feat: jib 적용 및 docker-compose 배포 세팅 #5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Backend CD | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - feat/cd-pipeline | |
| jobs: | |
| build-and-push: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: "21" | |
| distribution: "temurin" | |
| - name: Gradle Caching | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| - name: Build and Push with Jib (API) | |
| uses: gradle/gradle-build-action@67421db6bd0bf253fb4bd25b31ebb98943c375e1 | |
| with: | |
| arguments: clean :tuk-api:jib -Djib.to.image=${{ secrets.NCP_CONTAINER_REGISTRY_API }}/tuk-api -Djib.to.auth.username=${{ secrets.NCP_ACCESS_KEY }} -Djib.to.auth.password=${{ secrets.NCP_SECRET_KEY }} | |
| env: | |
| JIB_TO_IMAGE: ${{ secrets.NCP_CONTAINER_REGISTRY_API }}/tuk-api | |
| JIB_TO_AUTH_USERNAME: ${{ secrets.NCP_ACCESS_KEY }} | |
| JIB_TO_AUTH_PASSWORD: ${{ secrets.NCP_SECRET_KEY }} | |
| - name: Copy docker files to server | |
| run: | | |
| sshpass -p ${{ secrets.API_SERVER_PASSWORD }} scp -P ${{ secrets.SSH_PORT }} -o StrictHostKeyChecking=no ./docker/docker-compose.prod.yml ${{ secrets.API_SERVER_USERNAME }}@${{ secrets.API_SERVER_HOST }}:${{ secrets.DOCKER_COMPOSE_PATH }}/docker-compose.yml | |
| sshpass -p ${{ secrets.API_SERVER_PASSWORD }} scp -P ${{ secrets.SSH_PORT }} -o StrictHostKeyChecking=no ./docker/init.sql ${{ secrets.API_SERVER_USERNAME }}@${{ secrets.API_SERVER_HOST }}:${{ secrets.DOCKER_COMPOSE_PATH }} | |
| shell: bash | |
| deploy-to-server: | |
| name: Connect api server ssh and pull from container registry | |
| needs: build-and-push | |
| runs-on: ubuntu-latest | |
| steps: | |
| ## docker compose up | |
| - name: Deploy to api server | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.API_SERVER_HOST }} | |
| port: ${{ secrets.SSH_PORT }} | |
| username: ${{ secrets.API_SERVER_USERNAME }} | |
| password: ${{ secrets.API_SERVER_PASSWORD }} | |
| script: | | |
| export DB_HOSTNAME=${{ secrets.DB_HOSTNAME }} | |
| export DB_PORT=${{ secrets.DB_PORT }} | |
| export DB_DATABASE=${{ secrets.DB_DATABASE }} | |
| export DB_USERNAME=${{ secrets.DB_USERNAME }} | |
| export DB_PASSWORD=${{ secrets.DB_PASSWORD }} | |
| export APPLE_CLIENT_ID=${{ secrets.APPLE_CLIENT_ID }} | |
| export GOOGLE_CLIENT_ID=${{ secrets.GOOGLE_CLIENT_ID }} | |
| export GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET }} | |
| export NCP_CONTAINER_REGISTRY_API=${{ secrets.NCP_CONTAINER_REGISTRY_API }} | |
| export NCP_CONTAINER_REGISTRY_BATCH=${{ secrets.NCP_CONTAINER_REGISTRY_BATCH }} | |
| export JWT_SECRET=${{ secrets.JWT_SECRET }} | |
| export REDIS_HOST=${{ secrets.REDIS_HOST }} | |
| sudo docker rm -f $(docker ps -qa) | |
| docker-compose -f ${{ secrets.DOCKER_COMPOSE_PATH }}/docker-compose.yml up -d | |
| docker image prune -f |