-
Notifications
You must be signed in to change notification settings - Fork 0
131 lines (114 loc) · 4.47 KB
/
cicd-dev.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: CI/CD
on:
push:
branches: [ "develop" ]
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Gradle 캐싱
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: ${{ runner.os }}-gradle-
- uses: actions/checkout@v3
- name: java 코드 빌드 jdk 17 설정
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'temurin'
- name: application.yml 생성
run: |
cd ./src/main/resources
touch ./application-dev.yml
echo "${{ secrets.APPLICATION_DEV_YML }}" > ./application-dev.yml
cd ../../test
mkdir resources
cd ./resources
touch ./application.yml
echo "${{ secrets.APPLICATION_TEST_YML }}" > ./application.yml
shell: bash
- name: gradlew 권한 부여
run: chmod +x ./gradlew
- name: Gradle 셋업
uses: gradle/gradle-build-action@bd5760595778326ba7f1441bcf7e88b49de61a25 # v2.6.0
- name: Gradle 빌드
run: ./gradlew build
- name: AWS Configure 설정
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2
- name: ECR 로그인
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: docker 빌드 및 ECR push
id: build-image
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: shypolarbear-server
IMAGE_TAG: ${{ github.sha }}
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
echo "IMAGE_NAME=$ECR_REGISTRY/$ECR_REPOSITORY" >> $GITHUB_OUTPUT
echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_OUTPUT
- name: get GitHub IP
id: ip
uses: haythem/[email protected]
- name: Add Github Actions IP to Security group
run: |
aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
- name: ECR image pull & EC2 Server 실행
uses: appleboy/ssh-action@master
env:
IMAGE_NAME : ${{ steps.build-image.outputs.IMAGE_NAME}}
IMAGE_TAG : ${{ steps.build-image.outputs.IMAGE_TAG}}
AWS_ACCOUNT: ${{ secrets.AWS_ACCOUNT }}
with:
host: ${{ secrets.EC2_DEV_HOST }}
username: ec2-user
key: ${{ secrets.EC2_DEV_KEY }}
envs: IMAGE_NAME, IMAGE_TAG, AWS_ACCOUNT
script: |
aws ecr get-login-password --region ap-northeast-2 | docker login --username AWS --password-stdin $AWS_ACCOUNT
docker pull $IMAGE_NAME:$IMAGE_TAG
docker image tag $IMAGE_NAME:$IMAGE_TAG shypolarbear-server
docker rm -f $(docker ps -qa)
docker run -it -d -p 8080:8080 --name shypolarbear-server shypolarbear-server
- name: Remove IP FROM security group
run: |
aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
- name: Send JANDI Notification
run: |
curl -X POST "${{ secrets.JANDI_WEBHOOK_URL }}" \
-H "Content-Type: application/json" \
-H "Accept: application/vnd.tosslab.jandi-v2+json" \
-d '{
"body": "PR 빌드 및 테스트 결과: '${{ job.status }}'",
"connectColor": "'"$(if [ "${{ job.status }}" == 'success' ]; then echo '#2ECC71'; else echo '#FF6347'; fi)"'",
"connectBlocks": [
{
"type": "section",
"text": {
"type": "mrkdwn",
"text": "*CI/CD 결과: '${{ job.status }}'*"
}
},
{
"type": "section",
"fields": [
{
"type": "mrkdwn",
"text": "*PR 이름:*\n${{ github.event.pull_request.title }}"
}
]
}
]
}'