-
Notifications
You must be signed in to change notification settings - Fork 2
149 lines (125 loc) · 4.7 KB
/
core-application-prod-ci-cd-flow.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
name: core-prod-ci/cd
on:
push:
branches:
- prod_back_core
- 'hotfix/[0-9a-zA-z]+-B-prod-core-#[0-9a-zA-z]+'
pull_request:
branches:
- prod_back_core
jobs:
build_and_test:
name: build and test
if: ${{github.event_name == 'pull_request' }}
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./backend/core
steps:
- name: set up JDK 17
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'liberica'
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
token: ${{ secrets.CI_PAT }}
- name: formatting
uses: axel-op/googlejavaformat-action@v3
with:
args: "--replace"
skip-commit: true
- name: grant execute permission for gradlew
run: chmod +x ./gradlew
- name: test
run: ./gradlew clean test
deploy-core:
name: core application deploy
if: ${{ github.event_name == 'push' }}
runs-on: ubuntu-latest
defaults:
run:
working-directory: ./backend/core
permissions:
id-token: write
contents: read
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
token: ${{ secrets.CI_PAT }}
- name: set up JDK 17
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'liberica'
cache: gradle
- name: grant execute permission for gradlew
run: chmod +x ./gradlew
- name: build gradle
run: ./gradlew clean build
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
aws-region: ${{ secrets.AWS_REGION }}
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: |
${{ steps.login-ecr.outputs.registry }}/${{ secrets.AWS_PROD_ECR_CORE_REPOSITORY_NAME }}
tags: |
type=raw,value={{date 'YYYYMMDD-HHmmss'}}
- name: Build and push
uses: docker/build-push-action@v5
with:
context: ./backend/core
push: true
tags: ${{ steps.meta.outputs.tags }}
provenance: false
- name: Get Github action IP
id: ip
uses: haythem/[email protected]
- name: Add Github Actions IP to Security group
run: |
aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_PROD_CORE_NOTI_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
- name: Connect ec2 and Run Docker Container
uses: appleboy/[email protected]
env:
AWS_ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
with:
host: ${{ secrets.SSH_PROD_CORE_NOTI_HOST }}
username: ${{ secrets.SSH_USERNAME }}
key: ${{ secrets.SSH_PROD_CORE_NOTI_PRIVATE_KEY }}
port: ${{ secrets.SSH_PORT }}
script: |
docker ps -q --filter "name=core" | xargs -r docker stop
docker ps -aq --filter "name=core" | xargs -r docker rm
aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | docker login --username ${{ secrets.AWS_DOCKER_USER }} --password-stdin ${{ secrets.AWS_USER_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
docker image prune -f
docker pull ${{ steps.meta.outputs.tags }}
docker run -d -p 8080:8080 -e ENVIRONMENT=prod --name core --network ec2-user_backend ${{ steps.meta.outputs.tags }}
- name: Remove Github Actions IP from security group
if: always()
run: |
aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_PROD_CORE_NOTI_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
- uses: sarisia/actions-status-discord@v1
if: success()
with:
webhook: ${{ secrets.DISCORD_WEBHOOK }}
status: ${{ job.status }}
content: "여러분 <@384742716933668867> <@1084774841460215839> <@545902166842408960> <@1081452554149449748>\n 배포 완료했습니다!!"
title: "코어 운영 서버 배포 완료 알림"
description: "백엔드 개발 브랜치에서 운영 환경으로 깃허브 액션으로 배포 완료"
image: ${{ secrets.EMBED_IMAGE }}
color: 0x0000ff
url: "https://github.com/tukcomCD2024/DroidBlossom/actions"
username: GitHub Actions Bot
avatar_url: ${{ secrets.AVATAR_URL }}