[fix] ADMIN role 권한 체크 ID 하드코딩 → role 기반으로 수정 #108
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: spring server cd | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| workflow_dispatch: | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| services: | |
| redis: | |
| image: redis:7 | |
| ports: | |
| - 6379:6379 | |
| options: >- | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 22 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '22' | |
| distribution: 'temurin' | |
| - name: Setup Gradle | |
| uses: gradle/actions/setup-gradle@v3 | |
| - name: Build with Gradle | |
| run: ./gradlew clean build | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 | |
| - name: Login to ECR Public | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registry-type: public | |
| - name: Docker Build & Push | |
| env: | |
| ECR_URI: ${{ secrets.ECR_URI }} | |
| run: | | |
| BUILD_DATE=$(date +%s) | |
| docker build --build-arg BUILD_DATE=$BUILD_DATE -t $ECR_URI:latest . | |
| docker push $ECR_URI:latest | |
| - name: EC2 서버 배포 | |
| uses: appleboy/ssh-action@v1.0.3 | |
| env: | |
| ECR_URI: ${{ secrets.ECR_URI }} | |
| SPRING_DATASOURCE_URL: ${{ secrets.SPRING_DATASOURCE_URL }} | |
| SPRING_DATASOURCE_USERNAME: ${{ secrets.SPRING_DATASOURCE_USERNAME }} | |
| SPRING_DATASOURCE_PASSWORD: ${{ secrets.SPRING_DATASOURCE_PASSWORD }} | |
| JWT_SECRET_KEY: ${{ secrets.JWT_SECRET_KEY }} | |
| SPRING_MAIL_USERNAME: ${{ secrets.SPRING_MAIL_USERNAME }} | |
| AWS_S3_BUCKET_NAME: ${{ secrets.AWS_S3_BUCKET_NAME }} | |
| SPRING_MAIL_PASSWORD: ${{ secrets.SPRING_MAIL_PASSWORD }} | |
| AWS_S3_SECRET_ACCESS_KEY: ${{ secrets.AWS_S3_SECRET_ACCESS_KEY }} | |
| AWS_S3_ACCESS_KEY_ID: ${{ secrets.AWS_S3_ACCESS_KEY_ID }} | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ${{ secrets.EC2_USERNAME }} | |
| key: ${{ secrets.EC2_SSH_KEY }} | |
| envs: AWS_S3_BUCKET_NAME,AWS_S3_SECRET_ACCESS_KEY,AWS_S3_ACCESS_KEY_ID,ECR_URI,SPRING_DATASOURCE_URL,SPRING_DATASOURCE_USERNAME,SPRING_DATASOURCE_PASSWORD,JWT_SECRET_KEY,SPRING_MAIL_USERNAME,SPRING_MAIL_PASSWORD | |
| script: | | |
| cd ~/server | |
| git pull | |
| echo "ECR_URI=$ECR_URI" > .env | |
| echo "SPRING_DATASOURCE_URL=$SPRING_DATASOURCE_URL" >> .env | |
| echo "SPRING_DATASOURCE_USERNAME=$SPRING_DATASOURCE_USERNAME" >> .env | |
| echo "SPRING_DATASOURCE_PASSWORD=$SPRING_DATASOURCE_PASSWORD" >> .env | |
| echo "JWT_SECRET_KEY=$JWT_SECRET_KEY" >> .env | |
| echo "SPRING_MAIL_USERNAME=$SPRING_MAIL_USERNAME" >> .env | |
| echo "SPRING_MAIL_PASSWORD=$SPRING_MAIL_PASSWORD" >> .env | |
| echo "AWS_S3_BUCKET_NAME=$AWS_S3_BUCKET_NAME" >> .env | |
| echo "AWS_S3_SECRET_ACCESS_KEY=$AWS_S3_SECRET_ACCESS_KEY" >> .env | |
| echo "AWS_S3_ACCESS_KEY_ID=$AWS_S3_ACCESS_KEY_ID" >> .env | |
| export ECR_URI=$ECR_URI | |
| docker-compose down | |
| docker rmi $ECR_URI:latest || true | |
| docker-compose pull | |
| docker-compose up -d | |
| docker image prune -f |