-
Notifications
You must be signed in to change notification settings - Fork 5
132 lines (115 loc) · 4.63 KB
/
icurri_deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
name: ICURRI_DEPLOY
on:
push:
branches: [ "main", "release" ]
jobs:
ci:
name: CI
runs-on: ubuntu-latest
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_REGION: ap-northeast-2
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
ECR_URI: ${{ secrets.ECR_URI }}
IMAGE_TAG: ${{ github.sha }}
steps:
# 체크아웃
- name: Checkout code
uses: actions/checkout@v4
# JDK 설치
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'temurin'
# 서브 모듈 접근
- name: Checkout repo
uses: actions/checkout@v3
with:
token: ${{ secrets.SUBMODULE_ACTION_TOKEN }}
submodules: true
# 서브 모듈 변경점 있으면 update
- name: Git Submodule Update
run: |
git submodule update --remote --recursive
# gradlew 권한 변경
- name: Grant execute permission for gradlew
run: chmod +x gradlew
# 빌드(test는 제외)
- name: Build with Gradle
uses: gradle/gradle-build-action@v2
with:
arguments: clean build -x test
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
## Release Branch Build
- name: Build, Tag (Release Branch)
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
if: github.ref == 'refs/heads/release'
run: |
docker build --build-arg SPRING_PROFILE=dev -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
## Main Branch Build
- name: Build, Tag (Main Branch)
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
if: github.ref == 'refs/heads/main'
run: |
docker build --build-arg SPRING_PROFILE=prod -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
- name: AWS ECR Push
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
run: |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
cd:
needs: ci
name: CD
runs-on: ubuntu-latest
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
steps:
# Deploy to EC2 (Release Branch)
- name: Deploy to EC2 (Release Branch)
if: github.ref == 'refs/heads/release'
uses: appleboy/ssh-action@master
env:
ENV_FILE: "/home/ubuntu/.env"
COMPOSE: "/home/ubuntu/docker-compose.yml"
with:
host: ${{ secrets.RELEASE_EC2_HOST }}
username: ubuntu
key: ${{ secrets.RELEASE_SSH_KEY }}
script: |
echo "ECR_URI=${{ secrets.ECR_URI }}" > /home/ubuntu/.env
echo "GITHUB_SHA=${{ github.sha }}" >> /home/ubuntu/.env
echo "SPRING_PROFILES=dev" >> /home/ubuntu/.env
sudo docker stop $(sudo docker ps -a -q) || true
sudo docker rm $(sudo docker ps -a -q) || true
sudo docker images -q | xargs -r docker rmi || true
sudo docker system prune -af
aws ecr get-login-password --region ap-northeast-2 | sudo docker login --username AWS --password-stdin ${{ secrets.ECR_URI }} && sudo docker pull ${{ secrets.ECR_URI }}:${{ github.sha }}
# Docker Compose로 배포
sudo -E docker-compose -f /home/ubuntu/docker-compose.yml up -d
# Deploy to EC2 (Main Branch)
- name: Deploy to EC2 (Main Branch)
if: github.ref == 'refs/heads/main'
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.MAIN_EC2_HOST }}
username: ubuntu
key: ${{ secrets.MAIN_SSH_KEY }}
script: |
echo "ECR_URI=${{ secrets.ECR_URI }}" > /home/ubuntu/.env
echo "GITHUB_SHA=${{ github.sha }}" >> /home/ubuntu/.env
echo "SPRING_PROFILES=prod" >> /home/ubuntu/.env
sudo docker stop $(sudo docker ps -a -q) || true
sudo docker rm $(sudo docker ps -a -q) || true
sudo docker images -q | xargs -r docker rmi || true
sudo docker system prune -af
aws ecr get-login-password --region ap-northeast-2 | sudo docker login --username AWS --password-stdin ${{ secrets.ECR_URI }} && sudo docker pull ${{ secrets.ECR_URI }}:${{ github.sha }}
# Docker Compose로 배포
sudo -E docker-compose -f /home/ubuntu/docker-compose.yml up -d