Feature/cicd deployment (#5) #4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Push to ECR | |
| on: | |
| push: | |
| branches: [ "develop" ] | |
| env: | |
| AWS_REGION: ap-northeast-2 | |
| ECR_REGISTRY: 654654448479.dkr.ecr.ap-northeast-2.amazonaws.com | |
| ECR_REPOSITORY: repick-repo | |
| IMAGE_TAG: ${{ github.sha }} | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| name: CI | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Make application-secret.yml and set secrets | |
| run: | | |
| mkdir -p ./src/main/resources | |
| mkdir -p ./src/main/resources/key | |
| if [ -f ./src/main/resources/application.yml ]; then | |
| rm ./src/main/resources/application.yml | |
| fi | |
| touch ./src/main/resources/application.yml | |
| touch ./src/main/resources/${{ secrets.APPLE_AUTH_KEY_ID }}.p8 | |
| echo "${{ secrets.APPLICATION_SECRET }}" > ./src/main/resources/application.yml | |
| echo "${{ secrets.APPLE_AUTH_KEY }}" > ./src/main/resources/key/${{ secrets.APPLE_AUTH_KEY_ID }}.p8 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| ## gradle build | |
| - name: Build with Gradle | |
| run: ./gradlew bootJar | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| mask-password: true | |
| - name: Build, tag, and push image to Amazon ECR | |
| id: build-image | |
| run: | | |
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| deploy: | |
| needs: build | |
| name: CD | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| mask-password: true | |
| - name: Deploy to EC2 | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.HOST }} | |
| username: ec2-user | |
| key: ${{ secrets.KEY }} | |
| script: | | |
| aws configure set aws_access_key_id ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws configure set aws_secret_access_key ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws configure set region ${{ env.AWS_REGION }} | |
| ECR_REGISTRY_LOGIN=$(aws ecr get-login-password --region ${{ env.AWS_REGION }} | sudo docker login --username AWS --password-stdin ${{ env.ECR_REGISTRY }}) | |
| sudo docker pull ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} | |
| sudo docker rm -f $(sudo docker ps -qa) | |
| sudo docker run -d --name dc -p 8080:8080 --restart unless-stopped ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} | |
| sudo docker image prune -f | |