v1.0.0 정식 배포 (#244) #2
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: prod-CD | |
on: | |
push: | |
branches: [ "main" ] | |
permissions: | |
contents: write | |
jobs: | |
move-files: | |
name: move-files | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: true | |
token: ${{ secrets.MOABAM_SUBMODULE_KEY }} | |
- name: Github Actions IP 획득 | |
id: ip | |
uses: haythem/[email protected] | |
- name: AWS Credentials 설정 | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
- name: Github Actions IP 보안그룹 추가 | |
run: | | |
aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_PROD_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
- name: 디렉토리 생성 | |
uses: appleboy/ssh-action@master | |
with: | |
host: ${{ secrets.EC2_PROD_INSTANCE_HOST }} | |
port: 22 | |
username: ${{ secrets.EC2_PROD_INSTANCE_USERNAME }} | |
key: ${{ secrets.EC2_PROD_INSTANCE_PRIVATE_KEY }} | |
script: | | |
mkdir -p /home/ubuntu/moabam/ | |
- name: Docker env 파일 생성 | |
run: | |
cp src/main/resources/config/prod.env ./infra/.env | |
- name: 서버로 전송 기본 파일들 전송 | |
uses: appleboy/scp-action@master | |
with: | |
host: ${{ secrets.EC2_PROD_INSTANCE_HOST }} | |
port: 22 | |
username: ${{ secrets.EC2_PROD_INSTANCE_USERNAME }} | |
key: ${{ secrets.EC2_PROD_INSTANCE_PRIVATE_KEY }} | |
source: "infra/mysql/*, infra/nginx/*, infra/scripts/*.sh, !infra/scripts/deploy-dev.sh, infra/docker-compose-prod.yml, .env" | |
target: "/home/ubuntu/moabam" | |
- name: 파일 세팅 | |
uses: appleboy/ssh-action@master | |
with: | |
host: ${{ secrets.EC2_PROD_INSTANCE_HOST }} | |
port: 22 | |
username: ${{ secrets.EC2_PROD_INSTANCE_USERNAME }} | |
key: ${{ secrets.EC2_PROD_INSTANCE_PRIVATE_KEY }} | |
script: | | |
cd /home/ubuntu/moabam/infra | |
mv docker-compose-prod.yml docker-compose.yml | |
chmod +x ./scripts/deploy-prod.sh | |
chmod +x ./scripts/init-letsencrypt.sh | |
chmod +x ./scripts/init-nginx-converter.sh | |
- name: Github Actions IP 보안그룹에서 삭제 | |
if: always() | |
run: | | |
aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_PROD_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
deploy: | |
name: deploy | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: true | |
token: ${{ secrets.MOABAM_SUBMODULE_KEY }} | |
- name: JDK 17 셋업 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'corretto' | |
- name: Gradle 캐싱 | |
uses: actions/cache@v3 | |
with: | |
path: | | |
~/.gradle/caches | |
~/.gradle/wrapper | |
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
restore-keys: | | |
${{ runner.os }}-gradle- | |
- name: Gradle Grant 권한 부여 | |
run: chmod +x gradlew | |
- name: 테스트용 MySQL 도커 컨테이너 실행 | |
run: | | |
sudo docker run -d -p 3305:3306 --env MYSQL_DATABASE=moabam --env MYSQL_ROOT_PASSWORD=1234 mysql:8.0.33 | |
- name: Gradle 빌드 | |
uses: gradle/gradle-build-action@bd5760595778326ba7f1441bcf7e88b49de61a25 # v2.6.0 | |
with: | |
arguments: build | |
- name: 멀티플랫폼 위한 Docker Buildx 설정 | |
uses: docker/setup-buildx-action@v2 | |
- name: Docker Hub 로그인 | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
- name: Docker Hub 빌드하고 푸시 | |
uses: docker/build-push-action@v4 | |
with: | |
context: . | |
file: ./infra/Dockerfile | |
push: true | |
tags: ${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.DOCKER_HUB_REPOSITORY }}:${{ secrets.DOCKER_HUB_DEV_TAG }} | |
build-args: | | |
"SPRING_ACTIVE_PROFILES=prod" | |
platforms: | | |
linux/amd64 | |
linux/arm64 | |
- name: Github Actions IP 획득 | |
id: ip | |
uses: haythem/[email protected] | |
- name: AWS Credentials 설정 | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_REGION }} | |
- name: Github Actions IP 보안그룹 추가 | |
run: | | |
aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_PROD_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
- name: EC2 서버에 배포 | |
uses: appleboy/ssh-action@master | |
id: deploy-prod | |
if: contains(github.ref, 'main') | |
with: | |
host: ${{ secrets.EC2_PROD_INSTANCE_HOST }} | |
port: 22 | |
username: ${{ secrets.EC2_PROD_INSTANCE_USERNAME }} | |
key: ${{ secrets.EC2_PROD_INSTANCE_PRIVATE_KEY }} | |
source: "./infra/docker-compose-prod.yml" | |
script: | | |
cd /home/ubuntu/moabam/infra | |
echo ${{ secrets.DOCKER_HUB_TOKEN }} | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin | |
./scripts/deploy-prod.sh | |
docker rm `docker ps -a -q` | |
docker rmi $(docker images -aq) | |
echo "### 배포 완료 ###" | |
- name: Github Actions IP 보안그룹에서 삭제 | |
if: always() | |
run: | | |
aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_PROD_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 |