feat: 보안 설정 구현 #21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy to Oracle Cloud VM | |
on: | |
push: | |
branches: [ "develop" ] | |
workflow_dispatch: | |
jobs: | |
build-and-deploy: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'corretto' | |
- name: Decode and Unzip OCI Wallet | |
run: | | |
echo "${{ secrets.OCI_WALLET }}" | base64 --decode > oci-wallet.zip | |
unzip oci-wallet.zip -d ./src/main/resources/OracleCloud | |
- name: Grant permission for gradlew | |
run: chmod +x ./gradlew | |
shell: bash | |
- name: Build with Gradle | |
run: ./gradlew clean build | |
- name: Docker Image Build | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
dockerfile: Dockerfile | |
push: false | |
tags: ${{secrets.DOCKER_USERNAME}}/dsjs:latest | |
- name: Docker Login | |
uses: docker/login-action@v3 | |
with: | |
username: ${{secrets.DOCKER_USERNAME}} | |
password: ${{secrets.DOCKER_ACCESS_TOKEN}} | |
- name: Docker Push | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
dockerfile: Dockerfile | |
push: true | |
tags: ${{secrets.DOCKER_USERNAME}}/dsjs:latest | |
- name: SSH to Oracle Cloud VM and Deploy | |
uses: appleboy/ssh-action@master | |
with: | |
host: ${{secrets.HOST}} | |
username: ubuntu | |
key: ${{secrets.KEY}} | |
script: | | |
sudo docker pull ${{secrets.DOCKER_USERNAME}}/dsjs:latest | |
EXISTING_CONTAINER_ID=$(sudo docker ps -q -f "publish=8080" -f "status=running") | |
if [ ! -z "$EXISTING_CONTAINER_ID" ]; then | |
sudo docker stop $EXISTING_CONTAINER_ID | |
sudo docker rm $EXISTING_CONTAINER_ID | |
fi | |
EXISTING_CONTAINER_ID=$(sudo docker ps -q -f "publish=8080" -f "status=exited") | |
if [ ! -z "$EXISTING_CONTAINER_ID" ]; then | |
sudo docker rm $EXISTING_CONTAINER_ID | |
fi | |
sudo docker rm $(sudo docker ps --filter 'status=exited' -a -q) | |
sudo docker run -d --log-driver=syslog -p 8080:8080 \ | |
-e API_KEY=${{secrets.API_KEY}} \ | |
-e DB_USER=${{secrets.DB_USER}} \ | |
-e DB_PASSWORD=${{secrets.DB_PASSWORD}} \ | |
-e DB_URL=${{secrets.DB_URL}} \ | |
${{secrets.DOCKER_USERNAME}}/dsjs:latest | |
sudo docker image prune -a -f |