Skip to content

[#129]; refactor(auth): tokenType 클레임 비교를 대소문자 무시 → 엄격 비교로 정렬 #17

[#129]; refactor(auth): tokenType 클레임 비교를 대소문자 무시 → 엄격 비교로 정렬

[#129]; refactor(auth): tokenType 클레임 비교를 대소문자 무시 → 엄격 비교로 정렬 #17

Workflow file for this run

name: deploy-dev
on:
push:
branches:
- develop
workflow_dispatch:
inputs:
tag:
description: 'Release tag to deploy'
required: true
default: 'latest'
jobs:
build-deploy:
runs-on: ubuntu-latest
environment: dev
permissions:
id-token: write
contents: read
defaults:
run:
working-directory: ./
steps:
- uses: actions/checkout@v4
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'temurin'
cache: 'gradle'
- name: Grant execute permission for gradlew
run: chmod +x gradlew
- name: Set secret yml file
run: |
mkdir -p src/main/resources
echo "${{ secrets.APPLICANT_SYNC_MAPPING_DATA }}" > src/main/resources/applicant-sync-mapping-data.yml
find src
# Additional Gradle Caches for better performance
- name: Cache Gradle packages
uses: actions/cache@v4
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-
- name: Clean Build with Gradle (with Testing)
env:
JWT_ACCESS_KEY: ${{ secrets.JWT_ACCESS_KEY }}
JWT_REFRESH_KEY: ${{ secrets.JWT_REFRESH_KEY }}
GOOGLE_OAUTH_CLIENT_ID: ${{ secrets.GOOGLE_OAUTH_CLIENT_ID }}
GOOGLE_OAUTH_CLIENT_SECRET: ${{ secrets.GOOGLE_OAUTH_CLIENT_SECRET }}
GOOGLE_OAUTH_REDIRECT_URI: ${{ secrets.GOOGLE_OAUTH_REDIRECT_URI }}
ALLOWED_REDIRECT_URI_LOCAL: ${{ vars.ALLOWED_REDIRECT_URI_LOCAL }}
ALLOWED_REDIRECT_URI_DEV: ${{ vars.ALLOWED_REDIRECT_URI_DEV }}
SWAGGER_OAUTH2_REDIRECT_URL: ${{ vars.SWAGGER_OAUTH2_REDIRECT_URL }}
run: |
echo "JWT_ACCESS_KEY=$JWT_ACCESS_KEY"
echo "JWT_REFRESH_KEY=$JWT_REFRESH_KEY"
echo "GOOGLE_OAUTH_CLIENT_ID=$GOOGLE_OAUTH_CLIENT_ID"
echo "GOOGLE_OAUTH_CLIENT_SECRET=$GOOGLE_OAUTH_CLIENT_SECRET"
echo "GOOGLE_OAUTH_REDIRECT_URI=$GOOGLE_OAUTH_REDIRECT_URI"
echo "ALLOWED_REDIRECT_URI_LOCAL=$ALLOWED_REDIRECT_URI_LOCAL"
echo "ALLOWED_REDIRECT_URI_DEV=$ALLOWED_REDIRECT_URI_DEV"
echo "SWAGGER_OAUTH2_REDIRECT_URL=$SWAGGER_OAUTH2_REDIRECT_URL"
./gradlew clean build --build-cache --parallel --daemon
- name: Set up QEMU
uses: docker/setup-qemu-action@v2
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: image=moby/buildkit:latest
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
role-session-name: GithubActions-${{ github.run_id }}
aws-region: us-east-1
- name: Login to Amazon ECR
id: login-ecr-public
uses: aws-actions/amazon-ecr-login@v2
with:
registry-type: public
- name: Cache Docker layers
uses: actions/cache@v4
with:
path: /tmp/.buildx-cache
key: ${{ runner.os }}-buildx-${{ hashFiles('Dockerfile') }}-${{ github.sha }}
restore-keys: |
${{ runner.os }}-buildx-${{ hashFiles('Dockerfile') }}-
${{ runner.os }}-buildx-
- name: Build, tag, and push image to Amazon ECR
env:
ECR_REGISTRY: public.ecr.aws/${{ vars.ECR_PUBLIC_REGISTRY_ID }}
IMAGE_TAG: ${{ github.sha }}
ECR_REPOSITORY: yourssu/${{ vars.PROJECT_NAME }}
run: |
echo "ECR_REGISTRY=$ECR_REGISTRY"
echo "ECR_REPOSITORY=$ECR_REPOSITORY"
echo "FULL_IMAGE_NAME=$ECR_REGISTRY/$ECR_REPOSITORY:latest"
# create and use a new builder instance
docker buildx create --use --name arm-builder
docker buildx build \
--platform linux/arm64,linux/amd64 \
--push \
--provenance=false \
--cache-from "type=gha" \
--cache-from "type=local,src=/tmp/.buildx-cache" \
--cache-to "type=gha,mode=max" \
--cache-to "type=local,dest=/tmp/.buildx-cache-new,mode=max" \
-t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG \
-t $ECR_REGISTRY/$ECR_REPOSITORY:latest \
.
# 캐시 교체
rm -rf /tmp/.buildx-cache
mv /tmp/.buildx-cache-new /tmp/.buildx-cache
- name: Deploy to AWS EC2
env:
YOURSSU_PEM: ${{ secrets.YOURSSU_PEM }}
HOST_URL: ${{ vars.HOST_URL }}
SERVER_PORT: ${{ vars.SERVER_PORT }}
CORS_ALLOWED_ORIGINS: ${{ vars.CORS_ALLOWED_ORIGINS }}
DB_URL: ${{ secrets.DB_URL }}
DB_USERNAME: ${{ secrets.DB_USERNAME }}
DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
PROJECT_NAME: ${{ vars.PROJECT_NAME }}
ENVIRONMENT: ${{ vars.ENVIRONMENT }}
ECR_REGISTRY: public.ecr.aws/${{ vars.ECR_PUBLIC_REGISTRY_ID }}
# For this project
JWT_ACCESS_KEY: ${{ secrets.JWT_ACCESS_KEY }}
JWT_REFRESH_KEY: ${{ secrets.JWT_REFRESH_KEY }}
GOOGLE_OAUTH_CLIENT_ID: ${{ secrets.GOOGLE_OAUTH_CLIENT_ID }}
GOOGLE_OAUTH_CLIENT_SECRET: ${{ secrets.GOOGLE_OAUTH_CLIENT_SECRET }}
GOOGLE_OAUTH_REDIRECT_URI: ${{ secrets.GOOGLE_OAUTH_REDIRECT_URI }}
ALLOWED_REDIRECT_URI_LOCAL: ${{ vars.ALLOWED_REDIRECT_URI_LOCAL }}
ALLOWED_REDIRECT_URI_DEV: ${{ vars.ALLOWED_REDIRECT_URI_DEV }}
SWAGGER_OAUTH2_REDIRECT_URL: ${{ vars.SWAGGER_OAUTH2_REDIRECT_URL }}
run: |
mkdir -p ~/.ssh
ssh-keyscan -H $HOST_URL >> ~/.ssh/known_hosts
echo "$YOURSSU_PEM" > yourssu.pem
chmod 600 yourssu.pem
# .env 파일 생성
echo "SERVER_PORT=$SERVER_PORT" >> .env
echo "CORS_ALLOWED_ORIGINS=$CORS_ALLOWED_ORIGINS" >> .env
echo "DB_URL=$DB_URL" >> .env
echo "DB_USERNAME=$DB_USERNAME" >> .env
echo "DB_PASSWORD=$DB_PASSWORD" >> .env
echo "PROJECT_NAME=$PROJECT_NAME" >> .env
echo "ENVIRONMENT=$ENVIRONMENT" >> .env
echo "ECR_REGISTRY=$ECR_REGISTRY" >> .env
echo "JWT_ACCESS_KEY=$JWT_ACCESS_KEY" >> .env
echo "JWT_REFRESH_KEY=$JWT_REFRESH_KEY" >> .env
echo "GOOGLE_OAUTH_CLIENT_ID=$GOOGLE_OAUTH_CLIENT_ID" >> .env
echo "GOOGLE_OAUTH_CLIENT_SECRET=$GOOGLE_OAUTH_CLIENT_SECRET" >> .env
echo "GOOGLE_OAUTH_REDIRECT_URI=$GOOGLE_OAUTH_REDIRECT_URI" >> .env
echo "ALLOWED_REDIRECT_URI_LOCAL=$ALLOWED_REDIRECT_URI_LOCAL" >> .env
echo "ALLOWED_REDIRECT_URI_DEV=$ALLOWED_REDIRECT_URI_DEV" >> .env
echo "SWAGGER_OAUTH2_REDIRECT_URL=$SWAGGER_OAUTH2_REDIRECT_URL" >> .env
# create deployment directory structure
ssh -i yourssu.pem ubuntu@$HOST_URL "mkdir -p ~/$PROJECT_NAME-api/logs"
# deploy environment file and docker script to host machine
scp -i yourssu.pem .env ubuntu@$HOST_URL:~/$PROJECT_NAME-api/
scp -i yourssu.pem scripts/docker-deploy.sh ubuntu@$HOST_URL:~/$PROJECT_NAME-api/
# Make the script executable
ssh -i yourssu.pem ubuntu@$HOST_URL "chmod +x ~/$PROJECT_NAME-api/docker-deploy.sh"
# Execute the script
ssh -i yourssu.pem ubuntu@$HOST_URL "cd ~/$PROJECT_NAME-api && \
PROJECT_NAME=$PROJECT_NAME IMAGE_TAG=${{ github.event.inputs.tag || github.sha }} ./docker-deploy.sh"