.github/workflows/cicd.yml

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle

name: CI/CD

#event trigger
on:
  push:
    branches: [ "main" ]

permissions:
  contents: read

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      # JDK 17 설정
      - name: Set up JDK 17
        uses: actions/setup-java@v3
        with:
          java-version: '17'
          distribution: 'temurin'
          cache: gradle

      # Gradle 설정
      - name: Setup Gradle
        uses: gradle/gradle-build-action@v2

      # Docker Hub 로그인
      - name: Login to Docker Hub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      # gradlew 파일 권한 지정
      - name: Grant execute permission for gradlew
        run: chmod +x gradlew

      # gradle Jib를 이용해 이미지를 만들고 원격 저장소에 Push
      - name: Setup Jib with Gradle
        run: ./gradlew jib

      #  GET GitHub IP
      - name: Get Github Actions IP
        id: ip
        uses: haythem/public-ip@v1.2

      # AWS 접근 권한 취득(IAM)
      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ap-northeast-2

      #  github ip AWS 보안 그룹에 추가
      - name: Add Github Actions IP to Security group
        run: |
          aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32

      # ssh로 접속해 재배포
      - name: Deploy
        uses: appleboy/ssh-action@master
        with:
          host: ${{ secrets.REMOTE_IP }}
          username: ${{ secrets.REMOTE_SSH_ID }}
          key: ${{ secrets.REMOTE_SSH_KEY }}
          port: ${{ secrets.REMOTE_SSH_PORT }}
          script: |
            cd docker
            docker-compose pull
            docker-compose up -d

      # 배포 후 보안 그룹에서 github ip 삭제
      - name: Remove Github Actions IP From Security Group
        run: |
          aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32