refactor: alarm server api url 추가 #8

Workflow file for this run

.github/workflows/showpot-prod-cd.yml at b37cd5f

	name: prod-cd

	on:
	push:
	branches:
	- prod
	- feat/prod-cicd

	env:
	ECR_REPOSITORY: showpot

	jobs:
	build-and-deploy:
	runs-on: ubuntu-latest
	permissions:
	contents: read
	steps:
	- uses: actions/checkout@v4

	- name: Set up JDK 17
	uses: actions/setup-java@v4
	with:
	java-version: '17'
	distribution: 'liberica'
	cache: gradle

	- name: Setup Gradle
	uses: gradle/actions/setup-gradle@v3

	- name: Copy Secrets
	uses: microsoft/variable-substitution@v1
	with:
	files: \|
	./app/src/main/resources/application-prod.yml,
	./app/src/main/resources/application-cloud-prod.yml,
	./app/domain/common-domain/src/main/resources/application-domain-prod.yml,
	./app/infrastructure/spotify/src/main/resources/application-spotify-prod.yml
	env:
	token.secret-key: ${{ secrets.TOKEN_SECRET_KEY }}
	cloud.aws.credentials.accessKey: ${{ secrets.AWS_ACCESS_KEY }}
	cloud.aws.credentials.secretKey: ${{ secrets.AWS_SECRET_KEY }}
	cloud.aws.region: ${{ secrets.AWS_REGION }}
	cloud.aws.s3.bucket: ${{ secrets.AWS_BUCKET }}
	spring.data.redis.host: ${{ secrets.REDIS_HOST_PROD }}
	spring.data.redis.port: ${{ secrets.REDIS_PORT_PROD }}
	spring.datasource.url: ${{ secrets.APPLICATION_DATASOURCE_URL_PROD }}
	spring.datasource.username: ${{ secrets.APPLICATION_DATASOURCE_USERNAME_PROD }}
	spring.datasource.password: ${{ secrets.APPLICATION_DATASOURCE_PASSWORD_PROD }}
	spotify.client-id: ${{ secrets.SPOTIFY_CLIENT_ID }}
	spotify.client-secret: ${{ secrets.SPOTIFY_CLIENT_SECRET }}
	alarm.api-url: ${{ secrets.ALARM_SERVER_API_URL_PROD }}

	- name: Build with Gradle Wrapper
	run: ./gradlew clean build -Dspring.profiles.active=prod

	- name: Configure AWS credentials
	uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
	aws-region: ${{ secrets.AWS_REGION }}

	- name: Set image tag
	id: set-tag
	run: \|
	DATE_TAG=$(TZ='Asia/Seoul' date +'%Y%m%d_%H%M')
	SHORT_SHA=$(echo $GITHUB_SHA \| cut -c1-8)
	echo "IMAGE_TAG=${DATE_TAG}_${SHORT_SHA}" >> $GITHUB_ENV

	- name: Login to Amazon ECR
	id: login-ecr
	uses: aws-actions/amazon-ecr-login@v1

	- name: Build and Push image to Amazon ECR
	id: build-image
	env:
	ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
	IMAGE_TAG: ${{ env.IMAGE_TAG }}
	run: \|
	docker build --no-cache -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f dockerfile-prod .
	docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
	IMAGE_URI=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
	echo "IMAGE_URI=$IMAGE_URI" >> $GITHUB_ENV

	- name: Get Github Actions IP
	id: ip
	uses: candidob/[email protected]

	- name: Add Github Actions IP on Security Group
	run: \|
	aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_PROD_SECURITY_GROUP_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32

	- name: Connect ec2 and Run Docker Container
	uses: appleboy/[email protected]
	with:
	host: ${{ secrets.EC2_PROD_HOST }}
	username: ec2-user
	key: ${{ secrets.EC2_PROD_SSH_PRIVATE_KEY }}
	script: \|
	docker ps -q --filter "name=core" \| xargs -r docker stop
	docker ps -aq --filter "name=core" \| xargs -r docker rm
	aws ecr get-login-password --region ${{ secrets.AWS_REGION }} \| docker login --username AWS --password-stdin ${{ steps.login-ecr.outputs.registry }}
	docker image prune -f -a
	docker volume prune -f -a
	docker pull ${{ env.IMAGE_URI }}
	docker run -d --name core -p 8080:8080 -e ENVIRONMENT=prod --network prod-network ${{ env.IMAGE_URI }}

	- name: Remove Github Actions IP from Security Group
	if: always()
	run: \|
	aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_PROD_SECURITY_GROUP_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32

	- name: Backend CD for Dev Server Discord Notification
	uses: sarisia/actions-status-discord@v1
	if: success()
	with:
	title: ✅ showpot-core-BE 운용 서버 배포 프로세스가 완료되었습니다! ✅
	webhook: ${{ secrets.DISCORD_WEBHOOK_URL }}
	content: "<@1084774841460215839> <@749533823057920030> 배포가 정상적으로 이뤄졌는지 확인해주세요!"
	color: 00FF00
	username: showPot-Bot
	avatar_url: ${{ secrets.DISCORD_NOTIFICATION_SUCCESS_AVATAR_URL }}

	- name: Backend CD for Dev Server Discord Notification
	uses: sarisia/actions-status-discord@v1
	if: failure()
	with:
	title: ❗️showpot-core-BE 운용 서버 배포 프로세스가 실패했습니다! ❗️
	webhook: ${{ secrets.DISCORD_WEBHOOK_URL }}
	color: FF0000
	username: showPot-Bot
	avatar_url: ${{ secrets.DISCORD_NOTIFICATION_FAILED_AVATAR_URL }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

refactor: alarm server api url 추가 #8

Workflow file

refactor: alarm server api url 추가 #8

Jobs

Run details

Workflow file for this run