Skip to content

Merge pull request #231 from Genti2024/feat/pgreq-two #295

Merge pull request #231 from Genti2024/feat/pgreq-two

Merge pull request #231 from Genti2024/feat/pgreq-two #295

Workflow file for this run

# github repository actions 페이지에 나타날 이름
name: CI/CD using github actions & docker
# event trigger
# main이나 staging 브랜치에 push가 되었을 때 실행
on:
push:
branches: [ "main", "staging", "main-test" ]
env:
AWS_REGION: ap-northeast-2
S3_BUCKET_NAME: genti-deploy
CODE_DEPLOY_APPLICATION_NAME: genti
CODE_DEPLOY_APPLICATION_NAME_STAGING: genti-dev
permissions:
contents: read
jobs:
CI-CD:
runs-on: ubuntu-22.04
steps:
# JDK setting - github actions에서 사용할 JDK 설정 (프로젝트나 AWS의 java 버전과 달라도 무방)
- uses: actions/checkout@v3
- name: Set up JDK 21
uses: actions/setup-java@v3
with:
java-version: '21'
distribution: 'temurin'
# gradle caching - 빌드 시간 향상
- name: Gradle Caching
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-
# 공통 yml 파일 생성 - secret
- name: make application-secret.yml
if: contains(github.ref, 'staging') || contains(github.ref, 'main')
run: |
cd ./genti-api/src/main/resources
touch ./application-secret.yml
echo "${{ secrets.APPLICATION_SECRET }}" > ./application-secret.yml
shell: bash
# 환경별 yml 파일 생성(3) - deploy
- name: make application-deploy.yml
if: contains(github.ref, 'main')
run: |
cd ./genti-api/src/main/resources
touch ./application-deploy.yml
echo "${{ secrets.APPLICATION_DEPLOY }}" > ./application-deploy.yml
shell: bash
# 환경별 yml 파일 생성(3) - staging
- name: make application-staging.yml
if: contains(github.ref, 'staging')
run: |
cd ./genti-api/src/main/resources
touch ./application-staging.yml
echo "${{ secrets.APPLICATION_STAGING }}" > ./application-staging.yml
shell: bash
# 아래 코드는 json이 큰따옴표 없이 저장됨
# - name: Create Google key.json file
# if: contains(github.ref, 'staging') || contains(github.ref, 'main-test')
# run: |
# cd ./genti-api/src/main/resources
# mkdir -p ./jsonkey
# echo "${{ secrets.GOOGLE_ACCOUNT_KEY }}" > ./jsonkey/key.json
# shell: bash
- name: Create jsonkey directory
if: contains(github.ref, 'staging') || contains(github.ref, 'main-test')
run: mkdir -p ./genti-api/src/main/resources/jsonkey
- name: Create Google key.json file
if: contains(github.ref, 'staging') || contains(github.ref, 'main-test')
id: create-json
uses: jsdaniell/create-json@1.1.2
with:
name: "./genti-api/src/main/resources/jsonkey/key.json"
json: ${{ secrets.GOOGLE_ACCOUNT_KEY }}
- name: make apple private key
run: |
cd ./genti-external/src/main
mkdir -p ./resources && cd ./resources
touch ./AuthKey_ZRZMQQX883.p8
echo "${{ secrets.APPLE_PRIVATE_KEY }}" > ./AuthKey_ZRZMQQX883.p8
shell: bash
# - name: make fcm private key
# run: |
# cd ./genti-external/src/main
# mkdir -p ./resources && cd ./resources
# touch ./firebase-genti.json
# echo "${{ secrets.FIREBASE_PRIVATE_KEY }}" > ./firebase-genti.json
# shell: bash
- name: make staging docker-compose file
if: contains(github.ref, 'staging')
run: |
mkdir -p ./docker/staging && cd ./docker/staging
touch ./docker-compose.yml
echo "${{ secrets.DOCKER_COMPOSE_STAGING }}" > ./docker-compose.yml
shell: bash
- name: make deploy docker-compose file
if: contains(github.ref, 'main')
run: |
mkdir -p ./docker/deploy && cd ./docker/deploy
touch ./docker-compose.yml
echo "${{ secrets.DOCKER_COMPOSE_DEPLOY }}" > ./docker-compose.yml
shell: bash
# gradle build
- name: Setup Gradle Wrapper
uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
- name: Build with Gradle Wrapper
run: |
chmod +x ./gradlew
./gradlew clean build -x test
# - name: Get Github action IP
# if: contains(github.ref, 'staging')
# id: ip
# uses: haythem/public-ip@v1.2
#
- name: Setting environment variables
run: |
echo "AWS_DEFAULT_REGION=ap-northeast-2" >> $GITHUB_ENV
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2
# - name: Add Github Actions IP to Security group
# if: contains(github.ref, 'staging')
# run: |
# aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
# env:
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# AWS_DEFAULT_REGION: ap-northeast-2
- name: Login to aws ECR
if: contains(github.ref, 'staging') || contains(github.ref, 'main')
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to aws ECR
if: contains(github.ref, 'main')
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: genti-deploy
IMAGE_TAG: latest
run: |
docker build -f ./Dockerfile_deploy -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
- name: Build, tag, and push image to aws ECR
if: contains(github.ref, 'staging')
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: genti-staging
IMAGE_TAG: latest
run: |
docker build -f ./Dockerfile_staging -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
- name: Upload docker-compose, appspec, afterInstall file to S3
if: contains(github.ref, 'main')
run: |
# Create a temporary directory for the zip contents
mkdir -p temp_dir/scripts
cp -r ./scripts/* temp_dir/scripts/
cp appspec.yml temp_dir/
cp ./docker/deploy/docker-compose.yml temp_dir/docker-compose.yml
# Navigate to the temporary directory and create the zip file
cd temp_dir
zip -r ../$GITHUB_SHA.zip ./*
# Move back to the initial directory and upload the zip file to S3
cd ..
aws s3 cp --region ap-northeast-2 ./$GITHUB_SHA.zip s3://$S3_BUCKET_NAME
# Clean up the temporary directory
rm -rf temp_dir
- name: Upload key.json to S3
if: contains(github.ref, 'staging')
run: |
aws s3 cp ./genti-api/src/main/resources/jsonkey/key.json s3://$S3_BUCKET_NAME/jsonkey/key.json
- name: Upload docker-compose, appspec, afterInstall file to S3
if: contains(github.ref, 'staging')
run: |
# Create a temporary directory for the zip contents
mkdir -p temp_dir/scripts
cp -r ./scripts/* temp_dir/scripts/
cp appspec.yml temp_dir/
cp ./docker/staging/docker-compose.yml temp_dir/docker-compose.yml
# Navigate to the temporary directory and create the zip file
cd temp_dir
zip -r ../$GITHUB_SHA.zip ./*
# Move back to the initial directory and upload the zip file to S3
cd ..
aws s3 cp --region ap-northeast-2 ./$GITHUB_SHA.zip s3://$S3_BUCKET_NAME
# Clean up the temporary directory
rm -rf temp_dir
# - name: Upload docker compose file to staging server
# if: contains(github.ref, 'staging')
# uses: appleboy/scp-action@master
# with:
# host: ${{ secrets.HOST_STAGING }}
# username: ubuntu
# key: ${{ secrets.EC2_KEY }}
# port: 22
# source: "./docker/staging/*"
# target: "/home/ubuntu/workspace/"
# docker build & push to deploy server
- name: Deploy to EC2 with CodeDeploy
if: contains(github.ref, 'main')
run: |
aws deploy create-deployment \
--application-name ${{ env.CODE_DEPLOY_APPLICATION_NAME }} \
--deployment-config-name CodeDeployDefault.AllAtOnce \
--deployment-group-name ${{ secrets.CODE_DEPLOY_DEPLOYMENT_GROUP_NAME }} \
--s3-location bucket=$S3_BUCKET_NAME,key=$GITHUB_SHA.zip,bundleType=zip
- name: Staging Deploy to EC2 with CodeDeploy
if: contains(github.ref, 'staging')
run: |
aws deploy create-deployment \
--application-name ${{ env.CODE_DEPLOY_APPLICATION_NAME_STAGING }} \
--deployment-group-name genti-tg-staging \
--s3-location bucket=$S3_BUCKET_NAME,key=$GITHUB_SHA.zip,bundleType=zip
# docker build & push to staging
# - name: Docker build & push to staging
# if: contains(github.ref, 'staging')
# run: |
# docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
# docker build -f Dockerfile_staging -t ${{ secrets.DOCKER_USERNAME }}/genti-staging .
# docker push ${{ secrets.DOCKER_USERNAME }}/genti-staging
## deploy to staging server
# - name: Deploy to staging server
# uses: appleboy/ssh-action@master
# id: deploy-staging
# if: contains(github.ref, 'staging')
# with:
# host: ${{ secrets.HOST_STAGING }} # EC2 퍼블릭 IPv4 DNS
# username: ubuntu
# password: ${{ secrets.PASSWORD }}
# port: 22
# key: ${{ secrets.EC2_KEY }}
# script: |
# sudo docker ps
# cd /home/ubuntu/workspace/docker/staging
# docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
# sudo docker pull ${{ secrets.DOCKER_USERNAME }}/genti-staging
# sudo docker-compose up -d
# sudo docker image prune -f
# - name: delete github actions ip from aws security group
# if: contains(github.ref, 'staging')
# run: |
# aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
# env:
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
# AWS_DEFAULT_REGION: ap-northeast-2