Update icurri_deploy.yml #7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ICURRI_DEPLOY | |
on: | |
push: | |
branches: [ "release" ] | |
jobs: | |
ci: | |
name: CI | |
runs-on: ubuntu-latest | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_REGION: ap-northeast-2 | |
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} | |
ECR_URI: ${{ secrets.ECR_URI }} | |
IMAGE_TAG: ${{ github.sha }} | |
steps: | |
#체크아웃 | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
# JDK 설치 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
#서브 모듈 접근 | |
- name: Checkout repo | |
uses: actions/checkout@v3 | |
with: | |
token: ${{ secrets.SUBMODULE_ACTION_TOKEN }} | |
submodules: true | |
# 서브 모듈 변경 점 있으면 update | |
- name: Git Submodule Update | |
run: | | |
git submodule update --remote --recursive | |
# gradlew 권한 변경 | |
- name: Grant execute permission for gradlew | |
run: chmod +x gradlew | |
# 빌드(test는 제외) | |
- name: Build with Gradle | |
uses: gradle/gradle-build-action@v2 | |
with: | |
arguments: clean build -x test | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
## Release Branch Build | |
- name: Build, Tag (Release Branch) | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
if: github.ref == 'refs/heads/release' | |
run: | | |
docker build --build-arg SPRING_PROFILE=dev -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
## Main Branch Build | |
- name: Build, Tag (Main Branch) | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
if: github.ref == 'refs/heads/main' | |
run: | | |
docker build --build-arg SPRING_PROFILE=dev -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
- name: AWS ECR Push | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
run: | | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" | |
cd: | |
needs: ci | |
name: CD | |
runs-on: ubuntu-latest | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
steps: | |
# Deploy to EC2 (Release Branch) | |
- name: Deploy to EC2 (Release Branch) | |
if: github.ref == 'refs/heads/release' | |
uses: appleboy/ssh-action@master | |
with: | |
host: ${{ secrets.RELEASE_EC2_HOST }} | |
username: ubuntu | |
key: ${{ secrets.RELEASE_SSH_KEY }} | |
script: | | |
# Stop and remove all containers except MongoDB | |
sudo docker ps -a -q --filter "name!=mongoDB" | xargs -r sudo docker stop || true | |
sudo docker ps -a -q --filter "name!=mongoDB" | xargs -r sudo docker rm || true | |
sudo docker images -q | xargs -r docker rmi || true | |
sudo docker system prune -af | |
# Docker login and pull new image from ECR | |
aws ecr get-login-password --region ap-northeast-2 | sudo docker login --username AWS --password-stdin ${{ secrets.ECR_URI }} | |
sudo docker pull ${{ secrets.ECR_URI }}:${{ github.sha }} | |
# Run the new container | |
sudo docker run --name dotflow-dev-repo -d -e SPRING_PROFILE=dev -e TZ=Asia/Seoul -e SERVER=true -p 8080:8080 ${{ secrets.ECR_URI }}:${{ github.sha }} |