Whiplash-Server/.github/workflows/dev-cd.yml at develop · Central-MakeUs/Whiplash-Server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
name: CD - Build & Deploy for nuntteo

on:
  push:
    branches: [ develop ]

jobs:
  build-and-deploy:
    runs-on: ubuntu-latest

    steps:
      # 1. 소스 코드 체크아웃
      - name: Checkout source code
        uses: actions/checkout@v4

      # 2. Java 17 설치
      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: 'temurin'

      # 3. Gradle 캐시
      - name: Cache Gradle packages
        uses: actions/cache@v4
        with:
          path: |
            ~/.gradle/caches
            ~/.gradle/wrapper
          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
          restore-keys: |
            ${{ runner.os }}-gradle-

      # 4. 실행 권한
      - name: Grant execute permission
        run: chmod +x ./gradlew

      # 5. SHA 추출
      - name: Extract short SHA
        id: vars
        run: echo "sha=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT

      # 6. env.properties, google.json, firebase-key.json 생성
      - name: Generate config files
        run: |
          mkdir -p src/main/resources
          echo "${{ secrets.DEV_ENV_PROPERTIES }}" > src/main/resources/env.properties
          echo "${{ secrets.GOOGLE_JSON }}" | base64 -d > src/main/resources/google.json
          echo "${{ secrets.FIREBASE_KEY_JSON }}" | base64 -d > src/main/resources/whiplash-firebase-key.json

      # 7. 빌드
      - name: Build JAR
        run: ./gradlew bootJar --no-daemon

      # 8. Docker Hub 로그인
      - name: Login to Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}

      # 9. Docker 이미지 빌드 및 푸시 (SHA 태그만)
      - name: Build and push Docker image
        env:
          IMAGE_NAME: ${{ secrets.DOCKERHUB_USERNAME }}/nuntteo-was
        run: |
          TAG=${{ steps.vars.outputs.sha }}
          echo "Building image with tag: $TAG"
          docker build -t $IMAGE_NAME:$TAG .
          docker push $IMAGE_NAME:$TAG

      # 10. EC2 배포
      - name: Deploy to EC2
        uses: appleboy/ssh-action@v1.0.3
        with:
          host: ${{ secrets.EC2_HOST }}
          username: ${{ secrets.EC2_USERNAME }}
          key: ${{ secrets.EC2_PRIVATE_KEY }}
          script: |
            IMAGE=${{ secrets.DOCKERHUB_USERNAME }}/nuntteo-was:${{ steps.vars.outputs.sha }}

            echo "Deploying image: $IMAGE"

            echo ${{ secrets.DOCKERHUB_TOKEN }} | docker login --username ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin

            docker stop nuntteo-was || true
            docker rm nuntteo-was || true

            docker pull $IMAGE

            docker run -d \
              --name nuntteo-was \
              -p 8080:8080 \
              --restart unless-stopped \
              -e TZ=Asia/Seoul \
              -e SPRING_PROFILES_ACTIVE=dev \
              -v /var/log/nuntteo-was:/app/logs \
            $IMAGE

            docker image prune -af