This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow uses actions that are not certified by GitHub. | |
# They are provided by a third-party and are governed by | |
# separate terms of service, privacy policy, and support | |
# documentation. | |
# This workflow will build a package using Gradle and then publish it to GitHub packages when a release is created | |
# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#Publishing-using-gradle | |
name: Spring Boot & Gradle CI/CD | |
on: | |
push: | |
branches: [ main ] | |
env: | |
AWS_REGION: ap-northeast-2 | |
S3_BUCKET_NAME: handsupbucket | |
CODE_DEPLOY_APPLICATION_NAME: hands-up-codedeploy-app | |
CODE_DEPLOY_DEPLOYMENT_GROUP_NAME: hands-up-codedeploy-deployment-group | |
permissions: | |
contents: read | |
jobs: | |
deploy: | |
name: Deploy | |
runs-on: ubuntu-latest | |
environment: production | |
steps: | |
# (1) 기본 체크아웃 | |
- name: Checkout | |
uses: actions/checkout@v3 | |
# (2) JDK 11 세팅 | |
- name: Set up JDK 11 | |
uses: actions/setup-java@v3 | |
with: | |
distribution: 'temurin' | |
java-version: '11' | |
# - name: Copy secret | |
# env: | |
# OCCUPY_SECRET: ${{ secrets.JASYPT_ENCRYPTOR_PASSWORD }} | |
# OCCUPY_SECRET_DIR: src/main/resources/ | |
# OCCUPY_SECRET_DIR_FILE_NAME: jasypt-encryptor-password.txt | |
# run: echo $OCCUPY_SECRET | base64 -di > $OCCUPY_SECRET_DIR/$OCCUPY_SECRET_DIR_FILE_NAME | |
- uses: actions/checkout@v3 | |
- run: touch ./src/main/resources/firebase/handsup-9c9e7-firebase-adminsdk-ow0l5-6bb4cd6c8c.json | |
- run: echo "${{ secrets.FIREBASE_SECRET_KEY }}" > ./src/main/resources/firebase/handsup-9c9e7-firebase-adminsdk-ow0l5-6bb4cd6c8c.json | |
- run: cat ./src/main/resources/firebase/handsup-9c9e7-firebase-adminsdk-ow0l5-6bb4cd6c8c.json | |
- run: touch ./src/main/resources/application.properties | |
- run: echo "${{ secrets.APPLICATION }}" > ./src/main/resources/application.properties | |
- run: cat ./src/main/resources/application.properties | |
# (3) Gradle build (Test 제외) | |
- name: Build with Gradle | |
uses: gradle/gradle-build-action@0d13054264b0bb894ded474f08ebb30921341cee | |
with: | |
arguments: clean build -x test | |
# (4) 권한 부여 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ap-northeast-2 | |
# (5) 빌드 결과물을 S3 버킷에 업로드 | |
- name: Upload to AWS S3 | |
run: | | |
aws deploy push \ | |
--application-name ${{ env.CODE_DEPLOY_APPLICATION_NAME }} \ | |
--ignore-hidden-files \ | |
--s3-location s3://$S3_BUCKET_NAME/$GITHUB_SHA.zip \ | |
--source . | |
# (6) S3 버킷에 있는 파일을 대상으로 CodeDeploy 실행 | |
- name: Deploy to AWS EC2 from S3 | |
run: | | |
aws deploy create-deployment \ | |
--application-name ${{ env.CODE_DEPLOY_APPLICATION_NAME }} \ | |
--deployment-config-name CodeDeployDefault.AllAtOnce \ | |
--deployment-group-name ${{ env.CODE_DEPLOY_DEPLOYMENT_GROUP_NAME }} \ | |
--s3-location bucket=$S3_BUCKET_NAME,key=$GITHUB_SHA.zip,bundleType=zip |