feat: 배포 #7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Backend CD | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - feat/cd-pipeline | |
| jobs: | |
| build-and-push: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: "21" | |
| distribution: "temurin" | |
| - name: Gradle Caching | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| - name: Build and Push with Jib (API) | |
| uses: gradle/gradle-build-action@67421db6bd0bf253fb4bd25b31ebb98943c375e1 | |
| with: | |
| arguments: clean :tuk-api:jib -Djib.to.image=${{ secrets.NCP_CONTAINER_REGISTRY_API }}/tuk-api -Djib.to.auth.username=${{ secrets.NCP_ACCESS_KEY }} -Djib.to.auth.password=${{ secrets.NCP_SECRET_KEY }} | |
| env: | |
| JIB_TO_IMAGE: ${{ secrets.NCP_CONTAINER_REGISTRY_API }}/tuk-api | |
| JIB_TO_AUTH_USERNAME: ${{ secrets.NCP_ACCESS_KEY }} | |
| JIB_TO_AUTH_PASSWORD: ${{ secrets.NCP_SECRET_KEY }} | |
| - name: Create directory and copy docker files to server | |
| run: | | |
| sshpass -p ${{ secrets.API_SERVER_PASSWORD }} ssh -p ${{ secrets.SSH_PORT }} -o StrictHostKeyChecking=no ${{ secrets.API_SERVER_USERNAME }}@${{ secrets.API_SERVER_HOST }} "mkdir -p ${{ secrets.DOCKER_COMPOSE_PATH }}" | |
| sshpass -p ${{ secrets.API_SERVER_PASSWORD }} scp -P ${{ secrets.SSH_PORT }} -o StrictHostKeyChecking=no ./docker/docker-compose.prod.yml ${{ secrets.API_SERVER_USERNAME }}@${{ secrets.API_SERVER_HOST }}:${{ secrets.DOCKER_COMPOSE_PATH }}/docker-compose.yml | |
| sshpass -p ${{ secrets.API_SERVER_PASSWORD }} scp -P ${{ secrets.SSH_PORT }} -o StrictHostKeyChecking=no ./docker/init.sql ${{ secrets.API_SERVER_USERNAME }}@${{ secrets.API_SERVER_HOST }}:${{ secrets.DOCKER_COMPOSE_PATH }}/ | |
| shell: bash | |
| deploy-to-server: | |
| name: Connect api server ssh and pull from container registry | |
| needs: build-and-push | |
| runs-on: ubuntu-latest | |
| steps: | |
| ## docker compose up | |
| - name: Deploy to api server | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.API_SERVER_HOST }} | |
| port: ${{ secrets.SSH_PORT }} | |
| username: ${{ secrets.API_SERVER_USERNAME }} | |
| password: ${{ secrets.API_SERVER_PASSWORD }} | |
| envs: MYSQL_USERNAME,MYSQL_PASSWORD,APPLE_CLIENT_ID,GOOGLE_CLIENT_ID,GOOGLE_CLIENT_SECRET,NCP_CONTAINER_REGISTRY_API,JWT_SECRET | |
| script: | | |
| export MYSQL_USERNAME="${{ secrets.DB_USERNAME }}" | |
| export MYSQL_PASSWORD="${{ secrets.DB_PASSWORD }}" | |
| export APPLE_CLIENT_ID="${{ secrets.APPLE_CLIENT_ID }}" | |
| export GOOGLE_CLIENT_ID="${{ secrets.GOOGLE_CLIENT_ID }}" | |
| export GOOGLE_CLIENT_SECRET="${{ secrets.GOOGLE_CLIENT_SECRET }}" | |
| export NCP_CONTAINER_REGISTRY_API="${{ secrets.NCP_CONTAINER_REGISTRY_API }}" | |
| export JWT_SECRET="${{ secrets.JWT_SECRET }}" | |
| cd ${{ secrets.DOCKER_COMPOSE_PATH }} | |
| sudo docker rm -f $(sudo docker ps -qa) 2>/dev/null || true | |
| sudo docker-compose up -d | |
| sudo docker image prune -f |