-
Notifications
You must be signed in to change notification settings - Fork 1
123 lines (102 loc) · 3.82 KB
/
docker-build-develop.yaml
File metadata and controls
123 lines (102 loc) · 3.82 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
name: develop, main 브랜치 Docker Build & 무중단 배포
on:
push:
branches:
- develop
- main
paths-ignore:
- 'README.md'
jobs:
build:
runs-on: ubuntu-latest
outputs:
docker_tag: ${{ steps.docker.outputs.tag }}
steps:
- name: 리포지토리 체크아웃
uses: actions/checkout@v4
with:
token: ${{ secrets.GIT_TOKEN }}
submodules: true
- name: JDK 17 설치
uses: actions/setup-java@v4
with:
distribution: 'oracle'
java-version: '17'
cache: 'gradle'
- name: Gradle 명령 실행 권한 부여
run: chmod +x ./gradlew
- name: Gradle 종속성 캐싱
uses: actions/cache@v4
with:
path: ~/.gradle/caches
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }}
restore-keys: ${{ runner.os }}-gradle
- name: Gradle bootJar
run: ./gradlew bootJar
- name: GitHub Container Registry 로그인
run: |
export CR_PAT=${{ secrets.GIT_TOKEN }}
echo $CR_PAT | docker login ghcr.io -u ${{ secrets.GIT_ID }} --password-stdin
- name: Docker Image Tag 설정
id: docker
run: |
echo "tag=$(git rev-parse --short HEAD)" >> "$GITHUB_OUTPUT"
- name: Docker Image 생성
run: |
docker build -t test -f submodule/docker/dev.Dockerfile .
DOCKER_IMAGE=${{ secrets.DOCKER_REGISTRY }}/signal-buddy:${{ steps.docker.outputs.tag }}
docker tag test $DOCKER_IMAGE
docker push $DOCKER_IMAGE
- name: SonarQube 캐싱
uses: actions/cache@v4
with:
path: ~/.sonar/cache
key: ${{ runner.os }}-sonar
restore-keys: ${{ runner.os }}-sonar
- name: SonarCloud 분석
env:
GITHUB_TOKEN: ${{ secrets.GIT_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: ./gradlew sonar --info --stacktrace
deploy:
runs-on: ubuntu-latest
needs: build
concurrency:
group: deploy
cancel-in-progress: true # 기존 실행 중인 워크플로우는 취소, 새 커밋 기준으로 실행
permissions:
id-token: write
steps:
- name: GitHub Actions Runner의 Public IP 가져오기
run : |
echo "IPV4=$(curl -s ifconfig.me)" >> "$GITHUB_ENV"
- name: AWS credentials 설정
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_IAM_ROLE }}
aws-region: ${{ secrets.AWS_REGION }}
- name: GitHub Actions IP를 인바운드 룰에 임시 추가
run: |
aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SECURITY_GROUP_ID }} \
--protocol tcp --port 22 --cidr ${{ env.IPV4 }}/32
- name: AWS EC2 SSH 접속 및 배포
uses: appleboy/ssh-action@v1
env:
DOCKER_IMAGE: ${{ secrets.DOCKER_REGISTRY }}/signal-buddy:${{ needs.build.outputs.docker_tag }}
with:
host: ${{ secrets.EC2_HOST }}
username: ${{ secrets.EC2_USERNAME }}
key: ${{ secrets.EC2_SSH_KEY }}
envs: DOCKER_IMAGE
script: |
set -e
echo ${{ secrets.GIT_TOKEN }} | docker login ghcr.io -u ${{ secrets.GIT_ID }} --password-stdin
docker pull "$DOCKER_IMAGE"
echo "DOCKER_IMAGE=$DOCKER_IMAGE" > ${{ secrets.SUBMODULE_DIRECTORY }}/docker/.env
sudo sh ${{ secrets.SUBMODULE_DIRECTORY }}/script/deploy.sh
docker system prune -a -f || true
- name: GitHub Actions Runner의 IP를 인바운드에서 삭제
if: always()
run: |
aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SECURITY_GROUP_ID }} \
--protocol tcp --port 22 --cidr ${{ env.IPV4 }}/32