Merge pull request #105 from Recipe-Project/feature/async_thumbnail_c… #91
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow uses actions that are not certified by GitHub. | |
| # They are provided by a third-party and are governed by | |
| # separate terms of service, privacy policy, and support | |
| # documentation. | |
| # This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time | |
| # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle | |
| name: Java CI with Gradle | |
| on: | |
| push: | |
| branches: [ "develop" ] | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'adopt' | |
| # application.yml 파일 복사 | |
| - name: Copy application.yml | |
| env: | |
| APPLICATION_YML_FILE: ${{ secrets.DEV_APPLICATION_YML }} | |
| run: echo $APPLICATION_YML_FILE | base64 --decode > src/main/resources/application.yml | |
| # application-test.yml 파일 복사 | |
| - name: Copy application-test.yml | |
| env: | |
| APPLICATION_YML_FILE: ${{ secrets.TEST_APPLICATION_YML }} | |
| run: echo $APPLICATION_YML_FILE | base64 --decode > src/main/resources/application-test.yml | |
| # recipeapp-key.json 파일 복사 | |
| - name: Copy recipeapp-key.json | |
| env: | |
| RECIPEAPP_KEY_FILE: ${{ secrets.RECIPEAPP_KEY }} | |
| run: echo $RECIPEAPP_KEY_FILE | base64 --decode > src/main/resources/recipeapp-key.json | |
| # secret 파일 디렉토리 생성 | |
| - name: Create secret directory | |
| run: mkdir src/main/java/com/recipe/app/src/config/secret | |
| # Secret.java 파일 복사 | |
| - name: Copy Secret.java | |
| env: | |
| SECRET_JAVA_FILE: ${{ secrets.SECRET_JAVA }} | |
| run: echo $SECRET_JAVA_FILE | base64 --decode > src/main/java/com/recipe/app/src/config/secret/Secret.java | |
| # keystore.p12 파일 복사 | |
| - name: Copy keystore.p12 | |
| env: | |
| KEYSTORE_FILE: ${{ secrets.KEYSTORE }} | |
| run: echo $KEYSTORE_FILE | base64 --decode -i > keystore.p12 | |
| - name: Get Public IP | |
| id: publicip | |
| run: | | |
| response=$(curl -s canhazip.com) | |
| echo "ip='$response'" >> "$GITHUB_OUTPUT" | |
| - name: Setting environment variables | |
| run: | | |
| echo "AWS_DEFAULT_REGION=ap-northeast-2" >> $GITHUB_ENV | |
| echo "AWS_SG_NAME=launch-wizard-1" >> $GITHUB_ENV | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ap-northeast-2 | |
| - name: Add Github Actions IP to Security group | |
| run: | | |
| aws ec2 authorize-security-group-ingress --group-name ${{ env.AWS_SG_NAME }} --protocol tcp --port 3306 --cidr ${{ steps.publicip.outputs.ip }}/32 | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ap-northeast-2 | |
| # 빌드 파일 권한 수정 | |
| - name: Grant execute permission for gradlew | |
| run: chmod +x gradlew | |
| # gradle 빌드 | |
| - name: Build with Gradle | |
| run: ./gradlew clean bootWar | |
| - name: Remove Github Actions IP from security group | |
| run: | | |
| aws ec2 revoke-security-group-ingress --group-name ${{ env.AWS_SG_NAME }} --protocol tcp --port 3306 --cidr ${{ steps.publicip.outputs.ip }}/32 | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_DEFAULT_REGION: ap-northeast-2 | |
| # 전송할 파일을 담을 디렉토리 생성 | |
| - name: Make Directory for deliver | |
| run: mkdir deploy | |
| # Jar 파일 Copy | |
| - name: Copy Jar | |
| run: cp ./build/libs/*.war ./deploy/ | |
| # appspec.yml Copy | |
| - name: Copy appspec | |
| run: cp appspec.yml ./deploy/ | |
| # docker-compose.yml Copy | |
| - name: Copy docker-compose | |
| run: cp docker-compose.yml ./deploy/ | |
| # 쉘스크립트 deploy 폴더로 복사 | |
| - name: Copy shell | |
| run: | | |
| cp ./scripts/start.sh ./deploy/start.sh | |
| cp ./scripts/stop.sh ./deploy/stop.sh | |
| cp ./scripts/certbot_install.sh ./deploy/certbot_install.sh | |
| cp ./scripts/certbot_renew.sh ./deploy/certbot_renew.sh | |
| # keystore.p12 deploy 폴더로 복사 | |
| - name: Copy keystore | |
| run: | | |
| cp ./keystore.p12 ./deploy/keystore.p12 | |
| # 압축파일 형태로 전달 | |
| - name: Make zip file | |
| run: zip -r -qq -j ./recipe-storage-build.zip ./deploy | |
| # 압축한 파일 S3 Bucket으로 업로드 | |
| - name: Deliver to AWS S3 | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| run: | | |
| aws s3 cp \ | |
| --region ap-northeast-2 \ | |
| --acl private \ | |
| ./recipe-storage-build.zip s3://recipe-storage-test-2024-github-actions-s3-bucket/ | |
| # EC2 서버에 deploy | |
| - name: Deploy | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| run: | | |
| aws deploy create-deployment \ | |
| --application-name recipe-storage-codedeploy-app \ | |
| --deployment-group-name recipe-storage-codedeploy-deployment-app \ | |
| --file-exists-behavior OVERWRITE \ | |
| --s3-location bucket=recipe-storage-test-2024-github-actions-s3-bucket,bundleType=zip,key=recipe-storage-build.zip \ | |
| --region ap-northeast-2 |