Merge pull request #413 from twenty-three-23/feature/TT-510 #249
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Spring CI/CD with Gradle and Docker | |
| # 동작 조건 설정 : main 브랜치에 push 혹은 pull request가 발생할 경우 동작한다. | |
| on: | |
| push: | |
| branches: [ "dev"] | |
| permissions: | |
| contents: read | |
| env: | |
| RESOURCE_PATH: ./src/main/resources/application.yml | |
| jobs: | |
| # Spring Boot 애플리케이션을 빌드하여 도커허브에 푸시하는 과정 | |
| build-docker-image: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| # 1. Java 17 세팅 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Decode GPT Prompt and Set Environment Variable | |
| run: | | |
| DECODED_PROMPT=$(echo "${{ secrets.GPT_PROMPT_SYSTEM }}" | base64 --decode) | |
| echo "GPT_PROMPT_SYSTEM<<EOF" >> $GITHUB_ENV | |
| echo "$DECODED_PROMPT" >> $GITHUB_ENV | |
| echo "EOF" >> $GITHUB_ENV | |
| - name: Set yaml file | |
| uses: microsoft/variable-substitution@v1 | |
| with: | |
| files: ${{ env.RESOURCE_PATH }} | |
| env: | |
| spring.datasource.url: ${{secrets.DB_URL}} | |
| spring.datasource.username: ${{secrets.DB_USERNAME}} | |
| spring.datasource.password: ${{secrets.DB_PASSWORD}} | |
| spring.jpa.hibernate.ddl-auto: ${{secrets.DDL_ENV}} | |
| spring.data.redis.host: ${{secrets.REDIS_HOST}} | |
| spring.data.redis.port: ${{secrets.REDIS_PORT}} | |
| spring.data.redis.password: ${{secrets.REDIS_PASSWORD}} | |
| logging.level.com.twentythree.peech: off | |
| logging.config: classpath:spring-logback.xml | |
| gpt.api.key: ${{secrets.GPT_API_KEY}} | |
| gpt.prompt.system: ${{env.GPT_PROMPT_SYSTEM}} | |
| jwt.secret.key: ${{secrets.JWT_SECRET_KEY}} | |
| jwt.access.key: ${{secrets.JWT_ACCESS_KEY}} | |
| jwt.refresh.key: ${{secrets.JWT_REFRESH_KEY}} | |
| spring.sql.init.mode: ${{ secrets.DATA_SQL_OPTION }} | |
| spring.jpa.defer-datasource-initialization: ${{ secrets.DATA_INITALIZATION_OPTION }} | |
| clova.speech-api.secret: ${{ secrets.CLOVA_SPEECH_SECRET_KEY }} | |
| clova.speech-api.url: ${{ secrets.CLOVA_SPEECH_URL }} | |
| clova.divide-sentence-api.key: ${{ secrets.CLOVASTUDIO_API_KEY }} | |
| clova.divide-sentence-api.gw-key: ${{ secrets.CLOVASTUDIO_APIGW_API_KEY }} | |
| clova.divide-sentence-api.url: ${{ secrets.CLOVASTUDIO_API_URL }} | |
| sentry.dsn: ${{ secrets.SENTRY_DSN_DEV }} | |
| app.version: ${{ secrets.APP_VERSION_DEV}} | |
| app.available: ${{ secrets.APP_AVAILABLE_DEV}} | |
| ffmpeg.path: ${{ secrets.FFMPEG_PATH_DEV }} | |
| ffprobe.path: ${{ secrets.FFPROBE_PATH_DEV }} | |
| spring.cors.allowed-origins: ${{ secrets.CORS_ALLOWED_ORIGINS }} | |
| fcm.secret-key: ${{ secrets.FCM_SECRET_KEY }} | |
| fcm.key-path: ${{ secrets.FCM_KEY_PATH }} | |
| fcm.project-id: ${{ secrets.FCM_PROJECT_ID }} | |
| meta.api-version: ${{ secrets.META_API_VERSION}} | |
| meta.web.pixel-id: ${{ secrets.META_WEB_PIXEL_ID}} | |
| meta.web.access-token: ${{ secrets.META_WEB_ACCESS_TOKEN}} | |
| meta.app.pixel-id: ${{ secrets.META_APP_PIXEL_ID}} | |
| meta.app.access-token: ${{ secrets.META_APP_ACCESS_TOKEN}} | |
| meta.tag.content: ${{ secrets.META_TAG_CONTENT}} | |
| # application.yml 파일 내용 확인 | |
| - name: Display modified application.yml | |
| run: cat ${{ env.RESOURCE_PATH }} | |
| # excute 허용 | |
| - name: Run chmod to make gradlew executable | |
| run: chmod +x ./gradlew | |
| # fcm 서버 키 설정 | |
| - name: Set up FCM server key | |
| run: | | |
| cd ./src/main/resources/ | |
| echo "${{ secrets.FCM_SECRET_KEY }}" | base64 --decode > ./peech_fcm.json | |
| # 2. Spring Boot 애플리케이션 빌드 | |
| - name: Build with Gradle | |
| uses: gradle/gradle-build-action@67421db6bd0bf253fb4bd25b31ebb98943c375e1 | |
| with: | |
| arguments: clean bootJar | |
| # 3. Docker 이미지 빌드 | |
| - name: docker image build | |
| run: docker build --no-cache -t ${{ secrets.DOCKERHUB_USERNAME }}/github-actions-demo . | |
| # 4. DockerHub 로그인 | |
| - name: docker login | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| # 5. Docker Hub 이미지 푸시 | |
| - name: docker Hub push | |
| run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/github-actions-demo | |
| run-docker-image-on-ec2: | |
| # build-docker-image (위)과정이 완료되어야 실행됩니다. | |
| needs: build-docker-image | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up SSH | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ secrets.DEV_EC2_KEY }} | |
| - name: Run deployment script | |
| run: | | |
| ssh -o StrictHostKeyChecking=no -o ServerAliveInterval=60 ubuntu@${{ secrets.DEV_EC2_IP }} << 'EOF' | |
| export SENTRY_DSN="${{ secrets.SENTRY_DSN_DEV }}" | |
| echo "${{ secrets.DOCKERHUB_PASSWORD }}" | sudo docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin | |
| sudo docker pull ${{ secrets.DOCKERHUB_USERNAME }}/github-actions-demo | |
| sudo docker stop $(sudo docker ps -q) 2>/dev/null || true | |
| sudo docker run --name github-actions-demo --rm -v logs:/logs -d -p 8080:8080 ${{ secrets.DOCKERHUB_USERNAME }}/github-actions-demo | |
| sudo chmod logs 777 | |
| sudo docker system prune -f | |
| EOF |