[COZY-161] Hotfix/cozy 161 3 (#34) #40
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: COZYMATE_SERVER_DEPLOY | |
on: | |
push: | |
branches: [ "main", "release" ] | |
jobs: | |
ci: | |
name: CI | |
runs-on: ubuntu-latest | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_REGION: ap-northeast-2 | |
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} | |
ECR_URI: ${{ secrets.ECR_URI }} | |
IMAGE_TAG: ${{ github.sha }} | |
steps: | |
#체크아웃 | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
# JDK 설치 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
#서브 모듈 접근 | |
- name: Checkout repo | |
uses: actions/checkout@v3 | |
with: | |
token: ${{ secrets.SUBMODULE_ACTION_TOKEN }} | |
submodules: true | |
# 서브 모듈 변경 점 있으면 update | |
- name: Git Submodule Update | |
run: | | |
git submodule update --remote --recursive | |
# gradlew 권한 변경 | |
- name: Grant execute permission for gradlew | |
run: chmod +x gradlew | |
# 빌드(test는 제외) | |
- name: Build with Gradle | |
uses: gradle/gradle-build-action@v2 | |
with: | |
arguments: clean build -x test | |
- name: Login to Amazon ECR | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
## Release Branch Build | |
- name: Build, Tag (Release Branch) | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
if: github.ref == 'refs/heads/release' | |
run: | | |
docker build --build-arg SPRING_PROFILE=dev -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
## Main Branch Build | |
- name: Build, Tag (Main Branch) | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
if: github.ref == 'refs/heads/main' | |
run: | | |
docker build --build-arg SPRING_PROFILE=prod -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
- name: AWS ECR Push | |
env: | |
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
run: | | |
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" | |
cd: | |
needs: ci | |
name: CD | |
runs-on: ubuntu-latest | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
steps: | |
# Deploy to EC2 (Release Branch) | |
- name: Deploy to EC2 (Release Branch) | |
if: github.ref == 'refs/heads/release' | |
uses: appleboy/ssh-action@master | |
with: | |
host: ${{ secrets.RELEASE_EC2_HOST }} | |
username: ubuntu | |
key: ${{ secrets.RELEASE_SSH_KEY }} | |
script: | | |
sudo docker stop $(sudo docker ps -a -q) || true | |
sudo docker rm $(sudo docker ps -a -q) || true | |
sudo docker images -q | xargs -r docker rmi || true | |
sudo docker system prune -af | |
aws ecr get-login-password --region ap-northeast-2 | sudo docker login --username AWS --password-stdin ${{ secrets.ECR_URI }} && sudo docker pull ${{ secrets.ECR_URI }}:${{ github.sha }} | |
sudo docker run --name cozymate-dev-server -d -e SPRING_PROFILE=dev -e TZ=Asia/Seoul -e SERVER=true -p 8080:8080 ${{ secrets.ECR_URI }}:${{ github.sha }} | |
# Deploy to EC2 (Main Branch) | |
- name: Deploy to EC2 (Main Branch) | |
if: github.ref == 'refs/heads/main' | |
uses: appleboy/ssh-action@master | |
with: | |
host: ${{ secrets.MAIN_EC2_HOST }} | |
username: ubuntu | |
key: ${{ secrets.MAIN_SSH_KEY }} | |
script: | | |
sudo docker stop $(sudo docker ps -a -q) | true | |
sudo docker rm $(sudo docker ps -a -q) | true | |
sudo docker images -q | xargs -r docker rmi | |
sudo docker system prune -af | |
aws ecr get-login-password --region ap-northeast-2 | sudo docker login --username AWS --password-stdin ${{ secrets.ECR_URI }} && sudo docker pull ${{ secrets.ECR_URI }}:${{ github.sha }} | |
sudo docker run --name cozymate-prod-server -d -e SPRING_PROFILE=prod -e TZ=Asia/Seoul -e SERVER=true -p 8080:8080 ${{ secrets.ECR_URI }}:${{ github.sha }} |