile 경로 | |
# IMAGE_TAG: ${{ github.sha }} | |
IMAGE_TAG: latest | |
run: | | |
docker build --build-arg JASYPT_SECRET=$JASYPT_SECRET --build-arg CONFIG_IMPORT=$CONFIG_IMPORT --build-arg PROFILE_ACTIVE=$ACTIVE_PROFILE -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT | |
# ECS Task 정의 | |
- name: Fill in the new image ID in the Amazon ECS task definition | |
id: task-def | |
uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
with: | |
task-definition: ${{ env.ECS_TASK_DEFINITION }} | |
container-name: ${{ env.CONTAINER_NAME }} | |
image: ${{ steps.build-image.outputs.image }} | |
- name: updating task-definition file | |
run: cat ${{ steps.task-def.outputs.task-definition }} | |
# ECS Task Push | |
- name: Deploy Amazon ECS task definition | |
uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
with: | |
task-definition: ${{ steps.task-def.outputs.task-definition }} | |
service: ${{ env.ECS_SERVICE }} | |
cluster: ${{ env.ECS_CLUSTER }} | |
codedeploy-appspec: appspec.yaml | |
wait-for-service-stability: true | |