Skip to content

Merge pull request #29 from SafeNet-2024/feature/add-security #50

Merge pull request #29 from SafeNet-2024/feature/add-security

Merge pull request #29 from SafeNet-2024/feature/add-security #50

Workflow file for this run

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle
name: Deploy
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest # ์‹คํ–‰๋  ์ธ์Šคํ„ด์Šค OS์™€ ๋ฒ„์ „
steps:
# ๊ธฐ๋ณธ ์ฒดํฌ์•„์›ƒ
# ์ง€์ •ํ•œ ์ €์žฅ์†Œ(ํ˜„์žฌ REPO)์—์„œ ์ฝ”๋“œ๋ฅผ ์›Œํฌํ”Œ๋กœ์šฐ ํ™˜๊ฒฝ์œผ๋กœ ๊ฐ€์ ธ์˜ค๋„๋ก ํ•˜๋Š” github action
- name: Checkout
uses: actions/checkout@v3
# Gradlew ์‹คํ–‰ ํ—ˆ์šฉ
- name: Run chmod to make gradlew executable
run: chmod +x ./gradlew
# JDK 11 ์„ธํŒ…
- name: Set up JDK 17
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'temurin'
# ํ™˜๊ฒฝ ๋ณ€์ˆ˜ ์„ค์ •
- name: Make application.properties
run: |
cd ./src/main/resources
touch ./application.properties
echo "${{ secrets.APPLICATION }}" > ./application.properties
shell: bash
# Gradle build (Test ์ œ์™ธ)
- name: Build with Gradle
run: |
./gradlew clean bootJar -x test
# Docker login
- name: Login to DockerHub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
# Docker build
- name: Docker build & push to docker repo
run: |
docker build -t ${{ secrets.DOCKERHUB_REPOSITORY }} .
docker tag ${{ secrets.DOCKERHUB_REPOSITORY }} ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}:${GITHUB_SHA::7}
docker push ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}:${GITHUB_SHA::7}
# Deploy
# appleboy/ssh-action@master ์•ก์…˜์„ ์‚ฌ์šฉํ•˜์—ฌ ์ง€์ •ํ•œ ์„œ๋ฒ„์— ssh๋กœ ์ ‘์†ํ•˜๊ณ , script๋ฅผ ์‹คํ–‰ํ•ฉ๋‹ˆ๋‹ค.
# script์˜ ๋‚ด์šฉ์€ ๋„์ปค์˜ ๊ธฐ์กด ํ”„๋กœ์„ธ์Šค๋“ค์„ ์ œ๊ฑฐํ•˜๊ณ , docker repo๋กœ๋ถ€ํ„ฐ ๋ฐฉ๊ธˆ ์œ„์—์„œ pushํ•œ ๋‚ด์šฉ์„ pull ๋ฐ›์•„ ์‹คํ–‰ํ•˜๋Š” ๊ฒƒ์ž…๋‹ˆ๋‹ค.
# ์‹คํ–‰ ์‹œ, docker-compose๋ฅผ ์‚ฌ์šฉํ•ฉ๋‹ˆ๋‹ค.
- name: Deploy
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.HOST }} # EC2 ์ธ์Šคํ„ด์Šค ํผ๋ธ”๋ฆญ DNS
username: ${{ secrets.SSH_USERNAME }}
key: ${{ secrets.SSH_PRIVATE_KEY }} # pem ํ‚ค
#passphrase: ${{ secrets.SSH_PASSPHRASE }}
envs: GITHUB_SHA
script: |
echo "${{ secrets.DOCKERHUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin
docker pull ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}:${GITHUB_SHA::7}
docker tag ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}:${GITHUB_SHA::7} gc_spring
docker-compose -p grocery up -d
debug: true