-
Notifications
You must be signed in to change notification settings - Fork 1
135 lines (109 loc) · 3.92 KB
/
deploy.yml
File metadata and controls
135 lines (109 loc) · 3.92 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: AWS EC2에 Docker로 배포
on:
push:
branches:
- main
env:
DOCKER_IMAGE_NAME: ${{ secrets.DEV_DOCKER_IMAGE_NAME }} # e.g. dockerhub-username/repo
EC2_HOST: ${{ secrets.EC2_HOST }}
EC2_SSH_USER: ec2-user
PRIVATE_KEY: ${{ secrets.EC2_SSH_PRIVATE_KEY }}
CONTAINER_NAME: ${{ secrets.DEV_CONTAINER_NAME }}
APP_PORT: "8080"
TZ_REGION: "Asia/Seoul"
jobs:
build-and-push-docker:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Validate Gradle Wrapper
uses: gradle/actions/wrapper-validation@v4
- name: Set up JDK 21 (Amazon Corretto) with Gradle cache
uses: actions/setup-java@v4
with:
distribution: 'corretto'
java-version: '21'
cache: 'gradle'
- name: Set up configuration files
run: |
mkdir -p ./src/main/resources
# application.yml
cat > ./src/main/resources/application.yml <<'EOF'
${{ secrets.APPLICATION_YML }}
EOF
# application-local.yml
cat > ./src/main/resources/application-local.yml <<'EOF'
${{ secrets.APPLICATION_LOCAL_YML }}
EOF
# application-prod.yml
cat > ./src/main/resources/application-prod.yml <<'EOF'
${{ secrets.APPLICATION_PROD_YML }}
EOF
# application-cloud.yml
cat > ./src/main/resources/application-cloud.yml <<'EOF'
${{ secrets.APPLICATION_CLOUD_YML }}
EOF
# application-security.yml
cat > ./src/main/resources/application-security.yml <<'EOF'
${{ secrets.APPLICATION_SECURITY_YML }}
EOF
- name: Verify config files exist
run: ls -l ./src/main/resources/application*.yml
- name: Build with Gradle
run: ./gradlew clean build --no-daemon --warning-mode=all -x test
- name: Set image tags
id: meta
run: |
SHA_TAG=${GITHUB_SHA::7}
echo "sha_tag=$SHA_TAG" >> $GITHUB_OUTPUT
echo "latest_tag=latest" >> $GITHUB_OUTPUT
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}
- name: Build and push (latest & sha)
uses: docker/build-push-action@v6
with:
context: .
push: true
tags: |
${{ env.DOCKER_IMAGE_NAME }}:${{ steps.meta.outputs.latest_tag }}
${{ env.DOCKER_IMAGE_NAME }}:${{ steps.meta.outputs.sha_tag }}
deploy-to-ec2:
needs: build-and-push-docker
runs-on: ubuntu-latest
steps:
- name: Deploy to EC2
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ env.EC2_HOST }}
username: ${{ env.EC2_SSH_USER }}
key: ${{ env.PRIVATE_KEY }}
script: |
set -euo pipefail
IMAGE="${{ env.DOCKER_IMAGE_NAME }}:latest"
NAME="${{ env.CONTAINER_NAME }}"
PORT="${{ env.APP_PORT }}"
TZ="${{ env.TZ_REGION }}"
echo "[1/4] Pull latest image"
sudo docker pull "$IMAGE"
echo "[2/4] Stop & remove existing container by name (if exists)"
if sudo docker ps -a --format '{{.Names}}' | grep -wq "$NAME"; then
sudo docker stop "$NAME" || true
sudo docker rm "$NAME" || true
fi
echo "[3/4] Run new container on port ${PORT}"
sudo docker run -d \
--name "$NAME" \
-p ${PORT}:${PORT} \
-e TZ="$TZ" \
-e SPRING_PROFILES_ACTIVE=prod \
--restart unless-stopped \
"$IMAGE"
echo "[4/4] Cleanup dangling images"
sudo docker image prune -f
echo "Deployment complete: $NAME running on port $PORT"