#87 ๐ fix: ํ์ต ๋๋ฉ์ธ ๊ธฐ์ฌ ๊ฒ์(๋ณธ๋ฌธ - ๋์๋ฌธ์ ๋ฌด์) #57
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: FinSight Dev CI/CD | |
| on: | |
| pull_request: | |
| types: [closed] | |
| workflow_dispatch: # (2).์๋ ์คํ๋ ๊ฐ๋ฅํ๋๋ก | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest # (3).OSํ๊ฒฝ | |
| if: github.event_name == 'workflow_dispatch' || (github.event.pull_request.merged == true && github.event.pull_request.base.ref == 'develop') | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: "17" | |
| - name: Create application.yml from Secret (safe) | |
| run: | | |
| mkdir -p src/main/resources | |
| printf '%s' "${{ secrets.APPLICATION_YML }}" > src/main/resources/application.yml | |
| # Windows CRLF ๋ฐฉ์ง | |
| sed -i 's/\r$//' src/main/resources/application.yml | |
| - name: Grant execute permission for gradlew | |
| run: chmod +x ./gradlew | |
| - name: Build (bootJar) with debug log | |
| run: ./gradlew clean bootJar -x test --stacktrace --info | |
| - name: Pick jar and rename to finsight.jar | |
| run: | | |
| ls -al build/libs | |
| JAR_PATH=$(ls build/libs/*.jar | head -n 1) | |
| echo "Picked jar: $JAR_PATH" | |
| cp "$JAR_PATH" finsight.jar | |
| - name: Setup SSH key (debug) | |
| run: | | |
| echo "HOME is: $HOME" | |
| echo "Setting up SSH key..." | |
| mkdir -p ~/.ssh | |
| ls -ld ~/.ssh | |
| echo "${{ secrets.EC2_SSH_KEY }}" > ~/.ssh/id_rsa | |
| echo "SSH key written successfully" | |
| ls -l ~/.ssh | |
| echo "SSH key file size: $(wc -c < ~/.ssh/id_rsa) bytes" | |
| echo "SSH key permissions: $(ls -l ~/.ssh/id_rsa | awk '{print $1}')" | |
| chmod 600 ~/.ssh/id_rsa | |
| ssh-keyscan -H ${{ secrets.EC2_HOST }} >> ~/.ssh/known_hosts | |
| echo "SSH setup completed" | |
| - name: Upload jar to EC2 | |
| run: | | |
| scp -i ~/.ssh/id_rsa finsight.jar ${{ secrets.EC2_USERNAME }}@${{ secrets.EC2_HOST }}:/home/${{ secrets.EC2_USERNAME }}/finsight.jar | |
| - name: Upload application.yml to EC2 (/etc/finsight) | |
| run: | | |
| # 1) Runner์์ ์์ฑ๋ ํ์ผ์ EC2 ํ์ผ๋ก ๋จผ์ ์ ๋ก๋ | |
| scp -i ~/.ssh/id_rsa src/main/resources/application.yml \ | |
| ${{ secrets.EC2_USERNAME }}@${{ secrets.EC2_HOST }}:/home/${{ secrets.EC2_USERNAME }}/application.yml | |
| # 2) sudo๋ก /etc๋ก ์ด๋ | |
| ssh -i ~/.ssh/id_rsa ${{ secrets.EC2_USERNAME }}@${{ secrets.EC2_HOST }} << 'EOF' | |
| set -e | |
| sudo mkdir -p /etc/finsight | |
| sudo mv /home/${{ secrets.EC2_USERNAME }}/application.yml /etc/finsight/application.yml | |
| sudo chmod 600 /etc/finsight/application.yml | |
| sudo chown ${{ secrets.EC2_USERNAME }}:${{ secrets.EC2_USERNAME }} /etc/finsight/application.yml | |
| echo "[OK] deployed /etc/finsight/application.yml" | |
| EOF | |
| # ๋ชจ๋ํฐ๋ง | |
| - name: Upload observability configs to EC2 | |
| run: | | |
| ssh -i ~/.ssh/id_rsa ${{ secrets.EC2_USERNAME }}@${{ secrets.EC2_HOST }} "mkdir -p /home/${{ secrets.EC2_USERNAME }}/infra" | |
| scp -i ~/.ssh/id_rsa -r infra/observability \ | |
| ${{ secrets.EC2_USERNAME }}@${{ secrets.EC2_HOST }}:/home/${{ secrets.EC2_USERNAME }}/infra/observability | |
| - name: Restart app on EC2 (with OCI Oracle env) | |
| run: | | |
| ssh -i ~/.ssh/id_rsa ${{ secrets.EC2_USERNAME }}@${{ secrets.EC2_HOST }} << 'EOF' | |
| set -e | |
| # ---------- Run/Keep Prometheus+Grafana up ---------- | |
| cd /home/${{ secrets.EC2_USERNAME }}/infra/observability | |
| # docker compose ๋ช ๋ น ํธํ ์ฒ๋ฆฌ | |
| if docker compose version >/dev/null 2>&1; then | |
| DC="docker compose" | |
| elif docker-compose version >/dev/null 2>&1; then | |
| DC="docker-compose" | |
| else | |
| echo "[ERROR] docker compose not found. Install docker + docker compose plugin on EC2 first." | |
| exit 1 | |
| fi | |
| $DC up -d --remove-orphans | |
| # 1) Stop previous app (if running) | |
| pgrep -f 'finsight.jar' && pkill -f 'finsight.jar' || true | |
| # 2) Export DB env (OCI Oracle TLS) | |
| export DB_URL='${{ secrets.DB_URL }}' | |
| export DB_USERNAME='${{ secrets.DB_USERNAME }}' | |
| export DB_PASSWORD='${{ secrets.DB_PASSWORD }}' | |
| # 3) Run new app (use external YAML) | |
| nohup java -jar /home/${{ secrets.EC2_USERNAME }}/finsight.jar \ | |
| --spring.config.location=file:/etc/finsight/application.yml \ | |
| > /home/${{ secrets.EC2_USERNAME }}/app.log 2>&1 & | |
| # 4) Show last logs | |
| sleep 2 | |
| tail -n 50 /home/${{ secrets.EC2_USERNAME }}/app.log || true | |
| EOF |