Merge pull request #76 from cloudcomputinginha/chore/CCI-81 #18
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # github repository actions 페이지에 나타날 이름 | |
| name: CI/CD using github actions & docker-compose | |
| # event trigger | |
| # dev 브랜치에 push가 되었을 때 실행 | |
| on: | |
| push: | |
| branches: [ "dev" ] | |
| permissions: | |
| contents: read | |
| jobs: | |
| CI-CD: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # JDK setting - github actions에서 사용할 JDK 설정 (프로젝트나 AWS의 java 버전과 달라도 무방) | |
| - uses: actions/checkout@v3 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| # gradle caching - 빌드 시간 향상 | |
| - name: Gradle Caching | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| # gradle build | |
| - name: Build with Gradle | |
| env: | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| run: ./gradlew build -x test | |
| # source code docker image build & push to production | |
| - name: Docker build & push to prod | |
| if: contains(github.ref, 'dev') | |
| run: | | |
| IMAGE=${{ secrets.DOCKER_USERNAME }}/interview-be-service | |
| echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin | |
| docker build -f Dockerfile -t $IMAGE:latest . | |
| docker push $IMAGE:latest | |
| # compose & nginx 설정을 서버로 전송 (인증서 제외) | |
| - name: Upload compose & nginx configs | |
| uses: appleboy/scp-action@master | |
| if: contains(github.ref, 'dev') | |
| with: | |
| host: ${{ secrets.HOST_PROD }} | |
| username: ubuntu | |
| key: ${{ secrets.PRIVATE_KEY }} | |
| source: "docker-compose.yml,nginx/**" | |
| target: "/home/ubuntu/interview-be" | |
| # deploy to production | |
| - name: Deploy to prod | |
| uses: appleboy/ssh-action@master | |
| id: deploy-prod | |
| if: contains(github.ref, 'dev') | |
| with: | |
| host: ${{ secrets.HOST_PROD }} # EC2 퍼블릭 IPv4 DNS | |
| username: ubuntu | |
| key: ${{ secrets.PRIVATE_KEY }} | |
| script: | | |
| set -e | |
| APP_DIR=/home/ubuntu/interview-be | |
| IMAGE=${{ secrets.DOCKER_USERNAME }}/interview-be-service | |
| mkdir -p $APP_DIR | |
| cd $APP_DIR | |
| # 서버에 .env 파일 덮어쓰기 | |
| cat > .env <<'EOF' # 멀티라인 환경변수 입력으로 사용 | |
| ${{ secrets.ENV_FILE }} | |
| EOF | |
| chmod 600 .env | |
| # 최신 이미지 pull & app 교체 | |
| echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin | |
| docker compose pull app | |
| docker compose up -d app | |
| # 불필요한 이미지 정리 | |
| docker image prune -f | |
| # nginx 설정이 변경되었을 경우 무중단 반영 | |
| docker exec interview-be-nginx nginx -t && docker exec interview-be-nginx nginx -s reload || true |