fix: 비동기 호출로 변경 #27
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Backend CD | |
| on: | |
| push: | |
| branches: | |
| - main | |
| jobs: | |
| build-and-push: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: "21" | |
| distribution: "temurin" | |
| - name: Gradle Caching | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| - name: Copy config file | |
| run: echo "${{ secrets.FIREBASE_ADMINSDK }}" | base64 --decode > ./tuk-batch/src/main/resources/firebase-adminsdk.json | |
| - name: Build and Push with Jib (API) | |
| uses: gradle/gradle-build-action@67421db6bd0bf253fb4bd25b31ebb98943c375e1 | |
| with: | |
| arguments: clean :tuk-api:jib -Djib.to.image=${{ secrets.NCP_CONTAINER_REGISTRY_API }}/tuk-api -Djib.to.tags=${{ github.sha }} -Djib.to.auth.username=${{ secrets.NCP_ACCESS_KEY }} -Djib.to.auth.password=${{ secrets.NCP_SECRET_KEY }} | |
| env: | |
| JIB_TO_IMAGE: ${{ secrets.NCP_CONTAINER_REGISTRY_API }}/tuk-api | |
| JIB_TO_TAGS: ${{ github.sha }} | |
| JIB_TO_AUTH_USERNAME: ${{ secrets.NCP_ACCESS_KEY }} | |
| JIB_TO_AUTH_PASSWORD: ${{ secrets.NCP_SECRET_KEY }} | |
| - name: Create directory and copy docker files to server | |
| run: | | |
| sshpass -p ${{ secrets.API_SERVER_PASSWORD }} ssh -p ${{ secrets.SSH_PORT }} -o StrictHostKeyChecking=no ${{ secrets.API_SERVER_USERNAME }}@${{ secrets.API_SERVER_HOST }} "mkdir -p ${{ secrets.DOCKER_COMPOSE_PATH }}" | |
| sshpass -p ${{ secrets.API_SERVER_PASSWORD }} scp -P ${{ secrets.SSH_PORT }} -o StrictHostKeyChecking=no ./docker/docker-compose.prod.yml ${{ secrets.API_SERVER_USERNAME }}@${{ secrets.API_SERVER_HOST }}:${{ secrets.DOCKER_COMPOSE_PATH }}/docker-compose.yml | |
| sshpass -p ${{ secrets.API_SERVER_PASSWORD }} scp -P ${{ secrets.SSH_PORT }} -o StrictHostKeyChecking=no ./docker/init.sql ${{ secrets.API_SERVER_USERNAME }}@${{ secrets.API_SERVER_HOST }}:${{ secrets.DOCKER_COMPOSE_PATH }}/ | |
| shell: bash | |
| deploy-to-server: | |
| name: Connect api server ssh and pull from container registry | |
| needs: build-and-push | |
| runs-on: ubuntu-latest | |
| steps: | |
| ## docker compose up | |
| - name: Deploy to api server | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.API_SERVER_HOST }} | |
| port: ${{ secrets.SSH_PORT }} | |
| username: ${{ secrets.API_SERVER_USERNAME }} | |
| password: ${{ secrets.API_SERVER_PASSWORD }} | |
| script: | | |
| cd ${{ secrets.DOCKER_COMPOSE_PATH }} | |
| sudo docker rm -f $(sudo docker ps -qa) 2>/dev/null || true | |
| # Login to NCP Container Registry | |
| echo "${{ secrets.NCP_SECRET_KEY }}" | sudo docker login ${{ secrets.NCP_CONTAINER_REGISTRY_API }} -u ${{ secrets.NCP_ACCESS_KEY }} --password-stdin | |
| # Run with environment variables | |
| sudo env \ | |
| MYSQL_USERNAME='${{ secrets.MYSQL_USERNAME }}' \ | |
| MYSQL_PASSWORD='${{ secrets.MYSQL_PASSWORD }}' \ | |
| MYSQL_ROOT_PASSWORD='${{ secrets.MYSQL_PASSWORD }}' \ | |
| APPLE_CLIENT_ID='${{ secrets.APPLE_CLIENT_ID }}' \ | |
| GOOGLE_CLIENT_ID='${{ secrets.GOOGLE_CLIENT_ID }}' \ | |
| GOOGLE_CLIENT_SECRET='${{ secrets.GOOGLE_CLIENT_SECRET }}' \ | |
| NCP_CONTAINER_REGISTRY_API='${{ secrets.NCP_CONTAINER_REGISTRY_API }}' \ | |
| JWT_SECRET='${{ secrets.JWT_SECRET }}' \ | |
| IMAGE_TAG='${{ github.sha }}' \ | |
| ENCODED_FIREBASE_ADMIN_SDK='${{ secrets.ENCODED_FIREBASE_ADMIN_SDK }}' \ | |
| docker-compose up -d | |
| sudo docker image prune -f |