Skip to content
CI/CD using github actions & docker

Fix: Security, Filter 예외에 monitoring path 동적으로 추가 #141

Sign in to view logs

Fix: Security, Filter 예외에 monitoring path 동적으로 추가

Fix: Security, Filter 예외에 monitoring path 동적으로 추가 #141

Workflow file for this run

.github/workflows/cicd-ec2.yml at 6fc7fcf
# github repository actions 페이지에 나타날 이름
name: CI/CD using github actions & docker
# event trigger
# main이나 staging 브랜치에 push가 되었을 때 실행
on:
push:
branches: [ "main", "staging", "main-test" ]
env:
AWS_REGION: ap-northeast-2
S3_BUCKET_NAME: genti-deploy
CODE_DEPLOY_APPLICATION_NAME: genti
CODE_DEPLOY_DEPLOYMENT_GROUP_NAME: genti-deploy-group
permissions:
contents: read
jobs:
CI-CD:
runs-on: ubuntu-22.04
steps:
# JDK setting - github actions에서 사용할 JDK 설정 (프로젝트나 AWS의 java 버전과 달라도 무방)
- uses: actions/checkout@v3
- name: Set up JDK 21
uses: actions/setup-java@v3
with:
java-version: '21'
distribution: 'temurin'
# gradle caching - 빌드 시간 향상
- name: Gradle Caching
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-
# 공통 yml 파일 생성 - secret
- name: make application-secret.yml
if: contains(github.ref, 'staging') || contains(github.ref, 'main')
run: |
cd ./genti-api/src/main/resources
touch ./application-secret.yml
echo "${{ secrets.APPLICATION_SECRET }}" > ./application-secret.yml
shell: bash
# 환경별 yml 파일 생성(3) - deploy
- name: make application-deploy.yml
if: contains(github.ref, 'main')
run: |
cd ./genti-api/src/main/resources
touch ./application-deploy.yml
echo "${{ secrets.APPLICATION_DEPLOY }}" > ./application-deploy.yml
shell: bash
# 환경별 yml 파일 생성(3) - staging
- name: make application-staging.yml
if: contains(github.ref, 'staging')
run: |
cd ./genti-api/src/main/resources
touch ./application-staging.yml
echo "${{ secrets.APPLICATION_STAGING }}" > ./application-staging.yml
shell: bash
# gradle build
- name: Setup Gradle Wrapper
uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
- name: Build with Gradle Wrapper
run: |
chmod +x ./gradlew
./gradlew clean build -x test
- name: Get Github action IP
id: ip
uses: haythem/[email protected]
- name: Setting environment variables
run: |
echo "AWS_DEFAULT_REGION=ap-northeast-2" >> $GITHUB_ENV
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2
- name: Add Github Actions IP to Security group
if: contains(github.ref, 'staging')
run: |
aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ap-northeast-2
- name: Login to aws ECR
if: contains(github.ref, 'main')
id: login-ecr
uses: aws-actions/amazon-ecr-login@v1
- name: Build, tag, and push image to aws ECR
if: contains(github.ref, 'main')
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: genti-deploy
IMAGE_TAG: latest
run: |
docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
- name: Upload docker-compose, appspec, afterInstall file to S3
if: contains(github.ref, 'main')
run: |
zip -r ./$GITHUB_SHA.zip ./scripts appspec.yml docker-compose.yml .env
aws s3 cp --region ap-northeast-2 ./$GITHUB_SHA.zip s3://$S3_BUCKET_NAME
- name: Upload docker compose file to staging server
if: contains(github.ref, 'staging')
uses: appleboy/scp-action@master
with:
host: ${{ secrets.HOST_STAGING }}
username: ubuntu
key: ${{ secrets.EC2_KEY }}
port: 22
source: "./docker/staging/*"
target: "/home/ubuntu/workspace/"
# docker build & push to deploy server
- name: Deploy to EC2 with CodeDeploy
if: contains(github.ref, 'main')
run: |
aws deploy create-deployment \
--application-name ${{ env.CODE_DEPLOY_APPLICATION_NAME }} \
--deployment-config-name CodeDeployDefault.AllAtOnce \
--deployment-group-name ${{ env.CODE_DEPLOY_DEPLOYMENT_GROUP_NAME }} \
--s3-location bucket=$S3_BUCKET_NAME,key=$GITHUB_SHA.zip,bundleType=zip
# docker build & push to staging
- name: Docker build & push to staging
if: contains(github.ref, 'staging')
run: |
docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
docker build -f Dockerfile_staging -t ${{ secrets.DOCKER_USERNAME }}/genti-staging .
docker push ${{ secrets.DOCKER_USERNAME }}/genti-staging
## deploy to staging server
- name: Deploy to staging server
uses: appleboy/ssh-action@master
id: deploy-staging
if: contains(github.ref, 'staging')
with:
host: ${{ secrets.HOST_STAGING }} # EC2 퍼블릭 IPv4 DNS
username: ubuntu
password: ${{ secrets.PASSWORD }}
port: 22
key: ${{ secrets.EC2_KEY }}
script: |
sudo docker ps
cd /home/ubuntu/workspace/docker/staging
docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
sudo docker pull ${{ secrets.DOCKER_USERNAME }}/genti-staging
sudo docker-compose up -d
sudo docker image prune -f
- name: delete github actions ip from aws security group
if: contains(github.ref, 'staging')
run: |
aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
env:
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
AWS_DEFAULT_REGION: ap-northeast-2