v2.3.6 (#778) #35
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build and Deploy to Production | |
| on: | |
| push: | |
| tags: | |
| - v*.*.* | |
| permissions: | |
| id-token: write | |
| env: | |
| IMAGE_NAME: gdsc-server | |
| jobs: | |
| build-deploy: | |
| runs-on: ubuntu-latest | |
| environment: production | |
| strategy: | |
| matrix: | |
| java-version: [17] | |
| distribution: ["temurin"] | |
| steps: | |
| # 체크아웃 | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| # Docker 이미지 태그 세팅 | |
| - name: Set up image-tag by GITHUB_SHA | |
| id: image-tag | |
| run: echo "value=$(cut -d'v' -f2 <<< ${GITHUB_REF#refs/*/})" >> $GITHUB_OUTPUT | |
| # JDK 17 버전으로 세팅 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: ${{ matrix.java-version }} | |
| distribution: ${{ matrix.distribution }} | |
| # Redis 컨테이너 실행 | |
| - name: Start containers | |
| run: docker compose -f docker-compose-test.yaml up -d | |
| # Gradlew 실행 허용 | |
| - name: Run chmod to make gradlew executable | |
| run: chmod +x ./gradlew | |
| # Gradle 빌드 | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v3 | |
| with: | |
| cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/develop' }} # feature 브랜치는 캐시를 읽기 전용으로 설정 | |
| cache-encryption-key: ${{ secrets.GRADLE_CACHE_ENCRYPTION_KEY }} | |
| add-job-summary-as-pr-comment: always | |
| build-scan-publish: true | |
| build-scan-terms-of-use-url: "https://gradle.com/help/legal-terms-of-use" | |
| build-scan-terms-of-use-agree: "yes" | |
| - name: Build with Gradle | |
| id: gradle | |
| run: ./gradlew build --configuration-cache | |
| # Dockerhub 로그인 | |
| - name: Login to Dockerhub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| # Docker 메타데이터 추출 | |
| - name: Extract Docker metadata | |
| id: metadata | |
| uses: docker/[email protected] | |
| env: | |
| DOCKERHUB_IMAGE_FULL_NAME: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.IMAGE_NAME }} | |
| with: | |
| images: ${{ env.DOCKERHUB_IMAGE_FULL_NAME }} | |
| tags: | | |
| type=semver,pattern={{version}} | |
| flavor: | | |
| latest=false | |
| # 멀티 아키텍처 지원을 위한 QEMU 설정 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| # 도커 확장 빌드를 위한 Buildx 설정 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| # 이미지 빌드 및 Dockerhub에 푸시 | |
| - name: Docker Build and Push | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| platforms: linux/arm64/v8 | |
| push: true | |
| tags: ${{ secrets.DOCKERHUB_USERNAME }}/gdsc-server:${{ steps.image-tag.outputs.value }} | |
| # AWS 로그인 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }} | |
| aws-region: ap-northeast-2 | |
| output-config: true | |
| # 복사 경로 환경변수 설정 | |
| - name: Set up S3 copy path | |
| env: | |
| S3_DEPLOY_BUCKET_NAME: ${{ secrets.S3_DEPLOY_BUCKET_NAME }} | |
| run: echo "S3_COPY_PATH=$(echo s3://${S3_DEPLOY_BUCKET_NAME}/gdsc/docker-compose-prod.yml)" >> $GITHUB_ENV | |
| # S3로 docker-compose 파일 전송 | |
| - name: Copy docker-compose file to S3 | |
| run: aws s3 cp docker-compose.yml ${{ env.S3_COPY_PATH }} | |
| - name: Deploy to EC2 Server | |
| uses: appleboy/ssh-action@master | |
| env: | |
| DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
| IMAGE_FULL_URL: ${{ steps.metadata.outputs.tags }} | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ${{ secrets.EC2_USERNAME }} | |
| key: ${{ secrets.EC2_PRIVATE_KEY }} | |
| envs: IMAGE_FULL_URL # docker-compose.yml 에서 사용할 환경 변수 | |
| script: | | |
| aws s3 cp ${{ env.S3_COPY_PATH }} docker-compose.yml | |
| echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin | |
| docker pull ${{ env.IMAGE_FULL_URL }} | |
| docker-compose up -d | |
| docker image prune -a -f | |
| # Slack 알림 | |
| - name: Send Deploy Result to Slack | |
| uses: rtCamp/action-slack-notify@v2 | |
| env: | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
| SLACK_USERNAME: 둘기봇 | |
| SLACK_ICON: https://github.com/GDSC-Hongik/gdsc-server/assets/91878695/1d3861bd-672d-4ee7-8de4-f06c9a06f514 | |
| SLACK_TITLE: "Deploy Summary - Production" | |
| SLACK_MESSAGE: | | |
| - image tag: `${{ steps.metadata.outputs.tags }}` | |
| - build scan report: ${{ steps.gradle.outputs.build-scan-url }} |