Merge branch 'prod' of https://github.com/Team-SilverTown/Team-Silver… #14
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy prod API to Amazon ECS | |
| on: | |
| push: | |
| branches: [ "prod" ] | |
| permissions: | |
| contents: read | |
| env: | |
| AWS_REGION: ap-northeast-2 | |
| SERVER_PORT: 8080 | |
| jobs: | |
| job: | |
| name: Deploy prod API | |
| runs-on: ubuntu-latest | |
| environment: prod | |
| steps: | |
| - name: 체크 아웃 | |
| uses: actions/checkout@v3 | |
| - name: JDK 17 설치 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'corretto' | |
| - name: AWS credentials 설정 | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: application.yml 오버라이드 | |
| uses: microsoft/variable-substitution@v1 | |
| with: | |
| files: ./src/main/resources/application.yml | |
| env: | |
| server.port: ${{ env.SERVER_PORT }} | |
| cors.service-origin: ${{ secrets.SERVICE_ORIGIN }} | |
| sentry.dsn: ${{ secrets.SENTRY_DSN }} | |
| spring.datasource.driver-class-name: ${{ secrets.DRIVER_CLASS_NAME }} | |
| spring.datasource.username: ${{ secrets.MYSQL_USERNAME }} | |
| spring.datasource.password: ${{ secrets.MYSQL_PASSWORD }} | |
| spring.datasource.url: ${{ secrets.MYSQL_URL }} | |
| spring.data.redis.host: ${{ secrets.REDIS_HOST }} | |
| spring.data.redis.port: ${{ secrets.REDIS_PORT }} | |
| spring.cloud.aws.credentials.accessKey: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| spring.cloud.aws.credentials.secretKey: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| spring.cloud.aws.region.static: ${{ env.AWS_REGION }} | |
| spring.cloud.aws.s3.bucket: ${{ secrets.AWS_S3_IMAGE_BUCKET }} | |
| spring.cloud.aws.s3.endpoint: ${{ secrets.AWS_S3_IMAGE_ENDPOINT }} | |
| jwt.issuer: ${{ secrets.TOKEN_ISSUER }} | |
| jwt.base64-secret: ${{ secrets.TOKEN_SECRET }} | |
| jwt.access-token-validity-in-seconds: ${{ secrets.ACCESS_TOKEN_EXPIRATION }} | |
| jwt.refresh-token-validity-in-seconds: ${{ secrets.REFRESH_TOKEN_EXPIRATION }} | |
| - name: Redis 실행 | |
| uses: supercharge/[email protected] | |
| with: | |
| redis-version: 7.2.4-alpine | |
| redis-port: 6379 | |
| - name: 프로젝트 빌드 | |
| uses: gradle/[email protected] | |
| with: | |
| arguments: clean build | |
| - name: Amazon ECR 로그인 | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: docker 이미지 업로드 | |
| id: build-image | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY }} | |
| IMAGE_TAG: ${{ github.sha }} | |
| PROFILE: ${{ vars.SPRING_ACTIVE_PROFILE }} | |
| run: | | |
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG --build-arg PROFILE=$PROFILE . | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT | |
| - name: Amazon ECS task definition 이미지 설정 | |
| id: task-def | |
| uses: aws-actions/amazon-ecs-render-task-definition@v1 | |
| with: | |
| task-definition: ${{ vars.ECS_TASK_DEFINITION }} | |
| container-name: ${{ vars.CONTAINER_NAME }} | |
| image: ${{ steps.build-image.outputs.image }} | |
| - name: Amazon ECS task definition 배포 | |
| uses: aws-actions/amazon-ecs-deploy-task-definition@v1 | |
| with: | |
| task-definition: ${{ steps.task-def.outputs.task-definition }} | |
| service: ${{ vars.ECS_SERVICE }} | |
| cluster: ${{ vars.ECS_CLUSTER }} | |
| wait-for-service-stability: true |