dpm-core-server/.github/workflows/prod-cd.yml at develop · depromeet/dpm-core-server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
name: Deploy to Production Server

on:
  push:
    branches:
      - main
  workflow_dispatch:

jobs:
  compile:
    runs-on: ubuntu-22.04

    steps:
      - name: "레포지토리를 체크아웃한다."
        uses: actions/checkout@v4

      - name: "Gradle Wrapper 무결성을 검증한다."
        uses: gradle/actions/wrapper-validation@v4

      - name: "JDK 21을 설정한다."
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: '21'
          cache: 'gradle'

      - name: "Kotlin 소스를 컴파일한다."
        run: ./gradlew compileKotlin --configuration-cache --build-cache

      - name: "Discord로 빌드 실패를 알린다."
        if: failure()
        uses: Ilshidur/action-discord@0.3.2
        env:
          DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
        with:
          args: |
            ❌ **컴파일 도중 문제가 발생했습니다.**
            actor : `@${{ github.actor }}`
            branch : `${{ github.head_ref }}`
            pull-request : `${{ github.event.pull_request.title }}`
            [🔗 작업 요약 보기](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})

  deploy:
    needs:
      - compile
    runs-on: ubuntu-22.04
    env:
      SPRING_PROFILES_ACTIVE: prod
      DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
      DOCKER_REPOSITORY: ${{ secrets.DOCKER_REPOSITORY }}
      DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
      IMAGE_TAG: prod-${{ github.sha }}

    steps:
      - name: "레포지토리를 체크아웃한다."
        uses: actions/checkout@v4

      - name: "JDK 21을 설정한다."
        uses: actions/setup-java@v4
        with:
          distribution: 'temurin'
          java-version: '21'

      - name: "Docker buildx를 설정한다."
        uses: docker/setup-buildx-action@v3

      - name: "Dockerhub 로그인"
        uses: docker/login-action@v3
        with:
          username: ${{ env.DOCKER_USERNAME }}
          password: ${{ env.DOCKER_PASSWORD }}

      - name: "Jib을 사용하여 Docker 이미지를 빌드 후 Dockerhub에 푸시한다."
        run: |
          ./gradlew jib \
            -Djib.to.auth.username=${{ env.DOCKER_USERNAME }} \
            -Djib.to.auth.password=${{ env.DOCKER_PASSWORD }} \
            -Djib.to.image=${{ env.DOCKER_USERNAME }}/${{ env.DOCKER_REPOSITORY }}:${{ env.IMAGE_TAG }} \
            -Djib.to.tags=${{ env.IMAGE_TAG }} \
        env:
          DOCKER_USERNAME: ${{ env.DOCKER_USERNAME }}
          DOCKER_REPOSITORY: ${{ env.DOCKER_REPOSITORY }}
          DOCKER_PASSWORD: ${{ env.DOCKER_PASSWORD }}
          IMAGE_TAG: ${{ env.IMAGE_TAG }}

      - name: "서버에 배포한다."
        uses: appleboy/ssh-action@master
        with:
          host: ${{ secrets.PROD_SERVER_HOST }}
          username: ${{ secrets.PROD_SERVER_USERNAME }}
          key: ${{ secrets.PROD_SERVER_SSH_KEY }}
          script: |
            cd ~

            export IMAGE_TAG=${{ env.IMAGE_TAG }}
            rm -rf .env

            cat <<EOF > .env
            COHORT_VALUE=${{ secrets.PROD_COHORT_VALUE }}
            SPRING_PROFILES_ACTIVE=prod
            PROD_DB_HOST=${{ secrets.PROD_DB_HOST }}
            PROD_DB_PORT=${{ secrets.PROD_DB_PORT }}
            PROD_DB_SCHEMA=${{ secrets.PROD_DB_SCHEMA }}
            PROD_DB_USERNAME=${{ secrets.PROD_DB_USERNAME }}
            PROD_DB_PASSWORD=${{ secrets.PROD_DB_PASSWORD }}
            KAKAO_CLIENT_ID=${{ secrets.PROD_KAKAO_CLIENT_ID }}
            KAKAO_CLIENT_SECRET=${{ secrets.PROD_KAKAO_CLIENT_SECRET }}
            KAKAO_REDIRECT_URI=${{ secrets.PROD_KAKAO_REDIRECT_URI }}
            JWT_SECRET_KEY=${{ secrets.PROD_JWT_SECRET_KEY }}
            ACCESS_TOKEN_EXPIRATION_TIME=${{ secrets.PROD_ACCESS_TOKEN_EXPIRATION_TIME }}
            REFRESH_TOKEN_EXPIRATION_TIME=${{ secrets.PROD_REFRESH_TOKEN_EXPIRATION_TIME }}
            COOKIE_DOMAIN=${{ secrets.PROD_COOKIE_DOMAIN }}
            COOKIE_HTTP_ONLY=${{ secrets.PROD_COOKIE_HTTP_ONLY }}
            REDIRECT_URL=${{ secrets.PROD_REDIRECT_URL }}
            ADMIN_REDIRECT_URL=${{ secrets.PROD_ADMIN_REDIRECT_URL }}
            RESTRICTED_REDIRECT_URL=${{ secrets.PROD_RESTRICTED_REDIRECT_URL }}
            PROD_APPLE_REDIRECT_URI=${{ secrets.PROD_APPLE_REDIRECT_URI }}
            PROD_APPLE_REDIRECT_URL=${{ secrets.PROD_APPLE_REDIRECT_URL }}
            PROD_APPLE_PRIVATE_KEY=${{ secrets.PROD_APPLE_PRIVATE_KEY }}
            PROD_APPLE_TEAM_ID=${{ secrets.PROD_APPLE_TEAM_ID }}
            PROD_APPLE_KEY_ID=${{ secrets.PROD_APPLE_KEY_ID }}
            PROD_APPLE_CLIENT_ID=${{ secrets.PROD_APPLE_CLIENT_ID }}
            SECURITY_LOGGING_LEVEL=${{ secrets.SECURITY_LOGGING_LEVEL }}
            EOF

            echo "${{ env.DOCKER_PASSWORD }}" | docker login --username "${{ env.DOCKER_USERNAME }}" --password-stdin
            docker pull ${{ env.DOCKER_USERNAME }}/${{ env.DOCKER_REPOSITORY }}:${{ env.IMAGE_TAG }}
            docker stack deploy -c server-stack.yml server

      - name: "Discord로 Production 배포 실패를 알린다."
        if: failure()
        uses: Ilshidur/action-discord@0.3.2
        env:
          DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK }}
        with:
          args: |
            ❌ **`Production` 배포 도중 문제가 발생했습니다.**
            actor : `@${{ github.actor }}`
            branch : `${{ github.head_ref }}`
            pull-request : `${{ github.event.pull_request.title }}`
            [🔗 작업 요약 보기](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})