.github/workflows/deploy-workflow.yml

name: Bottles Deploy Workflow

on:
  push:
    branches:
      - develop

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Setup JDK 17
        uses: actions/setup-java@v3
        with:
          distribution: 'corretto'
          java-version: '17'

      - name: Cache Gradle
        uses: actions/cache@v3
        with:
          path: |
            ~/.gradle/caches
            ~/.gradle/wrapper
          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }}
          restore-keys: |
            ${{ runner.os }}-gradle-

      - name: Grant execute permission for gradlew
        run: chmod +x gradlew
        shell: bash

      - name: Build with gradle
        run: ./gradlew clean build
        shell: bash

      - name: Set Date and Time for Tag
        run: echo "DATETIME_TAG=$(date +'%Y%m%d%H%M%S')" >> $GITHUB_ENV

      - name: Docker build & push
        env:
          DOCKER_TAG: ${{ github.sha }}
        run: |
          cd ./api
          docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
          docker build --platform linux/amd64 -f Dockerfile -t ${{ secrets.DOCKER_USERNAME }}/bottles-api:$DOCKER_TAG .
          docker push ${{ secrets.DOCKER_USERNAME }}/bottles-api:$DOCKER_TAG

      #          운영 전에 batch image build 및 batch 서버 띄우기

      - name: Get Github Actions IP
        id: ip
        uses: haythem/public-ip@v1.2

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ap-northeast-2

      - name: Add Github Actions IP to Security group
        run: |
          aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32

      - name: Transfer file using SCP
        env:
          SERVER_HOST: ${{ secrets.SERVER_HOST }}
          SERVER_USER_NAME: ${{ secrets.SERVER_USER_NAME }}
          SERVER_PRIVATE_KEY: ${{ secrets.SERVER_PRIVATE_KEY }}
        run: |
          echo "$SERVER_PRIVATE_KEY" > private_key.pem
          chmod 600 private_key.pem
          scp -o StrictHostKeyChecking=no -i private_key.pem ./docker-compose.yml $SERVER_USER_NAME@$SERVER_HOST:/home/$SERVER_USER_NAME/docker
          scp -o StrictHostKeyChecking=no -i private_key.pem ./deploy.sh $SERVER_USER_NAME@$SERVER_HOST:/home/$SERVER_USER_NAME/deploy
          scp -o StrictHostKeyChecking=no -i private_key.pem ./notify_error.sh $SERVER_USER_NAME@$SERVER_HOST:/home/$SERVER_USER_NAME/deploy
          rm private_key.pem

      - name: Deploy to server
        uses: appleboy/ssh-action@master
        with:
          host: ${{ secrets.SERVER_HOST }}
          username: ${{ secrets.SERVER_USER_NAME }}
          key: ${{ secrets.SERVER_PRIVATE_KEY }}
          script: |
            if [ -f /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh ]; then
              rm /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            fi
            
            echo "export SERVER_NGINX_CONF=${{ secrets.SERVER_NGINX_CONF }}" > /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            echo "export SERVER_USER_NAME=${{ secrets.SERVER_USER_NAME }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            
            echo "export DOCKER_USERNAME=${{ secrets.DOCKER_USERNAME }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            echo "export DOCKER_TAG=${{ github.sha }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            
            echo "export DB_DATABASE=${{ secrets.DB_DATABASE }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            echo "export DB_USER_NAME=${{ secrets.DB_USER_NAME }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            echo "export DB_PASSWORD=${{ secrets.DB_PASSWORD }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            
            echo "export DISCORD_WEBHOOK_URL=${{ secrets.DISCORD_WEBHOOK_URL }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            echo "export DISCORD_ROLE_ID=${{ secrets.DISCORD_ROLE_ID }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            
            echo "export S3_ACCESS_KEY=${{ secrets.S3_ACCESS_KEY }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            echo "export S3_SECRET_KEY=${{ secrets.S3_SECRET_KEY }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            echo "export S3_BUCKET=${{ secrets.S3_BUCKET }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            echo "export S3_REGION=${{ secrets.S3_REGION }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            
            echo "export ACCESS_TOKEN_SECRET_KEY=${{ secrets.ACCESS_TOKEN_SECRET_KEY }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            echo "export REFRESH_TOKEN_SECRET_KEY=${{ secrets.REFRESH_TOKEN_SECRET_KEY }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            
            echo "export NAVER_SMS_SERVICE_ID=${{ secrets.NAVER_SMS_SERVICE_ID }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            echo "export NAVER_SMS_API_KEY=${{ secrets.NAVER_SMS_API_KEY }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            echo "export NAVER_SMS_SECRET_KEY=${{ secrets.NAVER_SMS_SECRET_KEY }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            echo "export NAVER_SMS_SENDER_PHONE=${{ secrets.NAVER_SMS_SENDER_PHONE }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            
            echo "export FCM_ADMIN_KEY_PATH=${{ secrets.FCM_ADMIN_KEY_PATH }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            
            echo "export IS_MATCHING_ACTIVE=${{ secrets.IS_MATCHING_ACTIVE }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            echo "export SUPER_USER_NUMBER=${{ secrets.SUPER_USER_NUMBER }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            echo "export SUPER_USER_NUMBER_V2=${{ secrets.SUPER_USER_NUMBER_V2 }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            
            echo "export APPLE_KEY_ID=${{ secrets.APPLE_KEY_ID }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            echo "export APPLE_KEY_ID_PATH=${{ secrets.APPLE_KEY_ID_PATH }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            echo "export APPLE_CLIENT_ID=${{ secrets.APPLE_CLIENT_ID }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            echo "export APPLE_TEAM_ID=${{ secrets.APPLE_TEAM_ID }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            
            echo "export LOGSTASH_HOST=${{ secrets.LOGSTASH_HOST }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            echo "export LOGSTASH_PORT=${{ secrets.LOGSTASH_PORT }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            
            echo "export SLACK_WEBHOOK_URL=${{ secrets.SLACK_WEBHOOK_URL }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh
            
            echo "export LOG_PATH=${{ secrets.LOG_PATH }}" >> /home/${{ secrets.SERVER_USER_NAME }}/deploy/env_vars.sh

            export SERVER_USER_NAME=${{ secrets.SERVER_USER_NAME }}

            cd /home/${{ secrets.SERVER_USER_NAME }}/deploy
            sudo chmod +x deploy.sh notify_error.sh
            ./deploy.sh

      - name: Remove Github Actions IP From Security Group
        run: |
          aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32