[feat] yml에 aws, app 추가 #88
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Fanzip Server CI/CD with Docker | |
| on: | |
| push: | |
| branches: ['develop'] # main 브랜치에 push할 때 실행 | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| # Spring Legacy Build (WAR) | |
| - name: Make gradlew executable | |
| run: chmod +x ./gradlew | |
| - name: Spring Legacy Build | |
| run: ./gradlew clean build -x test | |
| # Docker Image Build | |
| - name: Docker Image Build | |
| run: docker build -t ekhanz/fanzip-server . | |
| # DockerHub Login | |
| - name: Docker Hub Login | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| # Docker Hub push | |
| - name: Docker Hub Push | |
| run: docker push ekhanz/fanzip-server | |
| # GET GitHub IP | |
| - name: Get GitHub IP | |
| id: ip | |
| uses: haythem/[email protected] | |
| # Configure AWS Credentials | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ap-northeast-2 | |
| - name: Add GitHub IP to AWS | |
| run: | | |
| echo "Using Security Group ID: ${{ secrets.AWS_SG_ID }}" | |
| echo "Current AWS Account:" | |
| aws sts get-caller-identity | |
| echo "Available Security Groups:" | |
| aws ec2 describe-security-groups --query 'SecurityGroups[*].[GroupId,GroupName]' --output table | |
| aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
| # Deploy to EC2 with environment variables | |
| - name: Deploy to EC2 | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ${{ secrets.EC2_USERNAME }} | |
| key: ${{ secrets.EC2_PRIVATE_KEY }} | |
| port: ${{ secrets.EC2_SSH_PORT }} | |
| timeout: 120s | |
| script: | | |
| # 현재 위치 확인 | |
| echo "=== 현재 디렉토리 ===" | |
| pwd | |
| ls -la | |
| # 환경변수 파일 생성 | |
| echo "=== .env 파일 생성 ===" | |
| cat > .env << 'EOF' | |
| JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }} | |
| DB_URL=${{ secrets.DB_URL }} | |
| DB_USERNAME=${{ secrets.DB_USERNAME }} | |
| DB_PASSWORD=${{ secrets.DB_PASSWORD }} | |
| KAKAO_CLIENT_ID=${{ secrets.KAKAO_CLIENT_ID }} | |
| KAKAO_REDIRECT_URI=${{ secrets.KAKAO_REDIRECT_URI }} | |
| TOSS_PAYMENTS_CLIENT_KEY=${{ secrets.TOSS_PAYMENTS_CLIENT_KEY }} | |
| TOSS_PAYMENTS_SECRET_KEY=${{ secrets.TOSS_PAYMENTS_SECRET_KEY }} | |
| FIREBASE_CREDENTIALS_PATH=${{ secrets.FIREBASE_CREDENTIALS_PATH }} | |
| FIREBASE_PROJECT_ID=${{ secrets.FIREBASE_PROJECT_ID }} | |
| FIREBASE_CREDENTIALS_JSON=${{ secrets.FIREBASE_CREDENTIALS_JSON }} | |
| EOF | |
| # .env 파일 생성 확인 | |
| echo "=== .env 파일 확인 ===" | |
| ls -la .env | |
| head -3 .env | |
| # Docker Compose 파일 생성 | |
| echo "=== docker-compose.yml 파일 생성 ===" | |
| cat > docker-compose.yml << 'EOF' | |
| version: '3.8' | |
| services: | |
| redis: | |
| image: redis:7-alpine | |
| container_name: fanzip-redis | |
| ports: | |
| - "6379:6379" | |
| volumes: | |
| - redis_data:/data | |
| restart: unless-stopped | |
| command: redis-server --appendonly yes | |
| app: | |
| image: ekhanz/fanzip-server | |
| container_name: fanzip-server | |
| ports: | |
| - "8080:8080" | |
| depends_on: | |
| - redis | |
| env_file: | |
| - .env | |
| environment: | |
| - REDIS_HOST=redis | |
| - REDIS_PORT=6379 | |
| restart: unless-stopped | |
| volumes: | |
| redis_data: | |
| EOF | |
| # docker-compose.yml 파일 생성 확인 | |
| echo "=== docker-compose.yml 파일 확인 ===" | |
| ls -la docker-compose.yml | |
| echo "=== docker-compose.yml 내용 확인 ===" | |
| cat docker-compose.yml | |
| # 기존 컨테이너들 정리 | |
| sudo docker stop fanzip-redis fanzip-server || true | |
| sudo docker rm fanzip-redis fanzip-server || true | |
| sudo docker-compose down || true | |
| # 최신 이미지 다운로드 | |
| sudo docker pull ekhanz/fanzip-server | |
| # Docker Compose로 서비스 시작 | |
| sudo docker-compose up -d | |
| # 컨테이너 상태 확인 | |
| sudo docker ps | |
| # 환경변수 확인 (보안상 일부만) | |
| echo "=== 환경변수 확인 ===" | |
| sudo docker exec fanzip-server env | grep -E "FIREBASE_PROJECT_ID|DB_URL" | head -2 | |
| # Remove GitHub IP from Security Group | |
| - name: Remove IP FROM security group | |
| run: | | |
| aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 |