.github/workflows/cd_prod.yml

name: Prod server Spring CI/CD with Gradle and Docker

# 동작 조건 설정 : main 브랜치에 push 혹은 pull request가 발생할 경우 동작한다.
on:
  push:
    branches: [ "main" ]
permissions:
  contents: read

env:
  RESOURCE_PATH: ./src/main/resources/application.yml

jobs:
  # Spring Boot 애플리케이션을 빌드하여 도커허브에 푸시하는 과정
  build-docker-image:
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3

      # 1. Java 17 세팅
      - name: Set up JDK 17
        uses: actions/setup-java@v3
        with:
          java-version: '17'
          distribution: 'temurin'

      - name: Set up GPT_PROMPT_SYSTEM environment variable decode
        run: echo "GPT_PROMPT_SYSTEM=${{ secrets.GPT_PROMPT_SYSTEM }}" >> $GITHUB_ENV

      - name: Set yaml file
        uses: microsoft/variable-substitution@v1
        with:
          files: ${{ env.RESOURCE_PATH }}
        env:
          spring.datasource.url: ${{secrets.DB_URL_PROD}}
          spring.datasource.username: ${{secrets.DB_USERNAME_PROD}}
          spring.datasource.password: ${{secrets.DB_PASSWORD_PROD}}
          spring.jpa.hibernate.ddl-auto: ${{secrets.DDL_ENV_PROD}}
          spring.data.redis.host: ${{secrets.REDIS_HOST_PROD}}
          spring.data.redis.port: ${{secrets.REDIS_PORT_PROD}}
          spring.data.redis.password: ${{secrets.REDIS_PASSWORD_PROD}}
          logging.level.com.twentythree.peech: off
          logging.config: classpath:spring-logback.xml
          gpt.api.key: ${{secrets.GPT_API_KEY_PROD}}
          gpt.prompt.system: ${{env.GPT_PROMPT_SYSTEM}}
          jwt.secret.key: ${{secrets.JWT_SECRET_KEY_PROD}}
          jwt.access.key: ${{secrets.JWT_ACCESS_KEY}}
          jwt.refresh.key: ${{secrets.JWT_REFRESH_KEY}}
          spring.sql.init.mode: ${{ secrets.DATA_SQL_OPTION_PROD }}
          spring.jpa.defer-datasource-initialization: ${{ secrets.DATA_INITALIZATION_OPTION_PROD }}
          clova.speech-api.secret: ${{ secrets.CLOVA_SPEECH_SECRET_KEY_PROD }}
          clova.speech-api.url: ${{ secrets.CLOVA_SPEECH_URL_PROD }}
          clova.divide-sentence-api.key: ${{ secrets.CLOVASTUDIO_API_KEY_PROD }}
          clova.divide-sentence-api.gw-key: ${{ secrets.CLOVASTUDIO_APIGW_API_KEY_PROD }}
          clova.divide-sentence-api.url: ${{ secrets.CLOVASTUDIO_API_URL_PROD }}
          sentry.dsn: ${{ secrets.SENTRY_DSN_PROD }}
          app.version: ${{ secrets.APP_VERSION_PROD}}
          app.available: ${{ secrets.APP_AVAILABLE_PROD}}
          ffmpeg.path: ${{ secrets.FFMPEG_PATH_PROD }}
          ffprobe.path: ${{ secrets.FFPROBE_PATH_PROD }}
          spring.cors.allowed-origins: ${{ secrets.CORS_ALLOWED_ORIGINS_PROD }}
          fcm.secret-key: ${{ secrets.FCM_SECRET_KEY }}
          fcm.key-path: ${{ secrets.FCM_KEY_PATH }}
          fcm.project-id: ${{ secrets.FCM_PROJECT_ID }}
          meta.api-version: ${{ secrets.META_API_VERSION}}
          meta.web.pixel-id: ${{ secrets.META_WEB_PIXEL_ID_PROD}}
          meta.web.access-token: ${{ secrets.META_WEB_ACCESS_TOKEN_PROD}}
          meta.app.pixel-id: ${{ secrets.META_APP_PIXEL_ID_PROD}}
          meta.app.access-token: ${{ secrets.META_APP_ACCESS_TOKEN_PROD}}
          meta.tag.content: ${{ secrets.META_TAG_CONTENT_PROD}}


      # application.yml 파일 내용 확인
      - name: Display modified application.yml
        run: cat ${{ env.RESOURCE_PATH }}
      # excute 허용
      - name: Run chmod to make gradlew executable
        run: chmod +x ./gradlew

      # fcm 서버 키 설정
      - name: Set up FCM server key
        run: |
          cd ./src/main/resources/
          echo "${{ secrets.FCM_SECRET_KEY }}" | base64 --decode > ./peech_fcm.json  

      # 2. Spring Boot 애플리케이션 빌드
      - name: Build with Gradle
        uses: gradle/gradle-build-action@67421db6bd0bf253fb4bd25b31ebb98943c375e1
        with:
          arguments: clean bootJar

      # 3. Docker 이미지 빌드
      - name: docker image build
        run: docker build -t ${{ secrets.DOCKERHUB_USERNAME_PROD }}/github-actions-demo .

      # 4. DockerHub 로그인
      - name: docker login
        uses: docker/login-action@v2
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME_PROD }}
          password: ${{ secrets.DOCKERHUB_PASSWORD_PROD }}

      # 5. Docker Hub 이미지 푸시
      - name: docker Hub push
        run: docker push ${{ secrets.DOCKERHUB_USERNAME_PROD }}/github-actions-demo

  run-docker-image-on-ec2:
    # build-docker-image (위)과정이 완료되어야 실행됩니다.
    needs: build-docker-image
    runs-on: ubuntu-latest
    steps:
      - uses: actions/checkout@v3
      - name: Set up SSH
        uses: webfactory/ssh-agent@v0.5.3
        with:
          ssh-private-key: ${{ secrets.PROD_EC2_KEY }}

      - name: Run deployment script
        run: |
          
          ssh -o StrictHostKeyChecking=no -o ServerAliveInterval=60  -o ServerAliveCountMax=2 ubuntu@${{ secrets.PROD_EC2_IP }} << 'EOF'
          export SENTRY_DSN="${{ secrets.SENTRY_DSN_DEV }}"
          echo "${{ secrets.DOCKERHUB_PASSWORD_PROD }}" | sudo docker login -u ${{ secrets.DOCKERHUB_USERNAME_PROD }} --password-stdin
          sudo docker pull ${{ secrets.DOCKERHUB_USERNAME_PROD }}/github-actions-demo
          sudo docker stop $(sudo docker ps -q) 2>/dev/null || true
          sudo docker run --name github-actions-demo --rm -v logs:/logs -d -p 8080:8080 ${{ secrets.DOCKERHUB_USERNAME_PROD }}/github-actions-demo
          sudo chmod logs 777
          sudo docker system prune -f 
          EOF