From a4a697d95ba78b63b997b2a517b3eb76e1e7ff9b Mon Sep 17 00:00:00 2001 From: Jungwoo Kim <120318020+kjungw1025@users.noreply.github.com> Date: Tue, 8 Oct 2024 16:29:21 +0900 Subject: [PATCH] feat: Create prod_cd.yml --- .github/workflows/prod_cd.yml | 111 ++++++++++++++++++++++++++++++++++ 1 file changed, 111 insertions(+) create mode 100644 .github/workflows/prod_cd.yml diff --git a/.github/workflows/prod_cd.yml b/.github/workflows/prod_cd.yml new file mode 100644 index 0000000..57aae52 --- /dev/null +++ b/.github/workflows/prod_cd.yml @@ -0,0 +1,111 @@ +# This workflow uses actions that are not certified by GitHub. +# They are provided by a third-party and are governed by +# separate terms of service, privacy policy, and support +# documentation. +# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time +# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle + +name: Prod_CD + +on: + push: + branches: [ "main" ] + +permissions: + contents: read + +jobs: + check_repo: + runs-on: ubuntu-latest + outputs: + cd-skip: ${{ steps.check_repo.outputs.cd-skip-value }} + steps: + - uses: actions/checkout@v4 + - name: Check Repo + run: | + if [ "$GITHUB_REPOSITORY" != "YOUR_USER/YOUR_REPO_NAME" ]; then + echo 'cd-skip-value=true' >> $GITHUB_OUTPUT + else + echo 'cd-skip-value=false' >> $GITHUB_OUTPUT + fi + + skip_cd: + needs: check_repo + if: github.repository != 'SWM-WeLike2Coding/ELSwhere-post-service' + runs-on: ubuntu-latest + steps: + - name: Skip CD + run: | + echo "CD will be terminated soon..." + exit 0 + + build: + runs-on: ubuntu-latest + if: github.repository == 'SWM-WeLike2Coding/ELSwhere-post-service' + needs: check_repo + environment: prod + steps: + - uses: actions/checkout@v4 + + - name: Set up JDK 17 + uses: actions/setup-java@v4 + with: + java-version: '17' + distribution: 'temurin' + + - name: Make test properties + env: + PROPERTIES: ${{ secrets.PROPERTIES }} + run: | + mkdir -p ./src/test/resources && cd "$_" + touch ./application.yml + echo $PROPERTIES | base64 --decode > application.yml + shell: bash + + - name: Setup Gradle + uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0 + + - name: Build with Gradle Wrapper + run: ./gradlew build + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Docker build + env: + AWS_ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + AWS_ECR_REPOSITORY: ${{ secrets.AWS_ECR_PROD_POST_SERVICE_REPOSITORY }} + run: | + docker build -t $AWS_ECR_REGISTRY/$AWS_ECR_REPOSITORY:${GITHUB_SHA::7} -t $AWS_ECR_REGISTRY/$AWS_ECR_REPOSITORY:latest . + + - name: Docker push + env: + AWS_ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + AWS_ECR_REPOSITORY: ${{ secrets.AWS_ECR_PROD_POST_SERVICE_REPOSITORY }} + run: | + docker push $AWS_ECR_REGISTRY/$AWS_ECR_REPOSITORY:${GITHUB_SHA::7} + docker push $AWS_ECR_REGISTRY/$AWS_ECR_REPOSITORY:latest + + - name: SSH Remote Commands + uses: appleboy/ssh-action@master + env: + AWS_ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + AWS_ECR_REPOSITORY: ${{ secrets.AWS_ECR_PROD_POST_SERVICE_REPOSITORY }} + with: + host: ${{ secrets.SERVER_HOST_PROD }} + username: ubuntu + key: ${{ secrets.PRIVATE_SUB_PRIVATE_PEM_KEY_PROD }} + proxy_host: ${{ secrets.BASTION_SERVER_HOST_PROD }} + proxy_username: ubuntu + proxy_key: ${{ secrets.PUBLIC_SUB_PRIVATE_PEM_KEY_PROD }} + envs: GITHUB_SHA,AWS_ECR_REGISTRY,AWS_ECR_REPOSITORY + script: | + ./deploy_post.sh $AWS_ECR_REGISTRY $AWS_ECR_REPOSITORY ${GITHUB_SHA::7}