Merge pull request #35 from SafeNet-2024/feature/add-security #65

Summary
Jobs
- build
Run details
- Usage
- Workflow file

Workflow file for this run

	# This workflow uses actions that are not certified by GitHub.
	# They are provided by a third-party and are governed by
	# separate terms of service, privacy policy, and support
	# documentation.
	# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
	# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle

	name: Deploy

	on:
	push:
	branches: [ "main" ]
	pull_request:
	branches: [ "main" ]

	permissions:
	contents: read

	jobs:
	build:
	runs-on: ubuntu-latest # 실행될 인스턴스 OS와 버전

	steps:
	# 기본 체크아웃
	# 지정한 저장소(현재 REPO)에서 코드를 워크플로우 환경으로 가져오도록 하는 github action
	- name: Checkout
	uses: actions/checkout@v3
	# Gradlew 실행 허용
	- name: Run chmod to make gradlew executable
	run: chmod +x ./gradlew
	# JDK 11 세팅
	- name: Set up JDK 17
	uses: actions/setup-java@v3
	with:
	java-version: '17'
	distribution: 'temurin'
	# 환경 변수 설정
	- name: Make application.properties
	run: \|
	cd ./src/main/resources
	touch ./application.properties
	echo "${{ secrets.APPLICATION }}" > ./application.properties
	shell: bash
	# Gradle build (Test 제외)
	- name: Build with Gradle
	run: \|
	./gradlew clean bootJar -x test
	# Docker login
	- name: Login to DockerHub
	uses: docker/login-action@v2
	with:
	username: ${{ secrets.DOCKERHUB_USERNAME }}
	password: ${{ secrets.DOCKERHUB_PASSWORD }}
	# Docker build
	- name: Docker build & push to docker repo
	run: \|
	docker build -t ${{ secrets.DOCKERHUB_REPOSITORY }} .
	docker tag ${{ secrets.DOCKERHUB_REPOSITORY }} ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}:${GITHUB_SHA::7}
	docker push ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}:${GITHUB_SHA::7}
	# Deploy
	# appleboy/ssh-action@master 액션을 사용하여 지정한 서버에 ssh로 접속하고, script를 실행합니다.
	# script의 내용은 도커의 기존 프로세스들을 제거하고, docker repo로부터 방금 위에서 push한 내용을 pull 받아 실행하는 것입니다.
	# 실행 시, docker-compose를 사용합니다.
	- name: Deploy
	uses: appleboy/ssh-action@master
	with:
	host: ${{ secrets.HOST }} # EC2 인스턴스 퍼블릭 DNS
	username: ${{ secrets.SSH_USERNAME }}
	key: ${{ secrets.SSH_PRIVATE_KEY }} # pem 키
	#passphrase: ${{ secrets.SSH_PASSPHRASE }}
	envs: GITHUB_SHA
	script: \|
	echo "${{ secrets.DOCKERHUB_PASSWORD }}" \| docker login -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin
	docker pull ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}:${GITHUB_SHA::7}
	docker tag ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}:${GITHUB_SHA::7} gc_spring
	docker-compose -p grocery up -d
	debug: true

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Merge pull request #35 from SafeNet-2024/feature/add-security #65

Workflow file

Merge pull request #35 from SafeNet-2024/feature/add-security #65

Jobs

Run details

Workflow file for this run