CorkCharge-BE/.github/workflows/cd-workflow.yml at develope · CorkCharge/CorkCharge-BE · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: CD with Gradle and Docker

on:
  push:
    branches:
      - 'main'
      - 'develope'

permissions:
  contents: read

jobs:
  build:
    runs-on: ubuntu-latest
    env:
      AWS_REGION: ap-northeast-2
      AWS_DEFAULT_REGION: ap-northeast-2

    steps:
      - uses: actions/checkout@v4

      - name: ☕️ Set up JDK 21
        uses: actions/setup-java@v3
        with:
          java-version: '21'
          distribution: 'temurin'

      - name: 🐘 Cache Gradle dependencies
        uses: actions/cache@v3
        with:
          path: |
            ~/.gradle/caches
            ~/.gradle/wrapper
          key: gradle-${{ runner.os }}-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
          restore-keys: |
            gradle-${{ runner.os }}-

      - name: 👏🏻 Grant execute permission for gradlew
        run: chmod +x ./gradlew

      - name: 🐘 Build with Gradle (without test)
        run: ./gradlew clean build -x test --stacktrace

      - name: 🐳 Docker build & push
        run: |
          docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
          docker build -f dockerFile -t ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE }} .
          docker push ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE }}

      - name: 🫴🏻 Get Public IP
        id: ip
        uses: haythem/public-ip@v1.3

      - name: 🪪 Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: 'ap-northeast-2'

      - name: ➕ Add GitHub Actions IP to EC2
        run: |
          aws ec2 authorize-security-group-ingress \
            --group-id ${{ secrets.SECURITY_GROUP_ID }} \
            --protocol tcp \
            --port 22 \
            --cidr ${{ steps.ip.outputs.ipv4 }}/32

      - name: 📄 Create .env file from GitHub Secrets
        run: |
          echo "PROD_DB_URL=${{ secrets.PROD_DB_URL }}" >> .env
          echo "PROD_DB_USER=${{ secrets.PROD_DB_USER }}" >> .env
          echo "PROD_DB_PASSWORD=${{ secrets.PROD_DB_PASSWORD }}" >> .env
          echo "OPEN_API_KEY=${{ secrets.OPEN_API_KEY }}" >> .env
          echo "OPEN_API_BASE_URL=${{ secrets.OPEN_API_BASE_URL }}" >> .env
          echo "AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }}" >> .env
          echo "AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }}" >> .env
          echo "AWS_S3_BUCKET=${{ secrets.AWS_S3_BUCKET }}" >> .env
          echo "AWS_S3_BASE_URL=${{ secrets.AWS_S3_BASE_URL }}" >> .env
          echo "NAVER_CLIENT_ID=${{ secrets.NAVER_CLIENT_ID }}" >> .env
          echo "NAVER_CLIENT_SECRET=${{ secrets.NAVER_CLIENT_SECRET }}" >> .env
          echo "NAVER_OAUTH_CLIENT_ID=${{secrets.NAVER_OAUTH_CLIENT_ID}}" >> .env
          echo "NAVER_OAUTH_CLIENT_SECRET=${{secrets.NAVER_OAUTH_CLIENT_SECRET}}" >> .env
          echo "JWT_SECRET=${{secrets.JWT_SECRET}}" >> .env

      - name: ✉️ Upload docker compose.yml to EC2
        uses: appleboy/scp-action@master
        with:
          host: ${{ secrets.EC2_HOST }}
          username: ${{ secrets.EC2_USERNAME }}
          key: ${{ secrets.EC2_KEY }}
          source: "docker-compose.yml"
          target: "/home/ubuntu/app/"

      - name: 📦 Upload .env file to EC2
        uses: appleboy/scp-action@master
        with:
          host: ${{ secrets.EC2_HOST }}
          username: ${{ secrets.EC2_USERNAME }}
          key: ${{ secrets.EC2_KEY }}
          source: ".env"
          target: "/home/ubuntu/app/"

      - name: 🚀 SSH Deploy to EC2 & Restart with Docker Compose
        uses: appleboy/ssh-action@master
        with:
          host: ${{ secrets.EC2_HOST }}
          username: ${{ secrets.EC2_USERNAME }}
          key: ${{ secrets.EC2_KEY }}
          port: ${{ secrets.EC2_PORT }}
          script: |
            echo "📁 Move to app directory"
            cd /home/ubuntu/app

            echo "🧹 Stopping old containers & removing images"
            sudo docker compose down --rmi all || true

            echo "📥 Pulling latest image"
            sudo docker pull ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE }}

            echo "🚀 Starting container"
            sudo docker compose up -d

      - name: ❌ Remove GitHub Actions IP from EC2
        if: always()
        run: |
          aws ec2 revoke-security-group-ingress \
            --group-id ${{ secrets.SECURITY_GROUP_ID }} \
            --protocol tcp \
            --port 22 \
            --cidr ${{ steps.ip.outputs.ipv4 }}/32