Update cicd.yml #48
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow uses actions that are not certified by GitHub. | |
# They are provided by a third-party and are governed by | |
# separate terms of service, privacy policy, and support | |
# documentation. | |
# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time | |
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle | |
name: Java CI with Gradle | |
on: | |
push: | |
branches: [ "main" ] | |
pull_request: | |
branches: [ "main" ] | |
permissions: | |
contents: read | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v3 | |
# jdk 설정 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
# gradlew 파일 설정 | |
- name: permission for gradlew | |
run: chmod +x gradlew | |
# Spring Boot 어플리케이션 Build (1) 우선 테스트 코드 없이 진행 | |
- name: Spring Boot Build | |
run : ./gradlew clean build --exclude-task test | |
# Configure AWS Credentials (2) - AWS 접근 권한 취득(IAM) | |
- name: Configure AWS Credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ap-northeast-2 | |
# AWS ECR Login (3) | |
- name: aws ecr login | |
id: login-ecr | |
uses: aws-actions/amazon-ecr-login@v1 | |
# Docker 이미지 Build (4) | |
- name: docker image build | |
run: docker build -t spring-boot . | |
# 도커 이미지에 태그 지정 (5) | |
- name: docker tag | |
run: docker tag spring-boot ${{secrets.ECR_URI}} | |
# AWS ECR push (6) | |
- name: AWS ECR push | |
run: docker push ${{secrets.ECR_URI}} | |
# GET GitHub IP (7) | |
- name: get GitHub IP | |
id: ip | |
uses: haythem/[email protected] | |
# Add github ip to AWS (8) | |
- name: Add GitHub IP to AWS | |
run: | | |
aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port ${{ secrets.EC2_SSH_PORT }} --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
# AWS EC2 Server Connect & Docker 명령어 실행 (9) | |
- name: AWS EC2 Connection | |
uses: appleboy/[email protected] | |
with: | |
host: ${{ secrets.EC2_HOST }} | |
username: ${{ secrets.EC2_USERNAME }} | |
password: ${{ secrets.EC2_PASSWORD }} | |
port: ${{ secrets.EC2_SSH_PORT }} | |
script: | | |
sudo docker stop spring-boot | |
sudo docker rm spring-boot | |
sudo docker rmi -f ${{secrets.ECR_URI}} | |
aws ecr get-login-password --profile ${{ secrets.IAM_NAME }} --region ap-northeast-2 | docker login --username AWS --password-stdin ${{secrets.ECR_URI}} | |
docker pull ${{secrets.ECR_URI}} | |
sudo docker run ${{ secrets.ENVIRONMENT }} -d -p 8080:8080 --name spring-boot ${{secrets.ECR_URI}} | |
# REMOVE Github IP FROM security group (10) | |
- name: Remove IP FROM security group | |
run: | | |
aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port ${{ secrets.EC2_SSH_PORT }} --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |