-
Notifications
You must be signed in to change notification settings - Fork 3
143 lines (126 loc) · 6.79 KB
/
dev_deploy.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
name: Edison CI/CD Pipeline
on:
push:
branches: [ develop ] # develop 브랜치에 push가 일어날 때 실행
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3 # 저장소 코드 체크아웃
- name: Set up JDK 17 # Java 개발 킷 설정
uses: actions/setup-java@v3
with:
distribution: 'temurin'
java-version: '17'
- name: Make application.properties # application.properties 파일 생성
run: |
echo "spring.datasource.url=${{ secrets.RDS_URL }}" > ./project/src/main/resources/application.properties
echo "spring.datasource.username=${{ secrets.RDS_USERNAME }}" >> ./project/src/main/resources/application.properties
echo "spring.datasource.password=${{ secrets.RDS_PASSWORD }}" >> ./project/src/main/resources/application.properties
echo "spring.jpa.hibernate.ddl-auto=update" >> ./project/src/main/resources/application.properties
# Google OAuth2
echo "spring.security.oauth2.client.registration.google.client-id=${{ secrets.GOOGLE_CLIENT_ID }}" >> ./project/src/main/resources/application.properties
echo "spring.security.oauth2.client.registration.google.client-secret=${{ secrets.GOOGLE_CLIENT_SECRET }}" >> ./project/src/main/resources/application.properties
echo "spring.security.oauth2.client.registration.google.scope=openid,email" >> ./project/src/main/resources/application.properties
echo "spring.security.oauth2.client.registration.google.redirect-uri=https://api.umcedison.site/login/oauth2/code/google" >> ./project/src/main/resources/application.properties
echo "spring.security.oauth2.client.provider.google.issuer-uri=https://accounts.google.com" >> ./project/src/main/resources/application.properties
# JWT
echo "jwt.secret=${{ secrets.JWT_SECRET }}" >> ./project/src/main/resources/application.properties
echo "jwt.access-token-expiration=${{ secrets.JWT_ACCESS_EXPIRATION }}" >> ./project/src/main/resources/application.properties
echo "jwt.refresh-token-expiration=${{ secrets.JWT_REFRESH_EXPIRATION }}" >> ./project/src/main/resources/application.properties
# Redis
echo "spring.data.redis.host=${{ secrets.REDIS_HOST }}" >> ./project/src/main/resources/application.properties
echo "spring.data.redis.port=${{ secrets.REDIS_PORT }}" >> ./project/src/main/resources/application.properties
echo "spring.data.redis.password=${{ secrets.REDIS_PASSWORD }}" >> ./project/src/main/resources/application.properties
# Server Configuration
echo "server.forward-headers-strategy=native" >> ./project/src/main/resources/application.properties
# OpenAI
echo "openai_key=${{ secrets.OPENAI_KEY }}" >> ./project/src/main/resources/application.properties
shell: bash
- name: Grant execute permission for gradlew # gradlew 실행 권한 부여
run: chmod +x project/gradlew
- name: Build with Gradle # Gradle을 사용하여 프로젝트 빌드
uses: gradle/gradle-build-action@v2
with:
arguments: build
build-root-directory: project
- name: Upload build artifact # 빌드된 아티팩트 업로드
uses: actions/upload-artifact@v4
with:
name: Edison-Server
path: project/build/libs/*.jar
- name: Upload Test Results
uses: actions/upload-artifact@v4
with:
name: test-results
path: project/build/reports/tests/test/
deploy:
needs: build # build 작업이 성공적으로 완료된 후 실행
runs-on: ubuntu-latest
steps:
- name: Checkout Repository # 🔥 추가된 부분
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Download build artifact # 이전 단계에서 업로드한 아티팩트 다운로드
uses: actions/download-artifact@v4
with:
path: build/libs/
- name: Deploy to EC2 # EC2에 배포
env:
EC2_SSH_KEY: ${{ secrets.EC2_SSH_KEY }}
EC2_USERNAME: ${{ secrets.EC2_USERNAME }}
EC2_HOST: ${{ secrets.EC2_HOST }}
run: |
echo "$EC2_SSH_KEY" > edison.pem
chmod 600 edison.pem
jar_file=$(find build/libs -name '*.jar' ! -name '*plain.jar' | head -n 1)
scp -i edison.pem -o StrictHostKeyChecking=no "$jar_file" $EC2_USERNAME@$EC2_HOST:/home/$EC2_USERNAME/Edison-Server.jar
ssh -i edison.pem -o StrictHostKeyChecking=no $EC2_USERNAME@$EC2_HOST "
pgrep java | xargs -r kill -15 # 기존에 실행 중인 Java 프로세스 종료
sleep 10
nohup java -jar /home/$EC2_USERNAME/Edison-Server.jar > app.log 2>&1 & # 새 버전 애플리케이션 실행
"
rm -f edison.pem # 민감한 정보 삭제 true && github.event.pull_request.base.ref == 'develop'
- name: Debug Current Directory
run: |
echo "Current Directory:"
pwd
echo "Files and Folders in Current Directory:"
ls -al
echo "Recursive Directory Listing:"
find . -type f
- name: Deploy NGINX Configuration # NGINX 설정 배포 및 Redis 관리
env:
EC2_SSH_KEY: ${{ secrets.EC2_SSH_KEY }}
EC2_USERNAME: ${{ secrets.EC2_USERNAME }}
EC2_HOST: ${{ secrets.EC2_HOST }}
run: |
echo "$EC2_SSH_KEY" > edison.pem
chmod 600 edison.pem
# 1️⃣ EC2 홈 디렉토리로 nginx.conf 파일 업로드
scp -i edison.pem -o StrictHostKeyChecking=no ./nginx/nginx.conf $EC2_USERNAME@$EC2_HOST:/home/$EC2_USERNAME/nginx.conf
# 2️⃣ EC2 접속 후 sudo 권한으로 파일 이동 및 NGINX 재시작
ssh -i edison.pem -o StrictHostKeyChecking=no $EC2_USERNAME@$EC2_HOST "
sudo mv /home/$EC2_USERNAME/nginx.conf /etc/nginx/nginx.conf
sudo chown root:root /etc/nginx/nginx.conf
sudo chmod 644 /etc/nginx/nginx.conf
sudo nginx -t && sudo systemctl reload nginx
"
# 3️⃣ Redis 설치 및 실행 (Ubuntu 전용)
ssh -i edison.pem -o StrictHostKeyChecking=no $EC2_USERNAME@$EC2_HOST "
if ! command -v redis-server &> /dev/null
then
echo 'Redis가 설치되어 있지 않습니다. 설치를 진행합니다.'
sudo apt update
sudo apt install -y redis
else
echo 'Redis가 이미 설치되어 있습니다.'
fi
# Redis 서버 시작 및 활성화
sudo systemctl start redis
sudo systemctl enable redis
sudo systemctl status redis
"
# 4️⃣ 민감한 정보 삭제
rm -f edison.pem