cicd : aws 테스트 #8
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Tech-pick Api-Module CI/CD | |
| on: | |
| push: | |
| branches: | |
| - "aws-deploy-test" # 배포 대상 브랜치 | |
| paths: | |
| - 'backend/techpick-core/**' | |
| - 'backend/techpick-security/**' | |
| - 'backend/techpick-api/**' | |
| workflow_dispatch: | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| env: | |
| api-version: 'v2' | |
| steps: | |
| # 저장소 Checkout | |
| - name: Checkout source code | |
| uses: actions/checkout@v4 | |
| # Gradle 실행 권한 부여 | |
| - name: Grant execute permission to gradlew | |
| run: chmod +x ./backend/gradlew | |
| # JDK 설치 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'corretto' | |
| # Spring boot application, Docker image 빌드 | |
| - name: Build and Deploy techpick-api Module | |
| run: | | |
| echo "Building and deploying techpick-api..." | |
| ./backend/gradlew -p backend/techpick-api clean build -x test | |
| docker build -t ${{ secrets.DOCKERHUB_USERNAME }}/techpick:${{ env.api-version }}-api-${{ github.sha }} backend/techpick-api | |
| - # Docker hub 로그인 | |
| name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - # Docker hub 업로드 | |
| name: Publish to docker hub | |
| run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/techpick:${{ env.api-version }}-api-${{ github.sha }} | |
| - name: Deploy on Test-Server | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.AWS_BASTION_IP }} | |
| port: 22 | |
| username: ${{ secrets.AWS_USERNAME }} | |
| key: ${{ secrets.AWS_ACCESS_KEY }} | |
| script: | | |
| echo "Login to Docker Hub for private repository access on bastion..." | |
| echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin | |
| echo "Pulling Docker image on bastion..." | |
| docker pull ${{ secrets.DOCKERHUB_USERNAME }}/techpick:${{ env.api-version }}-api-${{ github.sha }} | |
| echo "Tagging Docker image..." | |
| docker tag techpick:${{ env.api-version }}-api-${{ github.sha }} techpick:${{ env.api-version }}-api-staging | |
| echo "Saving Docker image as a tar file..." | |
| docker save -o /home/ubuntu/techpick-${{ env.api-version }}-api.tar ${{ secrets.DOCKERHUB_USERNAME }}/techpick:${{ env.api-version }}-api-${{ github.sha }} | |
| echo "Copying Docker image to target server..." | |
| scp -i /home/ubuntu/Techpick-Private.pem -T /home/ubuntu/techpick-${{ env.api-version }}-api.tar ubuntu@${{ secrets.API_SERVER_PRIVATE_IP }}:/home/ubuntu/ | |
| # SSH into target server to load and run the Docker image | |
| ssh -i /home/ubuntu/Techpick-Private.pem ubuntu@${{ secrets.API_SERVER_PRIVATE_IP }} <<'EOF' | |
| echo "Loading Docker image on target server..." | |
| docker load -i /home/ubuntu/techpick-${{ env.api-version }}-api.tar | |
| echo "Setting up environment variables..." | |
| cd /home/ubuntu/project/server | |
| rm -rf .env | |
| touch .env | |
| echo "DOCKER_MYSQL_USERNAME=${{ secrets.DOCKER_MYSQL_USERNAME }}" >> .env | |
| cd /home/ubuntu/project/server/${{ env.api-version }} | |
| rm -rf .env | |
| touch .env | |
| echo "DOCKER_MYSQL_USERNAME=${{ secrets.DOCKER_MYSQL_USERNAME }}" >> .env | |
| echo "DOCKER_MYSQL_DATABASE=${{ secrets.DOCKER_MYSQL_DATABASE }}_${{ env.api-version }}" >> .env | |
| echo "DOCKER_MYSQL_URL=jdbc:mysql://techpick-mysql:3306/${{ secrets.DOCKER_MYSQL_DATABASE }}_${{ env.api-version }}?createDatabaseIfNotExist=true" >> .env | |
| echo "JWT_SECRET=${{ secrets.JWT_SECRET }}" >> .env | |
| echo "JWT_ISSUER=${{ secrets.JWT_ISSUER }}" >> .env | |
| echo "GOOGLE_CLIENT_ID=${{ secrets.GOOGLE_CLIENT_ID }}" >> .env | |
| echo "GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET }}" >> .env | |
| echo "KAKAO_CLIENT_ID=${{ secrets.KAKAO_CLIENT_ID }}" >> .env | |
| echo "KAKAO_CLIENT_SECRET=${{ secrets.KAKAO_CLIENT_SECRET }}" >> .env | |
| echo "NAVER_CLIENT_ID=${{ secrets.NAVER_CLIENT_ID }}" >> .env | |
| echo "NAVER_CLIENT_SECRET=${{ secrets.NAVER_CLIENT_SECRET }}" >> .env | |
| echo "TECHPICK_BASE_URL=https://${{ env.api-version }}.${{ secrets.TECHPICK_DOMAIN }}" >> .env | |
| echo "Restarting techpick-api service..." | |
| docker-compose stop techpick-api | |
| docker-compose rm -f techpick-api | |
| docker-compose up -d techpick-api | |
| echo "Pruning images older than 24 hours..." | |
| docker image prune -af --filter "until=24h" | |
| EOF | |
| - name: Discord Webhook Notification | |
| uses: sarisia/actions-status-discord@v1.14.7 | |
| if: always() | |
| with: | |
| webhook: ${{ secrets.DISCORD_WEBHOOK_URL }} | |
| status: ${{ job.status }} | |
| title: "TechPick ${{ env.api-version }} - Api Deployment Result" | |
| description: "AWS 배포가 완료되었습니다." | |
| color: 0xff91a4 | |
| url: "https://github.com/sarisia/actions-status-discord" | |
| username: GitHub Actions |