Update README.md #83
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI CD | |
on: | |
push: | |
branches: [ "develop" ] | |
pull_request: | |
branches: [ "develop" ] | |
jobs: | |
develop-cd: | |
# 실행 환경 | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
# JDK 17 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
# gradle caching | |
- name: Gradle Caching | |
uses: actions/cache@v3 | |
with: | |
path: | | |
~/.gradle/caches | |
~/.gradle/wrapper | |
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
restore-keys: | | |
${{ runner.os }}-gradle- | |
# application-dev.yml | |
- name: Copy dev secret | |
env: | |
DEV_SECRET: ${{ secrets.APPLICATION_DEV_YML }} | |
DEV_SECRET_DIR: src/main/resources | |
DEV_SECRET_DIR_FILE_NAME: application-dev.yml | |
run: echo $DEV_SECRET | base64 --decode >> $DEV_SECRET_DIR/$DEV_SECRET_DIR_FILE_NAME | |
# application-jwt.yml | |
- name: Copy jwt secret | |
env: | |
DEV_SECRET: ${{ secrets.APPLICATION_JWT_YML }} | |
DEV_SECRET_DIR: src/main/resources | |
DEV_SECRET_DIR_FILE_NAME: application-jwt.yml | |
run: echo $DEV_SECRET | base64 --decode >> $DEV_SECRET_DIR/$DEV_SECRET_DIR_FILE_NAME | |
# ./gradlew 권한 설정 | |
- name: ./gradlew 권한 설정 | |
run: chmod +x ./gradlew | |
# Gradle build (Test 제외) | |
- name: Build with Gradle | |
run: ./gradlew build -x test | |
# docker build & push to production | |
- name: Docker build & push to DockerHub | |
run: | | |
docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} | |
docker build -t ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_REPO }}:latest-dev . | |
docker push ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_REPO }}:latest-dev | |
# GET GitHub IP | |
- name: get GitHub IP | |
id: ip | |
uses: haythem/public-ip@v1.2 | |
# aws 세팅 | |
- name: aws 세팅 | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ap-northeast-2 | |
# Add github ip to AWS | |
- name: Add GitHub IP to AWS | |
run: | | |
aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
# (8) 로컬 docker-compose.yml 파일 EC2로 복사 | |
- name: Copy docker-compose.yml to EC2 via SCP | |
uses: appleboy/scp-action@master | |
with: | |
host: ${{ secrets.DEV_HOST }} | |
username: ${{ secrets.EC2_USERNAME }} | |
key: ${{ secrets.KEY }} | |
port: 22 | |
source : "./docker-compose.yml" | |
target : "./hicardi" | |
# 서버에 접속하여 도커 이미지를 pull 받고 실행하기 | |
- name: executing remote ssh commands using password | |
uses: appleboy/ssh-action@v0.1.6 | |
with: | |
host: ${{ secrets.DEV_HOST }} | |
username: ${{ secrets.EC2_USERNAME }} | |
key: ${{ secrets.KEY }} | |
port: 22 | |
script: | | |
cd hicardi | |
sudo docker-compose down | |
sudo docker-compose pull | |
sudo docker-compose up -d | |
sudo docker image prune -f | |
# REMOVE Github IP FROM security group | |
- name: Remove IP FROM security group | |
run: | | |
aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 |