Merge pull request #95 from prgrms-web-devcourse-final-project/Featur… #166
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy To EC2 | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| - hotfix/ci-cd-에러-해결 | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| env: | |
| OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} | |
| REDIS_VECTOR_URI: ${{ secrets.REDIS_VECTOR_URI }} | |
| REDIS_VECTOR_PORT: ${{ secrets.REDIS_VECTOR_PORT }} | |
| DATABASE_URL: ${{ secrets.DATABASE_URL }} | |
| DATABASE_USERNAME: ${{ secrets.DATABASE_USERNAME }} | |
| DATABASE_PASSWORD: ${{ secrets.DATABASE_PASSWORD }} | |
| DATABASE_DRIVER: ${{ secrets.DATABASE_DRIVER }} | |
| REDIS_HOST: ${{ secrets.REDIS_HOST }} | |
| REDIS_PORT: ${{ secrets.REDIS_PORT }} | |
| JWT_SECRET: ${{ secrets.JWT_SECRET }} | |
| JWT_EXPIRATION: ${{ secrets.JWT_EXPIRATION }} | |
| JWT_REFRESH_EXPIRATION: ${{ secrets.JWT_REFRESH_EXPIRATION }} | |
| MAIL_EMAIL: ${{ secrets.MAIL_EMAIL }} | |
| MAIL_PASSWORD: ${{ secrets.MAIL_PASSWORD }} | |
| KAKAO_CLIENT_ID: ${{ secrets.KAKAO_CLIENT_ID }} | |
| KAKAO_REDIRECT_URI: ${{ secrets.KAKAO_REDIRECT_URI }} | |
| AWS_ACCESS_KEY: ${{ secrets.AWS_ACCESS_KEY }} | |
| AWS_SECRET_KEY: ${{ secrets.AWS_SECRET_KEY }} | |
| AWS_REGION: ${{ secrets.AWS_REGION }} | |
| AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} | |
| steps: | |
| - name: Github Repository 파일 불러오기 | |
| uses: actions/checkout@v4 | |
| - name: JDK 17버전 설치 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: 17 | |
| - name: Gradle packages 캐싱 | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.gradle/caches | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle') }} | |
| restore-keys: ${{ runner.os }}-gradle | |
| - name: Setup Firebase service key | |
| run: | | |
| mkdir -p module-external-api/src/main/resources/firebase | |
| echo "${{ secrets.FIREBASE_SERVICE_KEY_BASE64_ENCODE }}" | base64 --decode > module-external-api/src/main/resources/firebase/firebase-service-key.json | |
| - name: 테스트 및 빌드하기 | |
| run: ./gradlew clean build --stacktrace --info | |
| - name: AWS Resource에 접근할 수 있게 AWS credentials 설정 | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ap-northeast-2 | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| - name: ECR에 로그인하기 | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: 태그 생성 | |
| id: create-tag | |
| run: echo "IMAGE_TAG=$(date +%Y%m%d%H%M%S)" >> $GITHUB_ENV | |
| - name: Docker 이미지 생성 및 태그 | |
| run: | | |
| docker build -t q-feed-server:${IMAGE_TAG} . | |
| docker tag q-feed-server:${IMAGE_TAG} ${{ steps.login-ecr.outputs.registry }}/q-feed-server:${IMAGE_TAG} | |
| docker tag q-feed-server:${IMAGE_TAG} ${{ steps.login-ecr.outputs.registry }}/q-feed-server:latest | |
| - name: ECR에 Docker 이미지 Push하기 | |
| run: | | |
| docker push ${{ steps.login-ecr.outputs.registry }}/q-feed-server:${IMAGE_TAG} | |
| docker push ${{ steps.login-ecr.outputs.registry }}/q-feed-server:latest | |
| - name: SSH로 EC2에 접속하기 | |
| uses: appleboy/ssh-action@v1.0.3 | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ${{ secrets.EC2_USERNAME }} | |
| key: ${{ secrets.EC2_PRIVATE_KEY }} | |
| script_stop: true | |
| script: | | |
| if [ "$(docker ps -q -f name=q-feed-server)" ]; then | |
| docker stop q-feed-server | |
| docker rm q-feed-server | |
| fi | |
| docker image prune -af | |
| echo "OPENAI_API_KEY=${{ secrets.OPENAI_API_KEY }}" > .env | |
| echo "REDIS_VECTOR_URI=${{ secrets.REDIS_VECTOR_URI }}" >> .env | |
| echo "REDIS_VECTOR_PORT=${{ secrets.REDIS_VECTOR_PORT }}" >> .env | |
| echo "DATABASE_URL=${{ secrets.DATABASE_URL }}" >> .env | |
| echo "DATABASE_USERNAME=${{ secrets.DATABASE_USERNAME }}" >> .env | |
| echo "DATABASE_PASSWORD=${{ secrets.DATABASE_PASSWORD }}" >> .env | |
| echo "DATABASE_DRIVER=${{ secrets.DATABASE_DRIVER }}" >> .env | |
| echo "REDIS_HOST=${{ secrets.REDIS_HOST }}" >> .env | |
| echo "REDIS_PORT=${{ secrets.REDIS_PORT }}" >> .env | |
| echo "JWT_SECRET=${{ secrets.JWT_SECRET }}" >> .env | |
| echo "JWT_EXPIRATION=${{ secrets.JWT_EXPIRATION }}" >> .env | |
| echo "JWT_REFRESH_EXPIRATION=${{ secrets.JWT_REFRESH_EXPIRATION }}" >> .env | |
| echo "MAIL_EMAIL=${{ secrets.MAIL_EMAIL }}" >> .env | |
| echo "MAIL_PASSWORD=${{ secrets.MAIL_PASSWORD }}" >> .env | |
| echo "KAKAO_CLIENT_ID=${{ secrets.KAKAO_CLIENT_ID }}" >> .env | |
| echo "KAKAO_REDIRECT_URI=${{ secrets.KAKAO_REDIRECT_URI }}" >> .env | |
| echo "AWS_ACCESS_KEY=${{ secrets.AWS_ACCESS_KEY }}" >> .env | |
| echo "AWS_SECRET_KEY=${{ secrets.AWS_SECRET_KEY }}" >> .env | |
| echo "AWS_REGION=${{ secrets.AWS_REGION }}" >> .env | |
| echo "AWS_S3_BUCKET=${{ secrets.AWS_S3_BUCKET }}" >> .env | |
| docker pull ${{ steps.login-ecr.outputs.registry }}/q-feed-server:latest | |
| docker run -d --name q-feed-server -v /etc/localtime:/etc/localtime:ro -e TZ=Asia/Seoul --env-file ./.env -p 8080:8080 ${{ steps.login-ecr.outputs.registry }}/q-feed-server:latest |