Update cicd-ec2.yml #31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# github repository actions 페이지에 나타날 이름 | |
name: CI/CD using github actions & docker | |
# event trigger | |
# main이나 develop 브랜치에 push가 되었을 때 실행 | |
on: | |
push: | |
branches: [ "main", "dev" ] | |
permissions: | |
contents: read | |
jobs: | |
CI-CD: | |
runs-on: ubuntu-22.04 | |
steps: | |
# JDK setting - github actions에서 사용할 JDK 설정 (프로젝트나 AWS의 java 버전과 달라도 무방) | |
- uses: actions/checkout@v3 | |
- name: Set up JDK 21 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '21' | |
distribution: 'temurin' | |
# gradle caching - 빌드 시간 향상 | |
- name: Gradle Caching | |
uses: actions/cache@v3 | |
with: | |
path: | | |
~/.gradle/caches | |
~/.gradle/wrapper | |
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
restore-keys: | | |
${{ runner.os }}-gradle- | |
# 공통 yml 파일 생성 - secret, oauth | |
- name: make application-secret.yml | |
if: contains(github.ref, 'dev') || contains(github.ref, 'main') | |
run: | | |
cd ./src/main/resources | |
touch ./application-secret.yml | |
echo "${{ secrets.APPLICATION_SECRET }}" > ./application-secret.yml | |
shell: bash | |
# 환경별 yml 파일 생성(3) - deploy | |
- name: make application-deploy.yml | |
if: contains(github.ref, 'dev') || contains(github.ref, 'main') | |
run: | | |
cd ./src/main/resources | |
touch ./application-deploy.yml | |
echo "${{ secrets.APPLICATION_DEPLOY }}" > ./application-deploy.yml | |
shell: bash | |
# gradle build | |
- name: Setup Gradle Wrapper | |
uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0 | |
- name: Build with Gradle Wrapper | |
run: | | |
chmod +x ./gradlew | |
./gradlew clean build | |
- name: Get Github action IP | |
id: ip | |
uses: haythem/public-ip@v1.2 | |
- name: Setting environment variables | |
run: | | |
echo "AWS_DEFAULT_REGION=ap-northeast-2" >> $GITHUB_ENV | |
echo "AWS_SG_NAME=github-actions" >> $GITHUB_ENV | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ap-northeast-2 | |
- name: Add Github Actions IP to Security group | |
run: | | |
aws ec2 authorize-security-group-ingress --group-name ${{ env.AWS_SG_NAME }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: ap-northeast-2 | |
- name: Upload docker compose file to deploy server | |
if: contains(github.ref, 'main') | |
uses: appleboy/scp-action@master | |
with: | |
host: ${{ secrets.HOST_DEPLOY }} | |
username: ubuntu | |
key: ${{ secrets.EC2_KEY }} | |
port: 22 | |
source: "./docker/deploy/*" | |
target: "/home/ubuntu/workspace/" | |
- name: Upload docker compose file to dev server | |
if: contains(github.ref, 'dev') | |
uses: appleboy/scp-action@master | |
with: | |
host: ${{ secrets.HOST_DEV }} | |
username: ubuntu | |
key: ${{ secrets.EC2_KEY }} | |
port: 22 | |
source: "./docker/dev/*" | |
target: "/home/ubuntu/workspace/" | |
# docker build & push to deploy server | |
- name: Docker build & push to deploy | |
if: contains(github.ref, 'main') | |
run: | | |
docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} | |
docker build -f Dockerfile_deploy -t ${{ secrets.DOCKER_USERNAME }}/genti-deploy . | |
docker push ${{ secrets.DOCKER_USERNAME }}/genti-deploy | |
# docker build & push to develop | |
- name: Docker build & push to dev | |
if: contains(github.ref, 'dev') | |
run: | | |
docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} | |
docker build -f Dockerfile_dev -t ${{ secrets.DOCKER_USERNAME }}/genti-dev . | |
docker push ${{ secrets.DOCKER_USERNAME }}/genti-dev | |
## deploy to deploy server | |
- name: Deploy to deploy server | |
uses: appleboy/ssh-action@master | |
id: deploy-deploy | |
if: contains(github.ref, 'main') | |
with: | |
host: ${{ secrets.HOST_DEPLOY }} # EC2 퍼블릭 IPv4 DNS | |
username: ubuntu | |
key: ${{ secrets.EC2_KEY }} | |
envs: GITHUB_SHA | |
script: | | |
sudo docker ps | |
cd /home/ubuntu/workspace/docker/deploy | |
docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} | |
sudo docker pull ${{ secrets.DOCKER_USERNAME }}/genti-deploy | |
sudo docker compose up -d | |
sudo docker image prune -f | |
## deploy to dev server | |
- name: Deploy to dev server | |
uses: appleboy/ssh-action@master | |
id: deploy-dev | |
if: contains(github.ref, 'dev') | |
with: | |
host: ${{ secrets.HOST_DEV }} # EC2 퍼블릭 IPv4 DNS | |
username: ubuntu | |
password: ${{ secrets.PASSWORD }} | |
port: 22 | |
key: ${{ secrets.EC2_KEY }} | |
script: | | |
sudo docker ps | |
cd /home/ubuntu/workspace/docker/dev | |
docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} | |
sudo docker pull ${{ secrets.DOCKER_USERNAME }}/genti-dev | |
sudo docker compose up -d | |
sudo docker image prune -f | |
- name: delete github actions ip from aws security group | |
run: | | |
aws ec2 revoke-security-group-ingress --group-name ${{ env.AWS_SG_NAME }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: ap-northeast-2 |