Update deploy.yml #29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to AWS | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '21' | |
| distribution: 'adopt' | |
| - name : Override APPLICATION PROPERTIES | |
| run : echo "${{ secrets.APPLICATION_PROPERTIES }}" > ./src/main/resources/application.properties | |
| - name: Configure Production Properties | |
| run: | | |
| touch ./src/main/resources/application-prod.properties | |
| echo "${{ secrets.APPLICATION_PROD_PROPERTIES }}" > ./src/main/resources/application-prod.properties | |
| - name: Configure Test Properties | |
| run: | | |
| touch ./src/main/resources/application-test.properties | |
| echo "${{ secrets.APPLICATION_TEST_PROPERTIES }}" > ./src/main/resources/application-test.properties | |
| - name: gradlew에 실행 권한 부여 | |
| run: chmod +x ./gradlew | |
| - name: 배포 파일 생성 | |
| run: ./gradlew bootJar | |
| - name: Upload JAR file | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: cau-be-jar | |
| path: build/libs/cau-be-0.0.1-SNAPSHOT.jar | |
| deploy: | |
| runs-on: ubuntu-latest | |
| needs: build | |
| steps: | |
| - name: Download JAR file | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: cau-be-jar | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v3 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Get GitHub Actions Runner IP | |
| id: get_ip | |
| run: echo $(curl -s https://api64.ipify.org) > RUNNER_IP.txt | |
| - name: Add GitHub Actions IP to AWS Security Group | |
| run: | | |
| RUNNER_IP=$(cat RUNNER_IP.txt) | |
| aws ec2 authorize-security-group-ingress \ | |
| --group-id ${{ secrets.AWS_SECURITY_GROUP_ID }} \ | |
| --protocol tcp \ | |
| --port 22 \ | |
| --cidr "${RUNNER_IP}/32" \ | |
| --region ${{ secrets.AWS_REGION }} | |
| - name: Configure SSH private key | |
| run: | | |
| touch ./key-derby.pem | |
| echo "${{ secrets.CAU_AWS_SSH_KEY }}" > ./key-derby.pem | |
| chmod 600 ./key-derby.pem | |
| - name: Add AWS EC2 to known_hosts | |
| run: | | |
| mkdir -p ~/.ssh | |
| ssh-keyscan -H "${{ secrets.AWS_EC2_IP }}" >> ~/.ssh/known_hosts | |
| - name: AWS 환경 변수 초기화 | |
| run: | | |
| # AWS 환경 변수 해제 | |
| unset AWS_ACCESS_KEY_ID | |
| unset AWS_SECRET_ACCESS_KEY | |
| unset AWS_REGION | |
| - name: Deploy to AWS EC2 | |
| run: | | |
| # scp로 EC2에 jar 파일 전송 | |
| scp -vvv -i ./key-derby.pem ./cau-be-0.0.1-SNAPSHOT.jar \ | |
| ubuntu@${{ secrets.AWS_EC2_IP }}:/home/ubuntu/repository | |
| - name: AWS 환경 변수 다시 적용 | |
| run: | | |
| # AWS 환경 변수를 다시 설정 | |
| export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} | |
| export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| export AWS_REGION=${{ secrets.AWS_REGION }} | |
| - name: Restart API Server | |
| run: | | |
| # EC2의 deploy.sh 실행 | |
| ssh -i ./key-derby.pem ubuntu@${{ secrets.AWS_EC2_IP }} << EOF | |
| /home/ubuntu/repository/deploy.sh | |
| EOF | |
| - name: Remove GitHub Actions IP from AWS Security Group | |
| run: | | |
| RUNNER_IP=$(cat RUNNER_IP.txt) | |
| aws ec2 revoke-security-group-ingress \ | |
| --group-id ${{ secrets.AWS_SECURITY_GROUP_ID }} \ | |
| --protocol tcp \ | |
| --port 22 \ | |
| --cidr "${RUNNER_IP}/32" \ | |
| --region ${{ secrets.AWS_REGION }} | |
| - name: Clean up SSH key | |
| run: rm ./key-derby.pem |