chore: 상용 CI/CD YPW-60 (#26) #23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: yappu-world-dev-cd | |
| on: | |
| push: | |
| branches: | |
| - develop | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '21' | |
| distribution: 'liberica' | |
| cache: gradle | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v3 | |
| - name: Copy Secrets | |
| uses: microsoft/variable-substitution@v1 | |
| with: | |
| files: | |
| ./src/main/resources/application-dev.yaml | |
| env: | |
| server.port: ${{ secrets.DEV_SERVER_PORT }} | |
| spring.datasource.url: ${{ secrets.DEV_DB_URL }} | |
| spring.datasource.username: ${{ secrets.DEV_DB_USERNAME }} | |
| spring.datasource.password: ${{ secrets.DEV_DB_PASSWORD }} | |
| jwt.secret_key: ${{ secrets.DEV_JWT_SECRET_KEY }} | |
| jwt.access_token_expiration_times: ${{ secrets.DEV_ACCESS_TOKEN_EXPIRATION_TIMES }} | |
| jwt.refresh_token_expiration_times: ${{ secrets.DEV_REFRESH_TOKEN_EXPIRATION_TIMES }} | |
| - name: Build with Gradle Wrapper | |
| run: ./gradlew clean build -x test -Dspring.profiles.active=dev | |
| - name: Prepare File for Deployment | |
| run: | | |
| mkdir -p deployment/build/libs | |
| cp ./docker/dockerfile-dev ./docker/docker-compose-dev.yaml deployment/ | |
| cp -r ./build/libs/yappu-world.jar deployment/build/libs | |
| # Github Action 실행 서버 IP 추출 | |
| - name: Get Github Actions IP | |
| id: ip | |
| uses: candidob/[email protected] | |
| # AWS Credentials | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_BOT_ACCESS_KEY }} | |
| aws-secret-access-key: ${{ secrets.AWS_BOT_SECRET_KEY }} | |
| aws-region: ap-northeast-2 | |
| # Security Group에 Github Action 서버를 등록 | |
| - name: Add Github Actions IP on Security Group | |
| run: | | |
| aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_DEV_SECURITY_GROUP_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
| - name: Upload files to EC2 | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ secrets.AWS_DEV_EC2_HOST }} | |
| username: ec2-user | |
| key: ${{ secrets.AWS_DEV_EC2_SSH_PRIVATE_KEY }} | |
| source: "deployment/*" | |
| target: "/home/ec2-user/" | |
| - name: Deploy using Docker Compose | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ secrets.AWS_DEV_EC2_HOST }} | |
| username: ec2-user | |
| key: ${{ secrets.AWS_DEV_EC2_SSH_PRIVATE_KEY }} | |
| script: | | |
| cd /home/ec2-user/deployment | |
| docker-compose -f docker-compose-dev.yaml down | |
| docker system prune -f | |
| docker-compose -f docker-compose-dev.yaml build --no-cache | |
| docker-compose -f docker-compose-dev.yaml up -d | |
| - name: Remove Github Actions IP from Security Group | |
| if: always() | |
| run: | | |
| aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_DEV_SECURITY_GROUP_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
| # Discord Notification | |
| - name: CD Success Notification | |
| uses: sarisia/actions-status-discord@v1 | |
| if: success() | |
| with: | |
| title: ✅ 개발 환경 배포 성공 ✅ | |
| webhook: ${{ secrets.DISCORD_WEBHOOK_URL }} | |
| color: 0x00FF00 | |
| username: 페페훅 | |
| - name: CD Failure Notification | |
| uses: sarisia/actions-status-discord@v1 | |
| if: failure() | |
| with: | |
| title: ❗️개발 환경 배포 실패 ❗️ | |
| webhook: ${{ secrets.DISCORD_WEBHOOK_URL }} | |
| color: 0xFF0000 | |
| username: 페페훅 |