be_badata/.github/workflows/cd.yml at develop · Ureca-Final-Project-Team2/be_badata · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
name: CD - upload to EC2

on:
  push:
    branches:
      - main
      - develop

jobs:
  upload-to-ec2 :
    runs-on: ubuntu-latest

    services:
      postgres:
        image: postgres:16
        env:
          POSTGRES_DB: ${{ secrets.DB_DATABASE_NAME }}
          POSTGRES_USER: ${{ secrets.DB_USERNAME }}
          POSTGRES_PASSWORD: ${{ secrets.DB_PASSWORD }}
        ports:
          - 5432:5432
        options: >-
          --health-cmd pg_isready
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5

    steps:
      - name: 소스 코드 Checkout
        uses: actions/checkout@v4

      - name: Redis 실행
        uses: supercharge/redis-github-action@1.6.0

      - name: elasticsearch 실행
        uses: getong/elasticsearch-action@v1.3
        with:
          elasticsearch version: '8.11.0'
          host port: 9200
          container port: 9200
          host node port: 9300
          node port: 9300
          discovery type: 'single-node'

      - name: logstash 실행
        uses: sjafferali/logstash-config-lint-action@v1
        with:
          linter-version: '0.5.3'
          config-directory: './'

      - name: .env 설정
        run: |
          echo "SPRING_PROFILES_ACTIVE=ci" >> $GITHUB_ENV
          echo "DB_URL=${{ secrets.DB_URL }}" >> $GITHUB_ENV
          echo "DB_USERNAME=${{ secrets.DB_USERNAME }}" >> $GITHUB_ENV
          echo "DB_PASSWORD=${{ secrets.DB_PASSWORD }}" >> $GITHUB_ENV
          echo "REDIS_HOST=${{ secrets.REDIS_HOST }}" >> $GITHUB_ENV
          echo "REDIS_PORT=${{ secrets.REDIS_PORT }}" >> $GITHUB_ENV
          echo "JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}" >> $GITHUB_ENV
          echo "JWT_VALIDATION_TIME=${{ secrets.JWT_VALIDATION_TIME }}" >> $GITHUB_ENV
          echo "SOCIAL_CLIENT_ID=${{ secrets.SOCIAL_CLIENT_ID }}" >> $GITHUB_ENV
          echo "SOCIAL_SECRET=${{ secrets.SOCIAL_SECRET }}" >> $GITHUB_ENV
          echo "API_KEY=${{ secrets.API_KEY }}" >> $GITHUB_ENV
          echo "API_SECRET=${{ secrets.API_SECRET }}" >> $GITHUB_ENV
          echo "S3_ACCESS_KEY=${{ secrets.S3_ACCESS_KEY }}" >> $GITHUB_ENV
          echo "S3_SECRET_KEY=${{ secrets.S3_SECRET_KEY }}" >> $GITHUB_ENV
          echo "S3_BUCKET_NAME=${{ secrets.S3_BUCKET_NAME }}" >> $GITHUB_ENV
          echo "S3_BUCKET_URL=${{ secrets.S3_BUCKET_URL }}" >> $GITHUB_ENV
          echo "LOGSTASH_URL=${{ secrets.LOGSTASH_URL }}" >> $GITHUB_ENV
          echo "OCR_JSON=${{ secrets.OCR_JSON }}" >> $GITHUB_ENV
          echo "FIRE_BASE_JSON=${{ secrets.FIRE_BASE_JSON }}" >> $GITHUB_ENV
          echo "ELK_SERVER_URL=${{ secrets.ELK_SERVER_URL }}" >> $GITHUB_ENV
          echo "ELK_PEM_KEY=${{ secrets.ELK_PEM_KEY }}" >> $GITHUB_ENV
          echo "GOOGLE_MAIL=${{ secrets.GOOGLE_MAIL }}" >> $GITHUB_ENV
          echo "GOOGLE_MAIL_PASSWORD=${{ secrets.GOOGLE_MAIL_PASSWORD }}" >> $GITHUB_ENV

      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: 'temurin'

      - name: 실행 권한 부여
        run: chmod +x ./gradlew

      - name: firebase.json 복원
        run: |
          echo "${{ secrets.FIRE_BASE_BASE_64_JSON }}" | base64 -d > src/main/resources/firebase.json

      - name: 빌드 테스트
        run: ./gradlew clean build -x test

      - name: Docker Hub 로그인
        run: echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin

      - name: Build 후 Docker image push
        run: |
          docker build -t ${{ secrets.DOCKER_USERNAME }}/badata:latest .
          docker push ${{ secrets.DOCKER_USERNAME }}/badata:latest

      - name: EC2 배포
        uses: appleboy/ssh-action@v1.0.0
        with:
          host: ${{ secrets.EC2_HOST }}
          username: ubuntu
          key: ${{ secrets.EC2_SSH_KEY }}
          script: |
            cd /home/ubuntu

            echo "기존 컨테이너 중지 및 제거"
            docker stop badata_be || true
            docker rm badata_be || true

            echo "새로운 이미지 빌드"
            docker pull ${{ secrets.DOCKER_USERNAME }}/badata:latest
            docker run --add-host host.docker.internal:host-gateway --env-file ~/be_badata/.env -v ~/be_badata${{ secrets.OCR_JSON }}:/BaData/src${{ secrets.OCR_JSON }} -d -p 8080:8080 --name badata_be ${{ secrets.DOCKER_USERNAME }}/badata:latest

            echo "elasticsearch, logstash ssh 연결"
            docker cp /home/ubuntu/be_badata/${{ secrets.ELK_PEM_KEY }} badata_be:/
            docker exec -i badata_be bash -c "apt update && apt install -y openssh-client"
            docker exec -i badata_be bash -c "ssh -o StrictHostKeyChecking=no -i ${{ secrets.ELK_PEM_KEY }} -L 5000:localhost:5000 ${{ secrets.ELK_SERVER_URL }} -f -N"
            docker exec -i badata_be bash -c "ssh -o StrictHostKeyChecking=no -i ${{ secrets.ELK_PEM_KEY }} -L 9200:localhost:9200 ${{ secrets.ELK_SERVER_URL }} -f -N"

            echo "배포 완료"