feat: user 상태 별 접근 제한 추가 #17
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: API Deploy | |
on: | |
push: | |
branches: ['main'] | |
env: | |
ACTIVE_PROFILE: "prod" | |
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
DOCKERHUB_PASSWORD: ${{ secrets.DOCKERHUB_PASSWORD }} | |
permissions: | |
contents: read | |
jobs: | |
build_and_push: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
kotlin-version: [ "1.9.23" ] | |
java-version: [ "17" ] | |
steps: | |
- name: Check Out The Repository | |
uses: actions/checkout@v3 | |
- name: Set up Kotlin | |
uses: actions/setup-java@v3 | |
with: | |
java-version: ${{ matrix.java-version }} | |
kotlin-version: ${{ matrix.kotlin-version }} | |
distribution: 'corretto' | |
- name: Grant execute permission for gradlew | |
run: chmod +x ./gradlew | |
- name: Build with Gradle | |
run: ./gradlew :build --no-daemon | |
- name: Make image tag | |
run: echo "IMAGE_TAG=$ACTIVE_PROFILE-${GITHUB_SHA::7}" >> $GITHUB_ENV # activeProfile-커밋 hash 값 | |
- name: Docker build and push | |
run: | | |
docker login -u $DOCKERHUB_USERNAME -p $DOCKERHUB_PASSWORD | |
docker build -t sanghoonjeong/mania-api-server:${{env.IMAGE_TAG}} . | |
docker push sanghoonjeong/mania-api-server:${{env.IMAGE_TAG}} | |
- name: Get Public IP | |
id: publicip | |
run: | | |
response=$(curl -s canhazip.com) | |
echo "ip='$response'" >> $GITHUB_OUTPUT | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
- name: Add GitHub IP to AWS | |
run: | | |
aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port ${{ secrets.EC2_SSH_PORT }} --cidr ${{ steps.publicip.outputs.ip }}/32 | |
- name: Deploy | |
uses: appleboy/ssh-action@master | |
with: | |
host: ${{ secrets.EC2_HOST }} | |
username: ${{ secrets.EC2_USERNAME }} | |
key: ${{ secrets.EC2_KEY }} | |
port: ${{ secrets.EC2_SSH_PORT }} | |
timeout: 60s | |
script: | | |
cd joluphaja | |
sudo touch .env | |
sudo echo "${{ secrets.ENV_VARS }}" | sudo tee .env > /dev/null | |
sudo echo "IMAGE_TAG=${{ env.IMAGE_TAG }}" >> .env | |
sudo docker stop $(sudo docker ps -a -q) | |
sudo docker rm $(sudo docker ps -a -q) | |
sudo docker rmi $(sudo docker images -q) | |
sudo docker pull sanghoonjeong/mania-api-server:${{env.IMAGE_TAG}} | |
sudo docker pull sanghoonjeong/mania-nginx:0.0.1 | |
sudo docker-compose -f ~/joluphaja/docker-compose.yml --env-file ~/joluphaja/.env up --build -d | |
sudo docker system prune --all -f | |
rm -rf .env | |
- name: Remove IP FROM security group | |
run: | | |
aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port ${{ secrets.EC2_SSH_PORT }} --cidr ${{ steps.publicip.outputs.ip }}/32 |