-
Notifications
You must be signed in to change notification settings - Fork 0
132 lines (115 loc) · 4.51 KB
/
Copy pathrelease-CD.yml
File metadata and controls
132 lines (115 loc) · 4.51 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: Deploy release version
on:
push:
branches:
- release
env:
AWS_REGION: ap-northeast-2
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
GITHUB_SHA: ${{ github.sha }}
jobs:
build:
# ubuntu 버전 지정
runs-on: ubuntu-22.04
steps:
# Checkout 진행
- uses: actions/checkout@v3
# JDK 11 설치
- name: Set up JDK 11
uses: actions/setup-java@v3
with:
java-version: '11'
distribution: 'temurin'
# Gradle 캐싱
- name: Gradle Caching
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-
# Gradle 권한 부여
- name: Grant execute permission for gradlew
run: chmod +x gradlew
# FCM 서비스 계정 키 적용
- name: Make firebase-service-key.json
run: |
cd ./notification-module/src/main/resources
mkdir firebase
cd firebase
touch ./firebase-service-key.json
echo "${{ secrets.FIREBASE_RELEASE_ADMIN }}" | openssl base64 -d -A > ./firebase-service-key.json
shell: bash
# secret.yml 반영
- name: Make application-secret.yml
run: |
cd ./api-module/src/main/resources
touch ./application-secret.yml
echo "${{ secrets.APPLICATION_SECRET }}" > ./application-secret.yml
shell: bash
# release.yml 반영
- name: Make application-release.yml
run: |
cd ./api-module/src/main/resources
echo "${{ secrets.APPLICATION_RELEASE }}" > ./application.yml
shell: bash
# secret yml 반영
- name: Make application-secret.yml
run: |
cd ./api-module/src/main/resources
touch ./application-secret.yml
echo "${{ secrets.APPLICATION_SECRET }}" > ./application-secret.yml
shell: bash
# domain yml 반영
- name: Make application-domain.yml
run: |
cd ./domain-module/src/main/resources
echo "${{ secrets.APPLICATION_DOMAIN }}" > ./application-domain.yml
shell: bash
# infra yml 반영
- name: Make application-infra.yml
run: |
cd ./infra-module/src/main/resources
echo "${{ secrets.APPLICATION_INFRA }}" > ./application-infra .yml
shell: bash
# Gradle BootJar
- name: BootJar with Gradle
run: ./gradlew clean bootJar -Dspring.profiles.active=release
# Configure AWS Credentials by using IAM inform
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} # 나의 ECR 정보
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
# Login to ECR
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
# Docker Image Push to ECR and Run container with Image pull from ECR
- name: Build, tag, and push image to Amazon ECR
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
IMAGE_TAG: ${{ env.GITHUB_SHA }}
run: |
# Build a docker container and push it to ECR so that it can be deployed to ECS.
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
# Docker Compose
- name: Docker Compose
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ secrets.AWS_SERVER_IP }}
username: ${{ secrets.SSH_USERNAME }}
key: ${{ secrets.SSH_PRIVATE_KEY }}
script: |
aws ecr get-login-password --region ${{ env.AWS_REGION }} | docker login --username AWS --password-stdin ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}
docker compose stop ${{ secrets.DOCKER_SERVICE_NAME }}
docker compose rm -f ${{ secrets.DOCKER_SERVICE_NAME }}
docker pull ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ env.GITHUB_SHA }}
docker tag ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ env.GITHUB_SHA }} ${{ secrets.DOCKER_IMAGE_NAME }}
docker compose up -d