-
Notifications
You must be signed in to change notification settings - Fork 0
143 lines (123 loc) · 5.5 KB
/
dev-deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
name: Deploy dev server
on:
push:
branches:
- "develop"
pull_request:
branches:
- "develop"
workflow_dispatch:
jobs:
run-test:
name: Run Test
runs-on: ubuntu-latest
permissions:
contents: read
pull-requests: write
steps:
- name: Checkout the repo
uses: actions/checkout@v4
- name: Cache Gradle dependencies
uses: actions/cache@v3
with:
path: |
~/.gradle/caches/modules-2
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-
- name: Set up JDK 17
uses: actions/setup-java@v4
with:
java-version: '17'
distribution: 'corretto'
cache: gradle
- name: Start Redis
uses: supercharge/[email protected]
with:
redis-version: 7
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Run tests
run: ./gradlew test --no-daemon
- name: Upload Test Coverage Report with Jacoco
uses: Madrapps/[email protected]
with:
title: Test Coverage Report
id: jacocoReport
paths: ${{ github.workspace }}/build/reports/jacoco/test/jacocoTestReport.xml
token: ${{ secrets.GITHUB_TOKEN }}
min-coverage-overall: 40
min-coverage-changed-files: 40
build:
name: Build And Push Docker Image
runs-on: ubuntu-latest
needs: run-test
if: |
!contains(github.event.head_commit.message, 'skip deploy') &&
!contains(github.event.pull_request.body, 'skip deploy')
permissions:
contents: read
steps:
- name: Checkout the repo
uses: actions/checkout@v4
- name: Set commit SHA
run: echo "COMMIT_SHA=$(git rev-parse --short HEAD)" >> $GITHUB_ENV
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2
- name: Login to Amazon ECR
run: |
aws ecr get-login-password --region ap-northeast-2 | docker login --username AWS --password-stdin ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.ap-northeast-2.amazonaws.com
- name: Build and push Docker image for amd64
run: |
docker build --platform linux/amd64 \
-t ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.ap-northeast-2.amazonaws.com/${{ secrets.ECR_REPOSITORY }}:${{ env.COMMIT_SHA }}-amd64 .
docker push ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.ap-northeast-2.amazonaws.com/${{ secrets.ECR_REPOSITORY }}:${{ env.COMMIT_SHA }}-amd64
- name: Create and push Docker manifest
run: |
docker manifest create ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.ap-northeast-2.amazonaws.com/${{ secrets.ECR_REPOSITORY }}:dev-${{ env.COMMIT_SHA }} \
--amend ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.ap-northeast-2.amazonaws.com/${{ secrets.ECR_REPOSITORY }}:${{ env.COMMIT_SHA }}-amd64
docker manifest push ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.ap-northeast-2.amazonaws.com/${{ secrets.ECR_REPOSITORY }}:dev-${{ env.COMMIT_SHA }}
outputs:
commit_sha: ${{ env.COMMIT_SHA }}
deploy:
name: Deploy to EC2 dev server
runs-on: ubuntu-latest
needs: build
permissions:
contents: read
steps:
- name: Checkout the repo
uses: actions/checkout@v4
- name: Ssh to EC2 dev server
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.AWS_DEV_EC2_HOST }}
username: ${{ secrets.AWS_DEV_EC2_USERNAME }}
key: ${{ secrets.AWS_DEV_EC2_PEM_KEY }}
port: 22
script: |
cd /home/ubuntu/workspace
echo "GOOGLE_CLIENT_ID=${{ secrets.GOOGLE_CLIENT_ID }}" > .env
echo "GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET }}" >> .env
echo "AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }}" >> .env
echo "AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}" >> .env
echo "COMMIT_SHA=${{ needs.build.outputs.commit_sha }}" >> .env
echo "AWS_ACCOUNT_ID=${{ secrets.AWS_ACCOUNT_ID }}" >> .env
echo "ECR_REPOSITORY=${{ secrets.ECR_REPOSITORY }}" >> .env
echo "PORTONE_REST_API_KEY=${{ secrets.PORTONE_REST_API_KEY }}" >> .env
echo "PORTONE_REST_API_SECRET=${{ secrets.PORTONE_REST_API_SECRET }}" >> .env
echo "NH_ISCD=${{ secrets.NH_ISCD }}" >> .env
echo "NH_ACCESS_TOKEN=${{ secrets.NH_ACCESS_TOKEN }}" >> .env
echo "SENTRY_DSN=${{ secrets.SENTRY_DSN }}" >> .env
echo "GOOGLE_EMAIL_ADDRESS=${{ secrets.GOOGLE_EMAIL_ADDRESS }}" >> .env
echo "GOOGLE_EMAIL_APP_PASSWORD=${{ secrets.GOOGLE_EMAIL_APP_PASSWORD }}" >> .env
echo "AWS_S3_BUCKET_NAME=${{ secrets.AWS_S3_BUCKET_NAME }}" >> .env
aws ecr get-login-password --region ap-northeast-2 | docker login --username AWS --password-stdin ${{secrets.AWS_ACCOUNT_ID}}.dkr.ecr.ap-northeast-2.amazonaws.com
docker-compose down
docker images --format "{{.Repository}}:{{.Tag}} {{.ID}}" | grep "${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.ap-northeast-2.amazonaws.com/${{ secrets.ECR_REPOSITORY }}:dev-" | awk '{print $2}' | xargs docker rmi -f
docker-compose up -d