fix: api 접근 권한 변경 #16
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow uses actions that are not certified by GitHub. | |
# They are provided by a third-party and are governed by | |
# separate terms of service, privacy policy, and support | |
# documentation. | |
# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time | |
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle | |
name: CI/CD | |
#event trigger | |
on: | |
push: | |
branches: [ "main" ] | |
permissions: | |
contents: read | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
# JDK 17 설정 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
cache: gradle | |
# Gradle 설정 | |
- name: Setup Gradle | |
uses: gradle/gradle-build-action@v2 | |
# Docker Hub 로그인 | |
- name: Login to Docker Hub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
# gradlew 파일 권한 지정 | |
- name: Grant execute permission for gradlew | |
run: chmod +x gradlew | |
# gradle Jib를 이용해 이미지를 만들고 원격 저장소에 Push | |
- name: Setup Jib with Gradle | |
run: ./gradlew jib | |
# GET GitHub IP | |
- name: Get Github Actions IP | |
id: ip | |
uses: haythem/[email protected] | |
# AWS 접근 권한 취득(IAM) | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ap-northeast-2 | |
# github ip AWS 보안 그룹에 추가 | |
- name: Add Github Actions IP to Security group | |
run: | | |
aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
# ssh로 접속해 재배포 | |
- name: Deploy | |
uses: appleboy/ssh-action@master | |
with: | |
host: ${{ secrets.REMOTE_IP }} | |
username: ${{ secrets.REMOTE_SSH_ID }} | |
key: ${{ secrets.REMOTE_SSH_KEY }} | |
port: ${{ secrets.REMOTE_SSH_PORT }} | |
script: | | |
cd docker | |
docker-compose pull | |
docker-compose up -d | |
# 배포 후 보안 그룹에서 github ip 삭제 | |
- name: Remove Github Actions IP From Security Group | |
run: | | |
aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 |