diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml index 8b13789..2e3191c 100644 --- a/.github/workflows/gradle.yml +++ b/.github/workflows/gradle.yml @@ -1 +1,111 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. +# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time +# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle +name: hero-alignlab-api CI/CD + +# release 브랜치에 push 또는 pull request가 되면 스크립트 실행 +on: + push: + branches: [ "main" ] + pull_request: + branches: [ main ] + +# 해당 스크립트에서 사용될 환경 변수 +env: + AWS_REGION: ap-northeast-2 + PROJECT_NAME: hero-alignlab-api + S3_BUCKET_NAME: alignlab + CODE_DEPLOY_APP_NAME: hero-alignlab-api + CODE_DEPLOY_DEPLOYMENT_GROUP_NAME: hero-align-lab-deploy + +permissions: + contents: read + +jobs: + build: + + # Github의 워크플로에서 실행될 OS 선택 + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v3 + + # JDK 17, Corretto 17 + - name: Set up Corretto JDK 17 + uses: actions/setup-java@v3 + with: + java-version: '17' + distribution: 'temurin' + + # Secret Setup - application.yml + - name: Inject env-values to application.yml + uses: microsoft/variable-substitution@v1 + with: + files: ./src/main/resources/config/application.yml + env: + # Aws Credentials 환경 변수 주입 + cloud.aws.credentials.access-key: ${{ secrets.AWS_ACCESS_KEY_ID }} + cloud.aws.credentials.secret-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + # Jwt Secret Key 환경 변수 주입 + auth.jwt.secret: ${{ secrets.AUTH_JWT_SECRET }} + # Encrypt 환경 변수 주입 + encrypt.key: ${{ secrets.ENCRYPT_KEY }} + encrypt.algorithm: ${{ secrets.ENCRYPT_ALGORITHM }} + # dev resource 환경 변수 주입 + hero-alignlab.dev.resource.key: ${{ secrets.HERO_ALIGNLAB_DEV_RESOURCE_KEY }} + # OAuth-Kakao 환경 변수 주입 + oauth.kakao.rest-api-key: ${{ secrets.OAUTH_KAKAO_REST_API_KEY }} + oauth.kakao.client-secret-code: ${{ secrets.OAUTH_KAKAO_CLIENT_SECRET_CODE }} + oauth.kakao.admin-key: ${{ secrets.OAUTH_KAKAO_ADMIN_KEY }} + + # Secret Setup - application-prod.yml + - name: Inject env-values to application-prod.yml + uses: microsoft/variable-substitution@v1 + with: + files: ./src/main/resources/config/application-prod.yml + env: + # Database 환경 변수 주입 + hero.master.datasource.url: ${{ secrets.HERO_MASTER_DATASOURCE_URL }} + hero.master.datasource.username: ${{ secrets.HERO_MASTER_DATASOURCE_USERNAME }} + hero.master.datasource.password: ${{ secrets.HERO_MASTER_DATASOURCE_PASSWORD }} + + # gradlew 파일 실행권한 설정 + - name: Grant execute permission for gradlew + run: chmod +x ./gradlew + shell: bash + + # Gradle build (Test 제외) + - name: Build with Gradle + run: ./gradlew clean --stacktrace --info build + shell: bash + + # AWS 인증 (IAM 사용자 Access Key, Secret Key 활용) + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ${{ env.AWS_REGION }} + + # 빌드 결과물을 S3 버킷에 업로드 + - name: Upload to AWS S3 + run: | + aws deploy push \ + --application-name ${{ env.CODE_DEPLOY_APP_NAME }} \ + --ignore-hidden-files \ + --s3-location s3://$S3_BUCKET_NAME/$GITHUB_SHA.zip \ + --source . + + # S3 버킷에 있는 파일을 대상으로 CodeDeploy 실행 + - name: Deploy to AWS EC2 from S3 + run: | + aws deploy create-deployment \ + --application-name ${{ env.CODE_DEPLOY_APP_NAME }} \ + --deployment-config-name CodeDeployDefault.AllAtOnce \ + --deployment-group-name ${{ env.CODE_DEPLOY_DEPLOYMENT_GROUP_NAME }} \ + --s3-location bucket=$S3_BUCKET_NAME,key=$GITHUB_SHA.zip,bundleType=zip