release of new user whitelist (role, authority re-sync) - 20260311 (#… #30
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Production Server | |
| on: | |
| push: | |
| branches: | |
| - main | |
| workflow_dispatch: | |
| jobs: | |
| compile: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: "레포지토리를 체크아웃한다." | |
| uses: actions/checkout@v4 | |
| - name: "Gradle Wrapper 무결성을 검증한다." | |
| uses: gradle/actions/wrapper-validation@v4 | |
| - name: "JDK 21을 설정한다." | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '21' | |
| cache: 'gradle' | |
| - name: "Kotlin 소스를 컴파일한다." | |
| run: ./gradlew compileKotlin --configuration-cache --build-cache | |
| - name: "Discord로 빌드 실패를 알린다." | |
| if: failure() | |
| uses: Ilshidur/action-discord@0.3.2 | |
| env: | |
| DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }} | |
| with: | |
| args: | | |
| ❌ **컴파일 도중 문제가 발생했습니다.** | |
| actor : `@${{ github.actor }}` | |
| branch : `${{ github.head_ref }}` | |
| pull-request : `${{ github.event.pull_request.title }}` | |
| [🔗 작업 요약 보기](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) | |
| deploy: | |
| needs: | |
| - compile | |
| runs-on: ubuntu-22.04 | |
| env: | |
| SPRING_PROFILES_ACTIVE: prod | |
| DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }} | |
| DOCKER_REPOSITORY: ${{ secrets.DOCKER_REPOSITORY }} | |
| DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }} | |
| IMAGE_TAG: prod-${{ github.sha }} | |
| steps: | |
| - name: "레포지토리를 체크아웃한다." | |
| uses: actions/checkout@v4 | |
| - name: "JDK 21을 설정한다." | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '21' | |
| - name: "Docker buildx를 설정한다." | |
| uses: docker/setup-buildx-action@v3 | |
| - name: "Dockerhub 로그인" | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ env.DOCKER_USERNAME }} | |
| password: ${{ env.DOCKER_PASSWORD }} | |
| - name: "Jib을 사용하여 Docker 이미지를 빌드 후 Dockerhub에 푸시한다." | |
| run: | | |
| ./gradlew jib \ | |
| -Djib.to.auth.username=${{ env.DOCKER_USERNAME }} \ | |
| -Djib.to.auth.password=${{ env.DOCKER_PASSWORD }} \ | |
| -Djib.to.image=${{ env.DOCKER_USERNAME }}/${{ env.DOCKER_REPOSITORY }}:${{ env.IMAGE_TAG }} \ | |
| -Djib.to.tags=${{ env.IMAGE_TAG }} \ | |
| env: | |
| DOCKER_USERNAME: ${{ env.DOCKER_USERNAME }} | |
| DOCKER_REPOSITORY: ${{ env.DOCKER_REPOSITORY }} | |
| DOCKER_PASSWORD: ${{ env.DOCKER_PASSWORD }} | |
| IMAGE_TAG: ${{ env.IMAGE_TAG }} | |
| - name: "서버에 배포한다." | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.PROD_SERVER_HOST }} | |
| username: ${{ secrets.PROD_SERVER_USERNAME }} | |
| key: ${{ secrets.PROD_SERVER_SSH_KEY }} | |
| script: | | |
| cd ~ | |
| export IMAGE_TAG=${{ env.IMAGE_TAG }} | |
| rm -rf .env | |
| cat <<EOF > .env | |
| COHORT_VALUE=${{ secrets.PROD_COHORT_VALUE }} | |
| SPRING_PROFILES_ACTIVE=prod | |
| PROD_DB_HOST=${{ secrets.PROD_DB_HOST }} | |
| PROD_DB_PORT=${{ secrets.PROD_DB_PORT }} | |
| PROD_DB_SCHEMA=${{ secrets.PROD_DB_SCHEMA }} | |
| PROD_DB_USERNAME=${{ secrets.PROD_DB_USERNAME }} | |
| PROD_DB_PASSWORD=${{ secrets.PROD_DB_PASSWORD }} | |
| KAKAO_CLIENT_ID=${{ secrets.PROD_KAKAO_CLIENT_ID }} | |
| KAKAO_CLIENT_SECRET=${{ secrets.PROD_KAKAO_CLIENT_SECRET }} | |
| KAKAO_REDIRECT_URI=${{ secrets.PROD_KAKAO_REDIRECT_URI }} | |
| JWT_SECRET_KEY=${{ secrets.PROD_JWT_SECRET_KEY }} | |
| ACCESS_TOKEN_EXPIRATION_TIME=${{ secrets.PROD_ACCESS_TOKEN_EXPIRATION_TIME }} | |
| REFRESH_TOKEN_EXPIRATION_TIME=${{ secrets.PROD_REFRESH_TOKEN_EXPIRATION_TIME }} | |
| COOKIE_DOMAIN=${{ secrets.PROD_COOKIE_DOMAIN }} | |
| COOKIE_HTTP_ONLY=${{ secrets.PROD_COOKIE_HTTP_ONLY }} | |
| REDIRECT_URL=${{ secrets.PROD_REDIRECT_URL }} | |
| ADMIN_REDIRECT_URL=${{ secrets.PROD_ADMIN_REDIRECT_URL }} | |
| RESTRICTED_REDIRECT_URL=${{ secrets.PROD_RESTRICTED_REDIRECT_URL }} | |
| PROD_APPLE_REDIRECT_URI=${{ secrets.PROD_APPLE_REDIRECT_URI }} | |
| PROD_APPLE_REDIRECT_URL=${{ secrets.PROD_APPLE_REDIRECT_URL }} | |
| PROD_APPLE_PRIVATE_KEY=${{ secrets.PROD_APPLE_PRIVATE_KEY }} | |
| PROD_APPLE_TEAM_ID=${{ secrets.PROD_APPLE_TEAM_ID }} | |
| PROD_APPLE_KEY_ID=${{ secrets.PROD_APPLE_KEY_ID }} | |
| PROD_APPLE_CLIENT_ID=${{ secrets.PROD_APPLE_CLIENT_ID }} | |
| SECURITY_LOGGING_LEVEL=${{ secrets.SECURITY_LOGGING_LEVEL }} | |
| EOF | |
| echo "${{ env.DOCKER_PASSWORD }}" | docker login --username "${{ env.DOCKER_USERNAME }}" --password-stdin | |
| docker pull ${{ env.DOCKER_USERNAME }}/${{ env.DOCKER_REPOSITORY }}:${{ env.IMAGE_TAG }} | |
| docker stack deploy -c server-stack.yml server | |
| - name: "Discord로 Production 배포 실패를 알린다." | |
| if: failure() | |
| uses: Ilshidur/action-discord@0.3.2 | |
| env: | |
| DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }} | |
| with: | |
| args: | | |
| ❌ **`Production` 배포 도중 문제가 발생했습니다.** | |
| actor : `@${{ github.actor }}` | |
| branch : `${{ github.head_ref }}` | |
| pull-request : `${{ github.event.pull_request.title }}` | |
| [🔗 작업 요약 보기](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) |