-
Notifications
You must be signed in to change notification settings - Fork 1
158 lines (130 loc) · 4.48 KB
/
cd-dev.yml
File metadata and controls
158 lines (130 loc) · 4.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
name: CD - Dev
on:
workflow_dispatch:
push:
branches:
- dev
permissions:
id-token: write
contents: read
jobs:
build-and-push-to-ecr:
name: Build and Push to ECR
runs-on: ubuntu-latest
outputs:
image_tag: ${{ steps.set_tag.outputs.docker_image_tag }}
steps:
# - name: Discord Notification
# env:
# DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK_URL }}
# uses: Ilshidur/action-discord@master
# with:
# args: '🚀 Dev 브랜치 빌드 시작'
# 코드 체크아웃
- name: Checkout repository
uses: actions/checkout@v3
with:
fetch-depth: 0
# AWS 자격 증명 (OIDC 사용)
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.IAM_ROLE_ARN }}
aws-region: ${{ secrets.AWS_REGION }}
# Amazon ECR 로그인
- name: Login to Amazon ECR
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2
# JDK 설치
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: 17
distribution: 'temurin'
# AWS Secrets Manager에서 .env 파일 내용 불러오기
- name: Load secrets from AWS Secrets Manager
run: |
aws secretsmanager get-secret-value \
--secret-id ${{ secrets.AWS_SECRET_ID }} \
--query SecretString \
--output text > ./src/main/resources/.env
# Gradle Build
- name: Build with Gradle
run: |
sudo chmod +x ./gradlew
sudo ./gradlew clean build -x test
# 날짜 기반 태그 생성
- name: Set Docker image tag
id: set_tag
run: |
export TZ=Asia/Seoul
echo "docker_image_tag=$(date +'%Y%m%d-%H%M')" >> $GITHUB_OUTPUT
- name: Build, Tag, and Push image to Amazon ECR
id: build-push
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }}
IMAGE_TAG: ${{ steps.set_tag.outputs.docker_image_tag }}
run: |
set -e
if [ -z "$ECR_REPOSITORY" ]; then
echo "::error:: secrets.ECR_REPOSITORY is not set."
exit 1
fi
FULL_IMAGE_URI="$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
LATEST_IMAGE_URI="$ECR_REGISTRY/$ECR_REPOSITORY:latest"
echo "Building image: $FULL_IMAGE_URI"
docker build --no-cache -t $FULL_IMAGE_URI .
docker tag $FULL_IMAGE_URI $LATEST_IMAGE_URI
docker push $FULL_IMAGE_URI
docker push $LATEST_IMAGE_URI
echo "Push successful."
deploy-with-terraform:
name: Deploy to ECS via Terraform
runs-on: ubuntu-latest
needs: build-and-push-to-ecr
steps:
# - name: Discord Notification
# env:
# DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK_URL }}
# uses: Ilshidur/action-discord@master
# with:
# args: '⏳ ECS 배포 시작 (Terraform apply)...'
- name: Checkout repository
uses: actions/checkout@v3
# 1. AWS 자격 증명
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
role-to-assume: ${{ secrets.IAM_ROLE_ARN }}
aws-region: ${{ secrets.AWS_REGION }}
# 2. Terraform 설치
- name: Setup Terraform
uses: hashicorp/setup-terraform@v2
with:
terraform_version: 1.9.0
- name: Create terraform.tfvars from AWS Secrets Manager
run: |
aws secretsmanager get-secret-value \
--secret-id ${{ secrets.AWS_TFVARS_SECRET_ID }} \
--query SecretString \
--output text > terraform.tfvars
working-directory: ./terraform/app
# 3. Terraform 초기화
- name: Terraform Init
id: init
run: terraform init
working-directory: ./terraform/app
# 4. Terraform Apply
- name: Terraform Apply
id: apply
run: |
terraform apply -auto-approve \
-var="app_image_tag=${{ needs.build-and-push-to-ecr.outputs.image_tag }}"
working-directory: ./terraform/app
# - name: Discord Notification
# env:
# DISCORD_WEBHOOK: ${{ secrets.DISCORD_WEBHOOK_URL }}
# uses: Ilshidur/action-discord@master
# with:
# args: '😎 ECS 배포 완료!'