Docs: Update README.md #309
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# github repository actions 페이지에 나타날 이름 | |
name: CI/CD using github actions & docker | |
# event trigger | |
# main이나 staging 브랜치에 push가 되었을 때 실행 | |
on: | |
push: | |
branches: [ "main", "staging", "main-test" ] | |
env: | |
AWS_REGION: ap-northeast-2 | |
S3_BUCKET_NAME: genti-deploy | |
CODE_DEPLOY_APPLICATION_NAME: genti | |
CODE_DEPLOY_APPLICATION_NAME_STAGING: genti-dev | |
permissions: | |
contents: read | |
jobs: | |
CI-CD: | |
runs-on: ubuntu-22.04 | |
steps: | |
# JDK setting - github actions에서 사용할 JDK 설정 (프로젝트나 AWS의 java 버전과 달라도 무방) | |
- uses: actions/checkout@v3 | |
- name: Set up JDK 21 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '21' | |
distribution: 'temurin' | |
# gradle caching - 빌드 시간 향상 | |
- name: Gradle Caching | |
uses: actions/cache@v3 | |
with: | |
path: | | |
~/.gradle/caches | |
~/.gradle/wrapper | |
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
restore-keys: | | |
${{ runner.os }}-gradle- | |
# 공통 yml 파일 생성 - secret | |
- name: make application-secret.yml | |
if: contains(github.ref, 'staging') || contains(github.ref, 'main') | |
run: | | |
cd ./genti-api/src/main/resources | |
touch ./application-secret.yml | |
echo "${{ secrets.APPLICATION_SECRET }}" > ./application-secret.yml | |
shell: bash | |
# 환경별 yml 파일 생성(3) - deploy | |
- name: make application-deploy.yml | |
if: contains(github.ref, 'main') | |
run: | | |
cd ./genti-api/src/main/resources | |
touch ./application-deploy.yml | |
echo "${{ secrets.APPLICATION_DEPLOY }}" > ./application-deploy.yml | |
shell: bash | |
# 환경별 yml 파일 생성(3) - staging | |
- name: make application-staging.yml | |
if: contains(github.ref, 'staging') | |
run: | | |
cd ./genti-api/src/main/resources | |
touch ./application-staging.yml | |
echo "${{ secrets.APPLICATION_STAGING }}" > ./application-staging.yml | |
shell: bash | |
# 아래 코드는 json이 큰따옴표 없이 저장됨 | |
# - name: Create Google key.json file | |
# if: contains(github.ref, 'staging') || contains(github.ref, 'main-test') | |
# run: | | |
# cd ./genti-api/src/main/resources | |
# mkdir -p ./jsonkey | |
# echo "${{ secrets.GOOGLE_ACCOUNT_KEY }}" > ./jsonkey/key.json | |
# shell: bash | |
- name: Create jsonkey directory | |
if: contains(github.ref, 'staging') || contains(github.ref, 'main-test') | |
run: mkdir -p ./genti-api/src/main/resources/jsonkey | |
- name: Create Google key.json file | |
if: contains(github.ref, 'staging') || contains(github.ref, 'main-test') | |
id: create-json | |
uses: jsdaniell/create-json@1.1.2 | |
with: | |
name: "./genti-api/src/main/resources/jsonkey/key.json" | |
json: ${{ secrets.GOOGLE_ACCOUNT_KEY }} | |
- name: make apple private key | |
run: | | |
cd ./genti-external/src/main | |
mkdir -p ./resources && cd ./resources | |
touch ./AuthKey_ZRZMQQX883.p8 | |
echo "${{ secrets.APPLE_PRIVATE_KEY }}" > ./AuthKey_ZRZMQQX883.p8 | |
shell: bash | |
# - name: make fcm private key | |
# run: | | |
# cd ./genti-external/src/main | |
# mkdir -p ./resources && cd ./resources | |
# touch ./firebase-genti.json | |
# echo "${{ secrets.FIREBASE_PRIVATE_KEY }}" > ./firebase-genti.json | |
# shell: bash | |
- name: make staging docker-compose file | |
if: contains(github.ref, 'staging') | |
run: | | |
mkdir -p ./docker/staging && cd ./docker/staging | |
touch ./docker-compose.yml | |
echo "${{ secrets.DOCKER_COMPOSE_STAGING }}" > ./docker-compose.yml | |
shell: bash | |
- name: make deploy docker-compose file | |
if: contains(github.ref, 'main') | |
run: | | |
mkdir -p ./docker/deploy && cd ./docker/deploy | |
touch ./docker-compose.yml | |
echo "${{ secrets.DOCKER_COMPOSE_DEPLOY }}" > ./docker-compose.yml | |
shell: bash | |
# gradle build | |
- name: Setup Gradle Wrapper | |
uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0 | |
- name: Build with Gradle Wrapper | |
run: | | |
chmod +x ./gradlew | |
./gradlew clean build -x test | |
# - name: Get Github action IP | |
# if: contains(github.ref, 'staging') | |
# id: ip | |
# uses: haythem/public-ip@v1.2 | |
# | |
- name: Setting environment variables | |
run: | | |
echo "AWS_DEFAULT_REGION=ap-northeast-2" >> $GITHUB_ENV | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ap-northeast-2 | |
# - name: Add Github Actions IP to Security group | |
# if: contains(github.ref, 'staging') | |
# run: | | |
# aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
# env: | |
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
# AWS_DEFAULT_REGION: ap-northeast-2 | |
- name: Login to aws ECR | |
if: contains(github.ref, 'staging') || contains(github.ref, 'main') | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
- name: Build, tag, and push image to aws ECR | |
if: contains(github.ref, 'main') | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REPOSITORY: genti-deploy | |
IMAGE_TAG: latest | |
run: | | |
docker build -f ./Dockerfile_deploy -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
- name: Build, tag, and push image to aws ECR | |
if: contains(github.ref, 'staging') | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
ECR_REPOSITORY: genti-staging | |
IMAGE_TAG: latest | |
run: | | |
docker build -f ./Dockerfile_staging -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
- name: Upload docker-compose, appspec, afterInstall file to S3 | |
if: contains(github.ref, 'main') | |
run: | | |
# Create a temporary directory for the zip contents | |
mkdir -p temp_dir/scripts | |
cp -r ./scripts/* temp_dir/scripts/ | |
cp appspec.yml temp_dir/ | |
cp ./docker/deploy/docker-compose.yml temp_dir/docker-compose.yml | |
# Navigate to the temporary directory and create the zip file | |
cd temp_dir | |
zip -r ../$GITHUB_SHA.zip ./* | |
# Move back to the initial directory and upload the zip file to S3 | |
cd .. | |
aws s3 cp --region ap-northeast-2 ./$GITHUB_SHA.zip s3://$S3_BUCKET_NAME | |
# Clean up the temporary directory | |
rm -rf temp_dir | |
- name: Upload docker-compose, appspec, afterInstall file to S3 | |
if: contains(github.ref, 'staging') | |
run: | | |
# Create a temporary directory for the zip contents | |
mkdir -p temp_dir/scripts | |
cp -r ./scripts/* temp_dir/scripts/ | |
cp appspec.yml temp_dir/ | |
cp ./docker/staging/docker-compose.yml temp_dir/docker-compose.yml | |
# Navigate to the temporary directory and create the zip file | |
cd temp_dir | |
zip -r ../$GITHUB_SHA.zip ./* | |
# Move back to the initial directory and upload the zip file to S3 | |
cd .. | |
aws s3 cp --region ap-northeast-2 ./$GITHUB_SHA.zip s3://$S3_BUCKET_NAME | |
# Clean up the temporary directory | |
rm -rf temp_dir | |
# - name: Upload docker compose file to staging server | |
# if: contains(github.ref, 'staging') | |
# uses: appleboy/scp-action@master | |
# with: | |
# host: ${{ secrets.HOST_STAGING }} | |
# username: ubuntu | |
# key: ${{ secrets.EC2_KEY }} | |
# port: 22 | |
# source: "./docker/staging/*" | |
# target: "/home/ubuntu/workspace/" | |
# docker build & push to deploy server | |
- name: Deploy to EC2 with CodeDeploy | |
if: contains(github.ref, 'main') | |
run: | | |
aws deploy create-deployment \ | |
--application-name ${{ env.CODE_DEPLOY_APPLICATION_NAME }} \ | |
--deployment-config-name CodeDeployDefault.AllAtOnce \ | |
--deployment-group-name ${{ secrets.CODE_DEPLOY_DEPLOYMENT_GROUP_NAME }} \ | |
--s3-location bucket=$S3_BUCKET_NAME,key=$GITHUB_SHA.zip,bundleType=zip | |
- name: Staging Deploy to EC2 with CodeDeploy | |
if: contains(github.ref, 'staging') | |
run: | | |
aws deploy create-deployment \ | |
--application-name ${{ env.CODE_DEPLOY_APPLICATION_NAME_STAGING }} \ | |
--deployment-group-name genti-tg-staging \ | |
--s3-location bucket=$S3_BUCKET_NAME,key=$GITHUB_SHA.zip,bundleType=zip | |
# docker build & push to staging | |
# - name: Docker build & push to staging | |
# if: contains(github.ref, 'staging') | |
# run: | | |
# docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} | |
# docker build -f Dockerfile_staging -t ${{ secrets.DOCKER_USERNAME }}/genti-staging . | |
# docker push ${{ secrets.DOCKER_USERNAME }}/genti-staging | |
## deploy to staging server | |
# - name: Deploy to staging server | |
# uses: appleboy/ssh-action@master | |
# id: deploy-staging | |
# if: contains(github.ref, 'staging') | |
# with: | |
# host: ${{ secrets.HOST_STAGING }} # EC2 퍼블릭 IPv4 DNS | |
# username: ubuntu | |
# password: ${{ secrets.PASSWORD }} | |
# port: 22 | |
# key: ${{ secrets.EC2_KEY }} | |
# script: | | |
# sudo docker ps | |
# cd /home/ubuntu/workspace/docker/staging | |
# docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} | |
# sudo docker pull ${{ secrets.DOCKER_USERNAME }}/genti-staging | |
# sudo docker-compose up -d | |
# sudo docker image prune -f | |
# - name: delete github actions ip from aws security group | |
# if: contains(github.ref, 'staging') | |
# run: | | |
# aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
# env: | |
# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
# AWS_DEFAULT_REGION: ap-northeast-2 |