chore: 상용 CI/CD Github Action 서버를 보안그룹에 등록 #3
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: yappu-world-prod-ci | |
| on: | |
| pull_request: | |
| branches: | |
| - main | |
| push: | |
| branches: | |
| - chore/prod-ci-cd | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '21' | |
| distribution: 'liberica' | |
| cache: gradle | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v3 | |
| - name: Copy Secrets | |
| uses: microsoft/variable-substitution@v1 | |
| with: | |
| files: | |
| ./src/main/resources/application-dev.yaml | |
| env: | |
| server.port: ${{ secrets.DEV_SERVER_PORT }} | |
| spring.datasource.url: ${{ secrets.DEV_DB_URL }} | |
| spring.datasource.username: ${{ secrets.DEV_DB_USERNAME }} | |
| spring.datasource.password: ${{ secrets.DEV_DB_PASSWORD }} | |
| jwt.secret_key: ${{ secrets.DEV_JWT_SECRET_KEY }} | |
| jwt.access_token_expiration_times: ${{ secrets.DEV_ACCESS_TOKEN_EXPIRATION_TIMES }} | |
| jwt.refresh_token_expiration_times: ${{ secrets.DEV_REFRESH_TOKEN_EXPIRATION_TIMES }} | |
| # Github Action 실행 서버 IP 추출 | |
| - name: Get Github Actions IP | |
| id: ip | |
| uses: candidob/[email protected] | |
| # AWS Credentials | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_BOT_ACCESS_KEY }} | |
| aws-secret-access-key: ${{ secrets.AWS_BOT_SECRET_KEY }} | |
| aws-region: ap-northeast-2 | |
| # Security Group에 Github Action 서버를 등록 | |
| - name: Add Github Actions IP on Security Group | |
| run: | | |
| aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_DEV_SECURITY_GROUP_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
| - name: Build with Gradle Wrapper | |
| run: ./gradlew clean build | |
| env: | |
| SPRING_PROFILES_ACTIVE: dev | |
| # Security Group에서 Github Action 서버 제외 | |
| - name: Remove Github Actions IP from Security Group | |
| if: always() | |
| run: | | |
| aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_DEV_SECURITY_GROUP_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
| # Discord Notification | |
| - name: CI Success Notification | |
| uses: sarisia/actions-status-discord@v1 | |
| if: success() | |
| with: | |
| title: ✅ 상용 CI 성공 ✅ | |
| webhook: ${{ secrets.DISCORD_WEBHOOK_URL }} | |
| color: 0x00FF00 | |
| username: 페페훅 | |
| - name: CI Failure Notification | |
| uses: sarisia/actions-status-discord@v1 | |
| if: failure() | |
| with: | |
| title: ❗️상용 CI 실패 ❗️ | |
| webhook: ${{ secrets.DISCORD_WEBHOOK_URL }} | |
| color: 0xFF0000 | |
| username: 페페훅 |