fix: 컨테이너에서 vpc 내 private 리소스 찾을 수 있도록 수정 #172
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Backend CD | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| - feat/#123-aws-migration # TODO: 추후 삭제 | |
| # TODO: 추후 활성화 | |
| # paths: | |
| # - "src/**" | |
| # - "build.gradle" | |
| # - "docker*" | |
| jobs: | |
| copy-files: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Copy files to EC2 | |
| uses: appleboy/scp-action@master | |
| with: | |
| host: ${{ secrets.AWS_API_INSTANCE_HOST }} | |
| port: ${{ secrets.AWS_API_INSTANCE_SSH_PORT }} | |
| username: ${{ secrets.AWS_API_INSTANCE_USERNAME }} | |
| key: ${{ secrets.AWS_API_INSTANCE_KEY }} | |
| source: scripts/*,nginx/* | |
| target: . | |
| strip_components: 1 | |
| overwrite: true | |
| build-and-push: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: "21" | |
| distribution: "temurin" | |
| - name: Gradle Caching | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| - name: Build with Gradle | |
| uses: gradle/gradle-build-action@67421db6bd0bf253fb4bd25b31ebb98943c375e1 | |
| with: | |
| arguments: clean bootJar | |
| - name: Set up Docker Build | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} | |
| - name: Docker build and upload to S3 | |
| run: | | |
| sudo docker build --build-arg DEPENDENCY=build/dependency -t goalpanzi-api --platform linux/amd64 . | |
| sudo docker save goalpanzi-api | gzip > goalpanzi-api.tar.gz | |
| aws s3 cp goalpanzi-api.tar.gz s3://${{ secrets.AWS_S3_BUCKET_NAME }}/docker/images/goalpanzi-api.tar.gz | |
| aws s3 cp ./docker-compose.yml s3://${{ secrets.AWS_S3_BUCKET_NAME }}/docker/docker-compose.yml | |
| deploy-to-server: | |
| needs: | |
| - copy-files | |
| - build-and-push | |
| runs-on: ubuntu-latest | |
| steps: | |
| # TODO: 추후 슬랙 웹훅 주석 처리 해제 | |
| - name: Deploy api server to EC2 | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.AWS_API_INSTANCE_HOST }} | |
| port: ${{ secrets.AWS_API_INSTANCE_SSH_PORT }} | |
| username: ${{ secrets.AWS_API_INSTANCE_USERNAME }} | |
| key: ${{ secrets.AWS_API_INSTANCE_KEY }} | |
| script: | | |
| export AWS_DEFAULT_REGION=${{ secrets.AWS_REGION }} | |
| export AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY }} | |
| export AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_KEY }} | |
| echo "DB_HOSTNAME=${{ secrets.AWS_RDS_MYSQL_ENDPOINT }}" > .env | |
| echo "DB_DATABASE=${{ secrets.AWS_RDS_MYSQL_DATABASE }}" >> .env | |
| echo "DB_USERNAME=${{ secrets.AWS_RDS_MYSQL_USERNAME }}" >> .env | |
| echo "DB_PASSWORD=${{ secrets.AWS_RDS_MYSQL_PASSWORD }}" >> .env | |
| echo "DB_PORT=${{ secrets.AWS_RDS_MYSQL_PORT }}" >> .env | |
| echo "JWT_SECRET=${{ secrets.JWT_SECRET }}" >> .env | |
| echo "REDIS_HOST=${{ secrets.AWS_ELASTIC_CACHE_REDIS_ENDPOINT }}" >> .env | |
| echo "STORAGE_REGION=${{ secrets.AWS_REGION }}" | |
| echo "STORAGE_BUCKET_NAME=${{ secrets.AWS_S3_BUCKET_NAME }}" >> .env | |
| echo "STORAGE_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY }}" >> .env | |
| echo "STORAGE_SECRET_KEY=${{ secrets.AWS_SECRET_KEY }}" >> .env | |
| echo "OAUTH_APPLE_CLIENT_ID=${{ secrets.OAUTH_APPLE_CLIENT_ID }}" >> .env | |
| echo "ENCODED_FIREBASE_ADMIN_SDK=${{ secrets.ENCODED_FIREBASE_ADMIN_SDK }}" >> .env | |
| # echo "SLACK_WEBHOOK_URI=${{ secrets.SLACK_WEBHOOK_URI }}" >> .env | |
| if ! command -v aws &> /dev/null; then | |
| chmod +x ./setup_aws.sh | |
| ./setup_aws.sh | |
| fi | |
| if ! command -v docker &> /dev/null; then | |
| chmod +x ./setup_docker.sh | |
| ./setup_docker.sh | |
| fi | |
| aws s3 cp s3://${{ secrets.AWS_S3_BUCKET_NAME }}/docker/images/goalpanzi-api.tar.gz ./goalpanzi-api.tar.gz | |
| aws s3 cp s3://${{ secrets.AWS_S3_BUCKET_NAME }}/docker/docker-compose.yml ./docker-compose.yml | |
| CONTAINERS=$(sudo docker ps -qa) | |
| if [ -n "$CONTAINERS" ]; then | |
| sudo docker rm -f $CONTAINERS | |
| fi | |
| sudo gunzip -c goalpanzi-api.tar.gz | sudo docker load | |
| sudo docker compose -f docker-compose.yml --env-file .env up -d | |
| sudo docker image prune -f |