-
Notifications
You must be signed in to change notification settings - Fork 0
191 lines (152 loc) · 6.47 KB
/
deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
name: Deploy to Amazon EC2
on:
push:
branches:
- main
# 본인이 설정한 값을 여기서 채워넣습니다.
# 리전, 버킷 이름, CodeDeploy 앱 이름, CodeDeploy 배포 그룹 이름
env:
AWS_REGION: ap-northeast-2
S3_BUCKET_NAME: pochak-github-actions-s3-bucket
CODE_DEPLOY_APPLICATION_NAME: pochakapp-codedeploy
CODE_DEPLOY_DEPLOYMENT_GROUP_NAME: pochakapp-codedeploy-deployment-group
PROJECT_NAME: pochak
RESOURCE_PATH: ./pochak/src/main/resources
permissions:
contents: read
jobs:
deploy:
name: Deploy
runs-on: ubuntu-latest
environment: production
steps:
# (1) 기본 체크아웃
- name: Checkout
uses: actions/checkout@v3
with:
ref: main
###
# 암호화 했던 설정파일 복호화-1
- name: Decrypt application-API-KEY
run: gpg --quiet --batch --yes --always-trust --decrypt --passphrase=${{ secrets.application_API_KEY }} --output $RESOURCE_PATH/application-API-KEY.tar $RESOURCE_PATH/application-API-KEY.tar.gpg
shell: bash
# 파일 구조 체크
- name: check file
run: ls -al
shell: bash
# 설정파일 압축 해제-1
- name: Unzip application-API-KEY
run: tar -xvf $RESOURCE_PATH/application-API-KEY.tar -C $RESOURCE_PATH/
shell: bash
# 파일 구조 체크
- name: check file 2
run: cd $RESOURCE_PATH ; ls -al
shell: bash
# 암호화 했던 설정파일 복호화-2
- name: Decrypt application_OAUTH
run: gpg --quiet --batch --yes --always-trust --decrypt --passphrase=${{ secrets.application_OAUTH }} --output $RESOURCE_PATH/application-OAUTH.tar $RESOURCE_PATH/application-OAUTH.tar.gpg
shell: bash
# 설정파일 압축 해제-2
- name: Unzip application_OAUTH
run: tar -xvf $RESOURCE_PATH/application-OAUTH.tar -C $RESOURCE_PATH/
shell: bash
# 암호화 했던 설정파일 복호화-3
- name: Decrypt application-JWT
run: gpg --quiet --batch --yes --always-trust --decrypt --passphrase=${{ secrets.application_JWT }} --output $RESOURCE_PATH/application-JWT.tar $RESOURCE_PATH/application-JWT.tar.gpg
shell: bash
# 설정파일 압축 해제-3
- name: Unzip application-JWT
run: tar -xvf $RESOURCE_PATH/application-JWT.tar -C $RESOURCE_PATH/
shell: bash
# 암호화 했던 설정파일 복호화-1
- name: Decrypt application-API-KEY
run: gpg --quiet --batch --yes --always-trust --decrypt --passphrase=${{ secrets.application_API_KEY }} --output $RESOURCE_PATH/application-API-KEY.tar $RESOURCE_PATH/application-API-KEY.tar.gpg
shell: bash
# 파일 구조 체크
- name: check file
run: ls -al
shell: bash
# 설정파일 압축 해제-1
- name: Unzip application-API-KEY
run: tar -xvf $RESOURCE_PATH/application-API-KEY.tar -C $RESOURCE_PATH/
shell: bash
# 파일 구조 체크
- name: check file 2
run: cd $RESOURCE_PATH ; ls -al
shell: bash
# 암호화 했던 설정파일 복호화-2
- name: Decrypt application_OAUTH
run: gpg --quiet --batch --yes --always-trust --decrypt --passphrase=${{ secrets.application_OAUTH }} --output $RESOURCE_PATH/application-OAUTH.tar $RESOURCE_PATH/application-OAUTH.tar.gpg
shell: bash
# 설정파일 압축 해제-2
- name: Unzip application_OAUTH
run: tar -xvf $RESOURCE_PATH/application-OAUTH.tar -C $RESOURCE_PATH/
shell: bash
# 암호화 했던 설정파일 복호화-3
- name: Decrypt application-JWT
run: gpg --quiet --batch --yes --always-trust --decrypt --passphrase=${{ secrets.application_JWT }} --output $RESOURCE_PATH/application-JWT.tar $RESOURCE_PATH/application-JWT.tar.gpg
shell: bash
# 설정파일 압축 해제-3
- name: Unzip application-JWT
run: tar -xvf $RESOURCE_PATH/application-JWT.tar -C $RESOURCE_PATH/
shell: bash
# APPLE 암호화 풀기 -1
- name: Decrypt AuthKey_D5ZQTHUQ4K
run: gpg --quiet --batch --yes --always-trust --decrypt --passphrase=${{ secrets.application_OAUTH }} --output $RESOURCE_PATH/static/AuthKey_D5ZQTHUQ4K.tar $RESOURCE_PATH/static/AuthKey_D5ZQTHUQ4K.tar.gpg
shell: bash
# APPLE 설정파일 압축 해제-3
- name: Unzip AuthKey_D5ZQTHUQ4K
run: tar -xvf $RESOURCE_PATH/static/AuthKey_D5ZQTHUQ4K.tar -C $RESOURCE_PATH/static/
shell: bash
# (2) JDK 17 세팅
- name: JDK 17 설치
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'corretto'
- name: gradlew에 실행 권한 부여
run: chmod +x ./pochak/gradlew
#- name: init gradle
# run: gradle init
- name: 경로 확인, 자바 확인
run: ls -l ; java -version
- name: 경로 이동, 확인
run: cd pochak ; pwd ; ls -al
shell: bash
# (3) Gradle build (Test 제외)
- name: Build with Gradle
# run: /home/runner/work/2023-POCHAK-server/2023-POCHAK-server/pochak/gradlew build
# shell: bash
uses: gradle/gradle-build-action@67421db6bd0bf253fb4bd25b31ebb98943c375e1
with:
arguments: build
build-root-directory: /home/runner/work/2023-POCHAK-server/2023-POCHAK-server/pochak
- name: 빌드 확인
run: ls -l ./pochak/build/libs
shell: bash
- name: Make zip file #1 # build한 파일 모두 압축
run: zip -qq -r ./$GITHUB_SHA.zip .
shell: bash
# (4) AWS 인증 (IAM 사용자 Access Key, Secret Key 활용)
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
# (5) 빌드 결과물을 S3 버킷에 업로드
- name: Upload to AWS S3
run: |
aws deploy push \
--application-name ${{ env.CODE_DEPLOY_APPLICATION_NAME }} \
--ignore-hidden-files \
--s3-location s3://$S3_BUCKET_NAME/$GITHUB_SHA.zip \
--source .
# (6) S3 버킷에 있는 파일을 대상으로 CodeDeploy 실행
- name: Deploy to AWS EC2 from S3
run: |
aws deploy create-deployment \
--application-name ${{ env.CODE_DEPLOY_APPLICATION_NAME }} \
--deployment-config-name CodeDeployDefault.AllAtOnce \
--deployment-group-name ${{ env.CODE_DEPLOY_DEPLOYMENT_GROUP_NAME }} \
--s3-location bucket=$S3_BUCKET_NAME,key=$GITHUB_SHA.zip,bundleType=zip