Merge pull request #240 from prgrms-web-devcourse-final-project/#0 #191
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: deploy.yml | |
| env: | |
| IMAGE_NAME: devut-buzzerbidder | |
| on: | |
| push: | |
| paths: | |
| - '.github/workflows/**' | |
| - 'src/**' | |
| - 'build.gradle' | |
| - 'settings.gradle' | |
| - 'Dockerfile' | |
| branches: | |
| - main | |
| # 권한 최소화/명시화 | |
| permissions: | |
| contents: write # 태그/릴리즈 | |
| packages: write # GHCR 푸시 | |
| jobs: | |
| makeTagAndRelease: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| tag_name: ${{ steps.create_tag.outputs.new_tag }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Create Tag | |
| id: create_tag | |
| uses: mathieudutour/github-tag-action@v6.2 | |
| with: | |
| github_token: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Create Release | |
| id: create_release | |
| uses: actions/create-release@v1 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| with: | |
| tag_name: ${{ steps.create_tag.outputs.new_tag }} | |
| release_name: Release ${{ steps.create_tag.outputs.new_tag }} | |
| body: ${{ steps.create_tag.outputs.changelog }} | |
| draft: false | |
| prerelease: false | |
| buildImageAndPush: | |
| name: 도커 이미지 빌드와 푸시 | |
| needs: makeTagAndRelease | |
| runs-on: ubuntu-latest | |
| outputs: | |
| owner_lc: ${{ steps.export_owner.outputs.owner_lc }} | |
| image_name: ${{ steps.export_image.outputs.image_name }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Docker Buildx 설치 | |
| uses: docker/setup-buildx-action@v2 | |
| - name: 레지스트리 로그인 | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: set lower case owner name | |
| id: export_owner | |
| run: | | |
| OWNER_LC="${GITHUB_REPOSITORY_OWNER,,}" | |
| echo "owner_lc=$OWNER_LC" >> $GITHUB_OUTPUT | |
| - name: export image name | |
| id: export_image | |
| run: echo "image_name=devut-buzzerbidder" >> $GITHUB_OUTPUT | |
| - name: 빌드 앤 푸시 | |
| uses: docker/build-push-action@v3 | |
| with: | |
| context: . | |
| push: true | |
| tags: | | |
| ghcr.io/${{ steps.export_owner.outputs.owner_lc }}/${{ steps.export_image.outputs.image_name }}:${{ needs.makeTagAndRelease.outputs.tag_name }}, | |
| ghcr.io/${{ steps.export_owner.outputs.owner_lc }}/${{ steps.export_image.outputs.image_name }}:latest | |
| Deploy: | |
| runs-on: ubuntu-latest | |
| needs: [ buildImageAndPush ] | |
| steps: | |
| - name: AWS SSM Send-Command | |
| uses: peterkimzz/aws-ssm-send-command@master | |
| id: ssm | |
| with: | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| instance-ids: "i-069ab43935e575882" | |
| working-directory: / | |
| comment: Deploy | |
| command: | | |
| set -euo pipefail | |
| IMAGE="ghcr.io/${{ needs.buildImageAndPush.outputs.owner_lc }}/${{ needs.buildImageAndPush.outputs.image_name }}:latest" | |
| CONTAINER="app1" | |
| PORT="8080" | |
| # 배포 | |
| sudo docker pull "$IMAGE" | |
| sudo docker stop "${CONTAINER}" 2>/dev/null || true | |
| sudo docker rm "${CONTAINER}" 2>/dev/null || true | |
| sudo docker run -d \ | |
| --name "${CONTAINER}" \ | |
| --restart unless-stopped \ | |
| --network common \ | |
| -p "${PORT}:${PORT}" \ | |
| --env-file /home/ssm-user/config/.env \ | |
| -e TZ=Asia/Seoul \ | |
| "$IMAGE" \ | |
| sh -lc 'doppler run -- java -jar /app/app.jar' | |
| # 정리 | |
| sudo docker image prune -f |