-
Notifications
You must be signed in to change notification settings - Fork 1
144 lines (124 loc) · 4.83 KB
/
production_build_deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
name: Build and Deploy to Production
on:
push:
tags:
- v*.*.*
permissions:
id-token: write
env:
IMAGE_NAME: gdsc-server
jobs:
build-deploy:
runs-on: ubuntu-latest
environment: production
strategy:
matrix:
java-version: [17]
distribution: ["temurin"]
steps:
# 체크아웃
- name: Checkout
uses: actions/checkout@v4
# Docker 이미지 태그 세팅
- name: Set up image-tag by GITHUB_SHA
id: image-tag
run: echo "value=$(cut -d'v' -f2 <<< ${GITHUB_REF#refs/*/})" >> $GITHUB_OUTPUT
# JDK 17 버전으로 세팅
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java-version }}
distribution: ${{ matrix.distribution }}
# Gradlew 실행 허용
- name: Run chmod to make gradlew executable
run: chmod +x ./gradlew
# Redis 컨테이너 실행
- name: Start containers
run: docker-compose -f ./docker-compose-test.yaml up -d
# Gradle 빌드
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v3
with:
cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/develop' }} # feature 브랜치는 캐시를 읽기 전용으로 설정
cache-encryption-key: ${{ secrets.GRADLE_CACHE_ENCRYPTION_KEY }}
add-job-summary-as-pr-comment: always
build-scan-publish: true
build-scan-terms-of-use-url: "https://gradle.com/help/legal-terms-of-use"
build-scan-terms-of-use-agree: "yes"
- name: Build with Gradle
id: gradle
run: ./gradlew build --configuration-cache
# Dockerhub 로그인
- name: Login to Dockerhub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
# Docker 메타데이터 추출
- name: Extract Docker metadata
id: metadata
uses: docker/[email protected]
env:
DOCKERHUB_IMAGE_FULL_NAME: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }}
with:
images: ${{ env.DOCKERHUB_IMAGE_FULL_NAME }}
tags: |
type=semver,pattern={{version}}
flavor: |
latest=false
# 멀티 아키텍처 지원을 위한 QEMU 설정
- name: Set up QEMU
uses: docker/setup-qemu-action@v3
# 도커 확장 빌드를 위한 Buildx 설정
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
# 이미지 빌드 및 Dockerhub에 푸시
- name: Docker Build and Push
uses: docker/build-push-action@v5
with:
context: .
platforms: linux/arm64/v8
push: true
tags: ${{ secrets.DOCKERHUB_USERNAME }}/gdsc-server:${{ steps.image-tag.outputs.value }}
# AWS 로그인
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
aws-region: ap-northeast-2
output-config: true
# 복사 경로 환경변수 설정
- name: Set up S3 copy path
env:
S3_DEPLOY_BUCKET_NAME: ${{ secrets.S3_DEPLOY_BUCKET_NAME }}
run: echo "S3_COPY_PATH=$(echo s3://${S3_DEPLOY_BUCKET_NAME}/gdsc/docker-compose-prod.yml)" >> $GITHUB_ENV
# S3로 docker-compose 파일 전송
- name: Copy docker-compose file to S3
run: aws s3 cp docker-compose.yml ${{ env.S3_COPY_PATH }}
- name: Deploy to EC2 Server
uses: appleboy/ssh-action@master
env:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
IMAGE_FULL_URL: ${{ steps.metadata.outputs.tags }}
with:
host: ${{ secrets.EC2_HOST }}
username: ${{ secrets.EC2_USERNAME }}
key: ${{ secrets.EC2_PRIVATE_KEY }}
envs: IMAGE_FULL_URL # docker-compose.yml 에서 사용할 환경 변수
script: |
aws s3 cp ${{ env.S3_COPY_PATH }} docker-compose.yml
echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin
docker pull ${{ env.IMAGE_FULL_URL }}
docker-compose up -d
docker image prune -a -f
# Slack 알림
- name: Send Deploy Result to Slack
uses: rtCamp/action-slack-notify@v2
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
SLACK_USERNAME: 둘기봇
SLACK_ICON: https://github.com/GDSC-Hongik/gdsc-server/assets/91878695/1d3861bd-672d-4ee7-8de4-f06c9a06f514
SLACK_TITLE: "Deploy Summary - Production"
SLACK_MESSAGE: |
- image tag: `${{ steps.metadata.outputs.tags }}`
- build scan report: ${{ steps.gradle.outputs.build-scan-url }}