Merge pull request #319 from AI-himedia/nj #173
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Spring Boot Docker Deploy | |
| on: | |
| push: | |
| branches: [dev] | |
| paths: | |
| - "springboot/**" | |
| - ".github/workflows/springboot.yml" | |
| jobs: | |
| SpringBoot_Deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Code Checkout | |
| uses: actions/checkout@v3 | |
| - name: Gradle Wrapper 권한 수정 | |
| run: chmod +x ./springboot/gradlew | |
| - name: Gradle 의존성 캐시 설정 | |
| uses: actions/cache@v3 | |
| with: | |
| path: ~/.gradle/caches | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('springboot/build.gradle*') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| - name: Gradle 빌드 | |
| run: | | |
| cd springboot | |
| ./gradlew build -x test | |
| - name: Docker 로그인 | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Docker 이미지 빌드 및 푸시 | |
| run: | | |
| docker build -t ${{ secrets.DOCKERHUB_USERNAME }}/springboot:${{ github.sha }} ./springboot | |
| docker push ${{ secrets.DOCKERHUB_USERNAME }}/springboot:${{ github.sha }} | |
| # Docker 이미지 취약점 스캔 | |
| - name: Scan Docker Image for Vulnerabilities | |
| uses: aquasecurity/trivy-action@master | |
| with: | |
| image-ref: ${{ secrets.DOCKERHUB_USERNAME }}/springboot:${{ github.sha }} | |
| format: table | |
| exit-code: 0 | |
| severity: CRITICAL,HIGH | |
| # Docker 리소스 정리 | |
| - name: Docker 리소스 정리 | |
| run: | | |
| sudo docker system prune -a -f | |
| - name: EC2에서 Docker 컨테이너 실행 (SSH 접속) | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ${{ secrets.EC2_USER }} | |
| key: ${{ secrets.EC2_KEY }} | |
| script: | | |
| printf "%s" "${{ secrets.SPRINGBOOT_ENV }}" | base64 -d > /home/ubuntu/springboot.env | |
| docker stop springboot || true | |
| docker rm springboot || true | |
| docker pull ${{ secrets.DOCKERHUB_USERNAME }}/springboot:${{ github.sha }} | |
| docker run -d --name springboot \ | |
| --env-file /home/ubuntu/springboot.env \ | |
| -p 8080:8080 \ | |
| ${{ secrets.DOCKERHUB_USERNAME }}/springboot:${{ github.sha }} |