|
| 1 | +name: Deploy Dev |
| 2 | + |
| 3 | +on: |
| 4 | + workflow_dispatch: |
| 5 | + push: |
| 6 | + branches: |
| 7 | + - dev |
| 8 | + |
| 9 | +permissions: |
| 10 | + contents: read |
| 11 | + packages: write |
| 12 | + |
| 13 | +concurrency: |
| 14 | + group: deploy-development |
| 15 | + cancel-in-progress: true |
| 16 | + |
| 17 | +env: |
| 18 | + REGISTRY: ghcr.io |
| 19 | + IMAGE_NAME: devkor-github/ontime-back |
| 20 | + IMAGE_TAG: dev-${{ github.sha }} |
| 21 | + |
| 22 | +jobs: |
| 23 | + build-and-push: |
| 24 | + runs-on: ubuntu-latest |
| 25 | + steps: |
| 26 | + - name: Checkout repository |
| 27 | + uses: actions/checkout@v4 |
| 28 | + |
| 29 | + - name: Set up Docker Buildx |
| 30 | + uses: docker/setup-buildx-action@v3 |
| 31 | + |
| 32 | + - name: Log in to GHCR |
| 33 | + uses: docker/login-action@v3 |
| 34 | + with: |
| 35 | + registry: ${{ env.REGISTRY }} |
| 36 | + username: ${{ github.actor }} |
| 37 | + password: ${{ secrets.GITHUB_TOKEN }} |
| 38 | + |
| 39 | + - name: Build and push image |
| 40 | + uses: docker/build-push-action@v6 |
| 41 | + with: |
| 42 | + context: ./ontime-back |
| 43 | + file: ./ontime-back/Dockerfile |
| 44 | + push: true |
| 45 | + tags: | |
| 46 | + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} |
| 47 | + ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}:dev-latest |
| 48 | + cache-from: type=gha |
| 49 | + cache-to: type=gha,mode=max |
| 50 | + |
| 51 | + deploy-to-dev-ec2: |
| 52 | + needs: build-and-push |
| 53 | + runs-on: ubuntu-latest |
| 54 | + environment: development |
| 55 | + steps: |
| 56 | + - name: Checkout repository |
| 57 | + uses: actions/checkout@v4 |
| 58 | + |
| 59 | + - name: Upload compose file to dev EC2 |
| 60 | + uses: appleboy/scp-action@v0.1.7 |
| 61 | + with: |
| 62 | + host: ${{ secrets.DEV_EC2_HOST }} |
| 63 | + username: ${{ secrets.DEV_EC2_USER }} |
| 64 | + key: ${{ secrets.DEV_EC2_SSH_KEY }} |
| 65 | + source: "ontime-back/docker-compose.yml" |
| 66 | + target: "/home/ubuntu/OnTime-back-dev" |
| 67 | + strip_components: 1 |
| 68 | + |
| 69 | + - name: Pull image and restart dev container |
| 70 | + uses: appleboy/ssh-action@v1.0.3 |
| 71 | + with: |
| 72 | + host: ${{ secrets.DEV_EC2_HOST }} |
| 73 | + username: ${{ secrets.DEV_EC2_USER }} |
| 74 | + key: ${{ secrets.DEV_EC2_SSH_KEY }} |
| 75 | + script: | |
| 76 | + set -eu |
| 77 | +
|
| 78 | + DEPLOY_DIR="/home/ubuntu/OnTime-back-dev" |
| 79 | + CONTAINER_NAME="ontime-dev-container" |
| 80 | +
|
| 81 | + mkdir -p "$DEPLOY_DIR" |
| 82 | + cd "$DEPLOY_DIR" |
| 83 | +
|
| 84 | + umask 077 |
| 85 | + cat > .env <<'EOF' |
| 86 | + IMAGE_TAG=${{ env.IMAGE_TAG }} |
| 87 | + BACKEND_IMAGE=${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} |
| 88 | + BACKEND_CONTAINER_NAME=ontime-dev-container |
| 89 | + BACKEND_HTTP_PORT=${{ secrets.DEV_BACKEND_HTTP_PORT || '8081' }} |
| 90 | + SERVER_PORT=8080 |
| 91 | + SPRING_PROFILES_ACTIVE=prod |
| 92 | + JAVA_TOOL_OPTIONS=-XX:InitialRAMPercentage=50.0 -XX:MaxRAMPercentage=75.0 -Djava.security.egd=file:/dev/./urandom |
| 93 | +
|
| 94 | + SPRING_APPLICATION_NAME=${{ secrets.DEV_SPRING_APPLICATION_NAME }} |
| 95 | + SPRING_DATASOURCE_URL=${{ secrets.DEV_SPRING_DATASOURCE_URL }} |
| 96 | + SPRING_DATASOURCE_USERNAME=${{ secrets.DEV_SPRING_DATASOURCE_USERNAME }} |
| 97 | + SPRING_DATASOURCE_PASSWORD=${{ secrets.DEV_SPRING_DATASOURCE_PASSWORD }} |
| 98 | + SPRING_DATASOURCE_DRIVER_CLASS_NAME=com.mysql.cj.jdbc.Driver |
| 99 | + SPRING_JPA_HIBERNATE_DDL_AUTO=validate |
| 100 | +
|
| 101 | + SPRING_FLYWAY_ENABLED=true |
| 102 | + SPRING_FLYWAY_BASELINE_ON_MIGRATE=false |
| 103 | +
|
| 104 | + JWT_SECRET_KEY=${{ secrets.DEV_JWT_SECRETKEY }} |
| 105 | + JWT_ACCESS_EXPIRATION=${{ secrets.DEV_JWT_ACCESS_EXPIRATION }} |
| 106 | + JWT_REFRESH_EXPIRATION=${{ secrets.DEV_JWT_REFRESH_EXPIRATION }} |
| 107 | + JWT_ACCESS_HEADER=${{ secrets.DEV_JWT_ACCESS_HEADER }} |
| 108 | + JWT_REFRESH_HEADER=${{ secrets.DEV_JWT_REFRESH_HEADER }} |
| 109 | +
|
| 110 | + GOOGLE_WEB_CLIENT_ID=${{ secrets.DEV_GOOGLE_WEB_CLIENT_ID }} |
| 111 | + GOOGLE_APP_CLIENT_ID=${{ secrets.DEV_GOOGLE_APP_CLIENT_ID }} |
| 112 | + SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_GOOGLE_CLIENT_SECRET=${{ secrets.DEV_SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_GOOGLE_CLIENT_SECRET }} |
| 113 | + SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_GOOGLE_SCOPE=${{ secrets.DEV_SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_GOOGLE_SCOPE }} |
| 114 | + SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_GOOGLE_REDIRECT_URI=${{ secrets.DEV_SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_GOOGLE_REDIRECT_URI }} |
| 115 | + SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_GOOGLE_AUTHORIZATION_GRANT_TYPE=${{ secrets.DEV_SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_GOOGLE_AUTHORIZATION_GRANT_TYPE }} |
| 116 | + SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_GOOGLE_CLIENT_NAME=${{ secrets.DEV_SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_GOOGLE_CLIENT_NAME }} |
| 117 | + SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_GOOGLE_AUTHORIZATION_URI=${{ secrets.DEV_SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_GOOGLE_AUTHORIZATION_URI }} |
| 118 | + SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_GOOGLE_TOKEN_URI=${{ secrets.DEV_SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_GOOGLE_TOKEN_URI }} |
| 119 | + SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_GOOGLE_USER_INFO_URI=${{ secrets.DEV_SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_GOOGLE_USER_INFO_URI }} |
| 120 | + SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_GOOGLE_USER_NAME_ATTRIBUTE=${{ secrets.DEV_SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_GOOGLE_USER_NAME_ATTRIBUTE }} |
| 121 | +
|
| 122 | + SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KAKAO_CLIENT_ID=${{ secrets.DEV_SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KAKAO_CLIENT_ID }} |
| 123 | + SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KAKAO_SCOPE=${{ secrets.DEV_SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KAKAO_SCOPE }} |
| 124 | + SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KAKAO_REDIRECT_URI=${{ secrets.DEV_SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KAKAO_REDIRECT_URI }} |
| 125 | + SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KAKAO_AUTHORIZATION_GRANT_TYPE=${{ secrets.DEV_SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KAKAO_AUTHORIZATION_GRANT_TYPE }} |
| 126 | + SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KAKAO_CLIENT_NAME=${{ secrets.DEV_SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KAKAO_CLIENT_NAME }} |
| 127 | + SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_KAKAO_AUTHORIZATION_URI=${{ secrets.DEV_SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_KAKAO_AUTHORIZATION_URI }} |
| 128 | + SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_KAKAO_TOKEN_URI=${{ secrets.DEV_SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_KAKAO_TOKEN_URI }} |
| 129 | + SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_KAKAO_USER_INFO_URI=${{ secrets.DEV_SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_KAKAO_USER_INFO_URI }} |
| 130 | + SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_KAKAO_USER_NAME_ATTRIBUTE=${{ secrets.DEV_SPRING_SECURITY_OAUTH2_CLIENT_PROVIDER_KAKAO_USER_NAME_ATTRIBUTE }} |
| 131 | +
|
| 132 | + APPLE_CLIENT_ID=${{ secrets.DEV_APPLE_CLIENT_ID }} |
| 133 | + APPLE_TEAM_ID=${{ secrets.DEV_APPLE_TEAM_ID }} |
| 134 | + APPLE_LOGIN_KEY=${{ secrets.DEV_APPLE_LOGIN_KEY }} |
| 135 | + APPLE_PRIVATE_KEY_BASE64=${{ secrets.DEV_APPLE_PRIVATE_KEY_BASE64 }} |
| 136 | + FEATURE_APPLE_LOGIN_ENABLED=${{ secrets.DEV_FEATURE_APPLE_LOGIN_ENABLED || 'true' }} |
| 137 | +
|
| 138 | + FIREBASE_CREDENTIALS_BASE64=${{ secrets.DEV_FIREBASE_CREDENTIALS_BASE64 }} |
| 139 | + EOF |
| 140 | +
|
| 141 | + fail_deploy() { |
| 142 | + echo "Unsafe development database configuration: $1" >&2 |
| 143 | + exit 1 |
| 144 | + } |
| 145 | +
|
| 146 | + get_env_value() { |
| 147 | + grep -E "^$1=" .env | tail -n 1 | cut -d= -f2- |
| 148 | + } |
| 149 | +
|
| 150 | + DB_URL="$(get_env_value SPRING_DATASOURCE_URL)" |
| 151 | + DB_USERNAME="$(get_env_value SPRING_DATASOURCE_USERNAME)" |
| 152 | + DB_PASSWORD="$(get_env_value SPRING_DATASOURCE_PASSWORD)" |
| 153 | + DDL_AUTO="$(get_env_value SPRING_JPA_HIBERNATE_DDL_AUTO)" |
| 154 | + FLYWAY_BASELINE="$(get_env_value SPRING_FLYWAY_BASELINE_ON_MIGRATE)" |
| 155 | + NORMALIZED_DB_USERNAME="$(printf '%s' "$DB_USERNAME" | tr '[:upper:]' '[:lower:]')" |
| 156 | +
|
| 157 | + [ -n "$DB_URL" ] || fail_deploy "SPRING_DATASOURCE_URL is required." |
| 158 | + [ -n "$DB_USERNAME" ] || fail_deploy "SPRING_DATASOURCE_USERNAME is required." |
| 159 | + [ -n "$DB_PASSWORD" ] || fail_deploy "SPRING_DATASOURCE_PASSWORD is required." |
| 160 | + [ "$NORMALIZED_DB_USERNAME" != "root" ] || fail_deploy "SPRING_DATASOURCE_USERNAME must not be root." |
| 161 | + [ "$DDL_AUTO" = "validate" ] || fail_deploy "SPRING_JPA_HIBERNATE_DDL_AUTO must be validate." |
| 162 | + [ "$FLYWAY_BASELINE" = "false" ] || fail_deploy "SPRING_FLYWAY_BASELINE_ON_MIGRATE must be false." |
| 163 | +
|
| 164 | + echo "${{ secrets.GHCR_READ_TOKEN }}" | sudo docker login ghcr.io -u "${{ secrets.GHCR_USERNAME }}" --password-stdin |
| 165 | +
|
| 166 | + if sudo docker compose version >/dev/null 2>&1; then |
| 167 | + sudo docker compose pull |
| 168 | + sudo docker compose up -d --remove-orphans |
| 169 | + else |
| 170 | + sudo docker-compose pull |
| 171 | + sudo docker-compose up -d --remove-orphans |
| 172 | + fi |
| 173 | +
|
| 174 | + for attempt in $(seq 1 30); do |
| 175 | + STATUS="$(sudo docker inspect -f '{{.State.Health.Status}}' "$CONTAINER_NAME" 2>/dev/null || true)" |
| 176 | + if [ "$STATUS" = "healthy" ]; then |
| 177 | + echo "Container is healthy." |
| 178 | + exit 0 |
| 179 | + fi |
| 180 | + echo "Waiting for healthy container status; current status: ${STATUS:-unknown}" |
| 181 | + sleep 5 |
| 182 | + done |
| 183 | +
|
| 184 | + sudo docker logs --tail=200 "$CONTAINER_NAME" || true |
| 185 | + exit 1 |
0 commit comments