-
Notifications
You must be signed in to change notification settings - Fork 1
169 lines (139 loc) ยท 5.7 KB
/
cicd.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
name: Backend CI/CD Pipeline
on:
push:
branches:
- main
workflow_dispatch:
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
java-version: '11'
distribution: 'temurin'
# Set APPLICATION_YML secret as an environment variable
- name: Set APPLICATION_YML secret as environment variable
run: |
echo "${{ secrets.APPLICATION_YML }}" > ./src/main/resources/application.yml
ls ./src/main/resources/
cat ./src/main/resources/application.yml
# Add execute permission to Gradle Wrapper
- name: Grant execute permission to Gradle Wrapper
run: chmod +x ./gradlew
# Run Gradle build
- name: Run Gradle build
run: ./gradlew build
# Build with Gradle (exclude tests)
- name: Build with Gradle (exclude tests)
run: |
./gradlew bootJar
# Archive the bootJar artifact
- name: Archive bootJar artifact
uses: actions/upload-artifact@v2
with:
name: bootJar-artifact
path: build/libs/petree-0.0.1-SNAPSHOT.jar
deploy:
runs-on: ubuntu-latest
needs: build
env:
TZ: "Asia/Seoul"
AWS_REGION: ap-northeast-2
AWS_ECR_REGISTRY: 930877203579.dkr.ecr.ap-northeast-2.amazonaws.com
AWS_ECR_REPOSITORY: ecr-repo
AWS_ECR_REPOSITORY_REDIS: ecr-redis
ECR_TAG: latest-spring
REDIS_IMAGE_TAG: latest-redis
steps:
- name: Checkout
uses: actions/checkout@v3
# Download bootJar artifact
- name: Download bootJar artifact and SHA256 hash
uses: actions/download-artifact@v2
with:
name: bootJar-artifact
path: /home/runner/work/backend/backend/
# List files in the directory
- name: List files in the directory
run: |
ls /home/runner/work/backend/backend/
#https://github.com/aws-actions/configure-aws-credentials๊ฒฝ๋ก๋ฅผ ํตํด ๊ธฐ์กด aws๋ก๊ทธ์ธ ์์
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}
# ECR Login
- name: Log in to Amazon ECR
run: aws ecr get-login-password --region ${{ env.AWS_REGION }} | docker login --username AWS --password-stdin ${{ env.AWS_ECR_REGISTRY }}
# Build and ECR image Push (Dockerfile)
- name: Build, tag, and push sample image to Amazon ECR
run: |
docker build --no-cache -t ${{ secrets.AWS_ECR_REGISTRY }}/${{ secrets.AWS_ECR_REPOSITORY }}:$ECR_TAG .
docker push ${{ secrets.AWS_ECR_REGISTRY }}/${{ secrets.AWS_ECR_REPOSITORY }}:$ECR_TAG
# Pull Redis image from Docker Hub
- name: Pull Redis image from Docker Hub
run: docker pull redis:latest
# Tag Redis image with ECR URL
- name: Tag Redis image with ECR URL
run: |
docker tag redis:latest ${{ secrets.AWS_ECR_REGISTRY }}/${{ secrets.AWS_ECR_REPOSITORY_REDIS }}:$REDIS_IMAGE_TAG
docker push ${{ secrets.AWS_ECR_REGISTRY }}/${{ secrets.AWS_ECR_REPOSITORY_REDIS }}:$REDIS_IMAGE_TAG
# Copy docker-compose.yml to EC2 instance
- name: Copy docker-compose.yml to EC2 instance
uses: appleboy/[email protected]
with:
host: ${{ secrets.EC2_HOST }}
username: ${{ secrets.EC2_USERNAME }}
key: ${{ secrets.EC2_PRIVATE_KEY }}
port: 22
source: "./docker-compose.yml"
target: "/home/ubuntu/"
# SSH into EC2 and deploy Docker Compose
- name: Deploy Docker Compose to EC2
uses: appleboy/[email protected]
with:
host: ${{ secrets.EC2_HOST }}
username: ${{ secrets.EC2_USERNAME }}
key: ${{ secrets.EC2_PRIVATE_KEY }}
envs: GITHUB_SHA
script: |
# SSH into EC2 server
# Navigate to the directory containing docker-compose.yml
cd $HOME
docker-compose down --rmi all
# Stop and remove specific containers (except nginx)
docker-compose stop backend redis
docker-compose rm -f
docker-compose rmi $(docker images -f "dangling=true" -q)
# Log in to Amazon ECR again (in case the login is expired after image removal)
aws ecr get-login-password --region ${{ env.AWS_REGION }} | docker login --username AWS --password-stdin ${{ env.AWS_ECR_REGISTRY }}
# Pull the built Docker image from ECR on the EC2 server (excluding nginx)
docker-compose pull ${{ env.AWS_ECR_REGISTRY }}/${{ env.AWS_ECR_REPOSITORY }}:$ECR_TAG
# Pull the Redis image from ECR on the EC2 server (excluding nginx)
docker-compose pull ${{ env.AWS_ECR_REGISTRY }}/${{ env.AWS_ECR_REPOSITORY_REDIS }}:$REDIS_IMAGE_TAG
# Deploy Docker Compose
docker-compose up -d
# Clear artifacts after deployment
- name: Clear artifacts
if: always()
uses: geekyeggo/delete-artifact@v2
with:
name: bootJar-artifact
# Notify Slack on successful deployment
- name: Notify Success to Slack
uses: 8398a7/action-slack@v3
with:
status: success
author_name: www-be
fields: repo,message,commit,author,action,eventName,ref,workflow,job,took
if_mention: never
env:
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}