fix : access token timeout 을 refresh token 과 동일하게 변경 #83
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Coffee Backend CI / CD Workflow | |
| on: | |
| push: | |
| branches: [ "prd" ] | |
| env: | |
| NGINX_INIT : no | |
| PINPOINT_AGENT_INIT : no | |
| APPLICATION_YML_PATH : ./src/main/resources/application-prd.yml | |
| NGINX_DOCKER_FILE_PATH : ./nginx/Dockerfile-nginx | |
| PINPOINT_AGENT_DOCKER_FILE_PATH : ./pinpoint/Dockerfile-pinpoint-agent | |
| DOCKER_FILE_PATH : ./Dockerfile | |
| TASK_DEFINITION: ./.coffee_tasks/task-definition.json | |
| CONTAINER_NAME: coffee-backend | |
| jobs: | |
| coffee-deploy: | |
| name: BUILD | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'adopt' | |
| - name: Touch PRD Application Property | |
| run: touch ${{ env.APPLICATION_YML_PATH }} | |
| - name: Get Application Content From Github Actions Secrets | |
| run: echo "${{ secrets.APPLICATION_YML }}" > ${{ env.APPLICATION_YML_PATH }} | |
| - name: Upload Artifact for PRD Application Property | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: application-prd.yml | |
| path: ${{ env.APPLICATION_YML_PATH }} | |
| - name: Add permission to gradlew | |
| run: chmod +x ./gradlew | |
| shell: bash | |
| - name: Build with Gradle | |
| run: ./gradlew clean build bootJar -x test --no-daemon --parallel | |
| - name: Set up Docker Buildx for Caching | |
| uses: docker/setup-buildx-action@v2 | |
| - name: aws configure | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} | |
| aws-region: ap-northeast-2 | |
| - name: Login to ECR | |
| id: login-ecr | |
| uses: aws-actions/[email protected] | |
| - name: build nginx docker file and push | |
| if: "contains(env.NGINX_INIT, 'yes')" | |
| id: build-nginx-docker-image | |
| env: | |
| NGINX_ECR_REGISTRY: ${{ secrets.NGINX_ECR_REGISTRY }} | |
| NGINX_ECR_REPOSITORY: ${{ secrets.NGINX_ECR_REPOSITORY }} | |
| run: | | |
| docker build -t $NGINX_ECR_REPOSITORY:latest -f ${{ env.NGINX_DOCKER_FILE_PATH }} . | |
| docker tag $NGINX_ECR_REPOSITORY:latest $NGINX_ECR_REGISTRY/$NGINX_ECR_REPOSITORY:latest | |
| docker push $NGINX_ECR_REGISTRY/$NGINX_ECR_REPOSITORY:latest | |
| - name: build pinpoint agent docker file and push | |
| if: "contains(env.PINPOINT_AGENT_INIT, 'yes')" | |
| id: build-pinpoint-agent-docker-image | |
| env: | |
| PINPOINT_AGENT_ECR_REGISTRY: ${{ secrets.PINPOINT_AGENT_ECR_REGISTRY }} | |
| PINPOINT_AGENT_ECR_REPOSITORY: ${{ secrets.PINPOINT_AGENT_ECR_REPOSITORY }} | |
| run: | | |
| docker build -t $PINPOINT_AGENT_ECR_REPOSITORY:latest -f ${{ env.PINPOINT_AGENT_DOCKER_FILE_PATH }} . | |
| docker tag $PINPOINT_AGENT_ECR_REPOSITORY:latest $PINPOINT_AGENT_ECR_REGISTRY/$PINPOINT_AGENT_ECR_REPOSITORY:latest | |
| docker push $PINPOINT_AGENT_ECR_REGISTRY/$PINPOINT_AGENT_ECR_REPOSITORY:latest | |
| - name: build coffee api docker file and push | |
| id: build-docker-image | |
| env: | |
| ECR_REGISTRY: ${{ secrets.API_ECR_REGISTRY }} | |
| ECR_REPOSITORY: ${{ secrets.API_ECR_REPOSITORY }} | |
| run: | | |
| docker build -t $ECR_REPOSITORY:latest -f ${{ env.DOCKER_FILE_PATH }} . | |
| docker tag $ECR_REPOSITORY:latest $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
| echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:latest" >> $GITHUB_OUTPUT | |
| - name: Render ECS Task Definition for Container | |
| id: render-module-container | |
| uses: aws-actions/[email protected] | |
| env: | |
| ECR_REGISTRY: ${{ secrets.API_ECR_REGISTRY }} | |
| ECR_REPOSITORY: ${{ secrets.API_ECR_REPOSITORY }} | |
| TASK_DEFINITION: ${{ env.TASK_DEFINITION }} | |
| CONTAINER_NAME: ${{ env.CONTAINER_NAME }} | |
| with: | |
| task-definition: ${{ env.TASK_DEFINITION }} | |
| container-name: ${{ env.CONTAINER_NAME }} | |
| image: ${{ steps.build-docker-image.outputs.image }} | |
| - name: Deploy Amazon ECS task definition | |
| uses: aws-actions/[email protected] | |
| with: | |
| task-definition: ${{ steps.render-module-container.outputs.task-definition }} | |
| service: ${{ secrets.ECS_SERVICE }} | |
| cluster: ${{ secrets.ECS_CLUSTER }} | |
| wait-for-service-stability: true | |
| codedeploy-appspec: ./appspec.yml | |
| codedeploy-application: ${{ secrets.CODE_DEPLOY_APPLICATION }} | |
| codedeploy-deployment-group: ${{ secrets.CODE_DEPLOY_DEPLOYMENT_GROUP }} | |
| cleanup: | |
| needs: coffee-deploy | |
| if: always() | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Delete artifacts | |
| env: | |
| FOR_WEBHOOKS_SECRET: ${{ secrets.ACTIONS_TOKEN }} | |
| run: | | |
| echo "::add-mask::$FOR_WEBHOOKS_SECRET" | |
| curl --verbose --fail --show-error --location --request POST "https://api.github.com/repos/$GITHUB_REPOSITORY/dispatches" --header "Authorization: token $FOR_WEBHOOKS_SECRET" --header 'Content-Type: application/json' --header 'Accept: application/vnd.github.everest-preview+json' --data-raw "{ \"event_type\": \"Delete_Artifacts\", \"client_payload\": {\"parent_runid\": \"$GITHUB_RUN_ID\", \"parent_repo\": \"$GITHUB_REPOSITORY\"} }" |