Merge pull request #245 from prgrms-web-devcourse-final-project/develop #49
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - uses: actions/setup-java@v3 | |
| with: | |
| distribution: 'zulu' | |
| java-version: '17' | |
| # application.yml 파일 생성 | |
| - run: touch ./src/main/resources/application.properties | |
| - run: echo "${{secrets.APPLICATION}}" > ./src/main/resources/application.properties | |
| - run: echo "spring.cloud.aws.credentials.access-key=${{secrets.AWS_ACTION_ACCESS_KEY}}" >> ./src/main/resources/application.properties | |
| - run: echo "spring.cloud.aws.credentials.secret-key=${{secrets.AWS_ACTION_SECRET_ACCESS_KEY}}" >> ./src/main/resources/application.properties | |
| # 생성된 파일들을 아티팩트로 업로드 | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: application.properties | |
| path: ./src/main/resources/application.properties | |
| - name: Grant execute permission for gradlew | |
| run: chmod +x gradlew | |
| - name: Build with Gradle | |
| run: ./gradlew clean build -x test | |
| - name: Get current time | |
| uses: josStorer/get-current-time@v2 | |
| id: current-time | |
| with: | |
| format: YYYY-MM-DDTHH-mm-ss | |
| utcOffset: "+09:00" | |
| # 배포용 패키지 경로 설정 | |
| - name: Set artifact path | |
| run: | | |
| artifact=$(ls ./build/libs/*.jar | head -n 1) | |
| echo "artifact=$artifact" >> $GITHUB_ENV | |
| # 9. SSH 키 설정 | |
| - name: Set up SSH | |
| uses: webfactory/ssh-agent@v0.5.3 | |
| with: | |
| ssh-private-key: ${{ secrets.EC2_SSH_KEY }} | |
| # GitHub Secrets에 저장된 EC2 SSH 개인 키를 SSH 에이전트에 로드 | |
| # 10. GCP Credentials 디코딩 및 EC2로 전송 | |
| - name: Decode GCP Credentials | |
| run: echo "${{ secrets.GCP_CREDENTIALS }}" | base64 --decode > gcp-key.json | |
| # GitHub Secrets에 저장된 Base64 인코딩된 GCP JSON Key를 디코딩하여 로컬에 저장 | |
| - name: Copy GCP Credentials to EC2 | |
| run: scp -o StrictHostKeyChecking=no gcp-key.json ${{ secrets.EC2_USER }}@${{ secrets.EC2_IP }}:/home/${{ secrets.EC2_USER }}/gcp-key.json | |
| # 디코딩된 GCP JSON Key 파일을 EC2 서버로 전송 | |
| # YOUR_EC2_IP -> GitHub Secrets에 저장된 EC2 IP 주소 (${ secrets.EC2_IP }) | |
| # ec2-user -> GitHub Secrets에 저장된 EC2 SSH 사용자 이름 (${ secrets.EC2_USER }) | |
| # 11. EC2에서 GCP Credentials 설정 | |
| - name: Set up GCP Credentials on EC2 | |
| run: | | |
| ssh -o StrictHostKeyChecking=no ${{ secrets.EC2_USER }}@${{ secrets.EC2_IP }} << 'EOF' | |
| mkdir -p ~/.gcp | |
| mv /home/${{ secrets.EC2_USER }}/gcp-key.json ~/.gcp/key.json | |
| chmod 600 ~/.gcp/key.json | |
| export GOOGLE_APPLICATION_CREDENTIALS=~/.gcp/key.json | |
| # 환경 변수 설정을 영구적으로 추가 | |
| echo 'export GOOGLE_APPLICATION_CREDENTIALS=~/.gcp/key.json' >> ~/.bash_profile | |
| EOF | |
| # EC2 서버에서 GCP Credentials 설정 | |
| # YOUR_EC2_IP -> GitHub Secrets에 저장된 EC2 IP 주소 (${ secrets.EC2_IP }) | |
| # ec2-user -> GitHub Secrets에 저장된 EC2 SSH 사용자 이름 (${ secrets.EC2_USER }) | |
| # 빈스토크 배포 | |
| - name: Deploy to Elastic Beanstalk | |
| uses: einaregilsson/beanstalk-deploy@v20 | |
| with: | |
| aws_access_key: ${{ secrets.AWS_ACTION_ACCESS_KEY }} | |
| aws_secret_key: ${{ secrets.AWS_ACTION_SECRET_ACCESS_KEY }} | |
| application_name: mallangs-web | |
| environment_name: Mallangs-web-env | |
| version_label: github-action-${{ steps.current-time.outputs.time }} | |
| region: ap-northeast-2 | |
| deployment_package: ${{ env.artifact }} | |