[feat] security복구 #32
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Java CI with Gradle | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: checkout | |
| uses: actions/checkout@v3 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '17' | |
| ## create application.yml | |
| - name: make application.yml | |
| run: | | |
| cd ./src/main/resources | |
| touch ./application.yml | |
| echo "${{ secrets.APPLICATION }}" >> ./application.yml | |
| shell: bash | |
| ## gradle build | |
| - name: Build with Gradle | |
| run: | | |
| chmod +x ./gradlew | |
| ./gradlew clean build -x test | |
| ## 웹 이미지 빌드 및 도커허브에 push | |
| - name: web docker build and push | |
| run: | | |
| docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} | |
| docker build -t ${{ secrets.DOCKER_REPO }}/docker-web . | |
| docker push ${{ secrets.DOCKER_REPO }}/docker-web | |
| docker build -f ./config/nginx/Dockerfile -t ${{ secrets.DOCKER_REPO }}/docker-nginx . | |
| docker push ${{ secrets.DOCKER_REPO }}/docker-nginx | |
| - name: Create Remote Directory | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.HOST }} | |
| username: ubuntu | |
| key: ${{ secrets.KEY }} | |
| script: mkdir -p ~/srv/ubuntu | |
| - name: copy source via ssh key | |
| uses: burnett01/[email protected] | |
| with: | |
| switches: -avzr --delete | |
| remote_path: ~/srv/ubuntu | |
| remote_host: ${{ secrets.HOST }} | |
| remote_user: ubuntu | |
| remote_key: ${{ secrets.KEY }} | |
| ## docker compose up | |
| - name: executing remote ssh commands using password | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.HOST }} | |
| username: ubuntu | |
| key: ${{ secrets.KEY }} | |
| script: | | |
| sh ~/srv/ubuntu/config/scripts/deploy.sh | |
| cd /home/ubuntu/srv/ubuntu/ | |
| sudo chmod 666 /var/run/docker.sock | |
| sudo docker rm -f $(sudo docker ps -qa) | |
| sudo docker pull ${{ secrets.DOCKER_REPO }}/docker-web | |
| sudo docker pull ${{ secrets.DOCKER_REPO }}/docker-nginx | |
| docker-compose up -d | |
| docker image prune -f |