sopt-auth-backend/.github/workflows/cd-dev-ec2.yml at dev · sopt-makers/sopt-auth-backend · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
name: Continuous Deployment for SOPT makers Authentication Development EC2 Server

on:
  workflow_dispatch:
  push:
    branches: [ dev ]

jobs:

  build-and-push-image:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: ✅ Set up JDK 21
        uses: actions/setup-java@v3
        with:
          java-version: 21
          distribution: 'corretto'
          cache: gradle

      - name: 🔒 Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
          aws-region: ${{ secrets.AWS_REGION }}

      - name: ⚙️ Create Property File
        run: |
          touch ./gradle.properties
          echo "${{ secrets.PROPERTY_GRADLE }}" >> ./gradle.properties

      - name: 📂 Download Keys and Env from S3
        env:
          REGION: ${{ secrets.AWS_REGION }}
          S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
          JWT_PUBLIC_KEY_PATH: ${{ secrets.JWT_PUBLIC_KEY_PATH }}
          JWT_PRIVATE_KEY_PATH: ${{ secrets.JWT_PRIVATE_KEY_PATH }}
          TEST_ENV_PATH: ${{ secrets.ENV_FILE_PATH_TEST }}
        run: |
          mkdir -p ./src/main/resources
          aws s3 cp s3://$S3_BUCKET/dev/static/$JWT_PUBLIC_KEY_PATH ./src/main/resources/jwt_public_key.pem --region $REGION
          aws s3 cp s3://$S3_BUCKET/dev/static/$JWT_PRIVATE_KEY_PATH ./src/main/resources/jwt_private_key.pem --region $REGION
          mkdir -p ./src/main/resources/env
          aws s3 cp s3://$S3_BUCKET/dev/$TEST_ENV_PATH ./src/main/resources/env/test.env --region $REGION

      - name: 🧱 Build and Test with Gradle
        run: ./gradlew build --no-daemon
        shell: bash

      - name: 🧱 Build Image and Push to ECR Public
        env:
          AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
          AWS_ECR_REPO: ${{ secrets.AWS_ECR_REPO_DEV }}
          GITHUB_SHA: ${{ github.sha }}
        run: |
          IMAGE_SHA_TAG=$(echo $GITHUB_SHA | cut -c1-8)

          aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws

          docker build --build-arg PROFILE=dev \
            -t public.ecr.aws/$AWS_ACCOUNT_ID/$AWS_ECR_REPO:latest \
            -t public.ecr.aws/$AWS_ACCOUNT_ID/$AWS_ECR_REPO:$IMAGE_SHA_TAG .

          docker push public.ecr.aws/$AWS_ACCOUNT_ID/$AWS_ECR_REPO:latest
          docker push public.ecr.aws/$AWS_ACCOUNT_ID/$AWS_ECR_REPO:$IMAGE_SHA_TAG

      - name: 🗑️ Prune old ECR Public images (keep 2 latest)
        env:
          ECR_APP_NAME: ${{ secrets.AWS_ECR_REPO_DEV }}
        run: |
          echo "Pruning old images, keeping only 2 most recent..."
          IMAGES=$(aws ecr-public describe-images \
            --region us-east-1 \
            --repository-name $ECR_APP_NAME \
            --query 'sort_by(imageDetails,& imagePushedAt)[*].imageDigest' \
            --output json)

          COUNT=$(echo $IMAGES | jq length)

          if [ "$COUNT" -gt 2 ]; then
            TO_DELETE=$(echo $IMAGES | jq -c ".[:$((COUNT-2))] | [{imageDigest: .[]}]")
            if [ "$TO_DELETE" != "[]" ]; then
              aws ecr-public batch-delete-image \
                --region us-east-1 \
                --repository-name $ECR_APP_NAME \
                --image-ids "$TO_DELETE"
            else
              echo "No images to delete."
            fi
          else
            echo "Less than or equal to 2 images, skipping prune."
          fi

  deploy:
    needs: build-and-push-image
    runs-on: ubuntu-latest
    steps:
      - name: 📥 Checkout Source
        uses: actions/checkout@v3

      - name: 🔒 Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
          aws-region: ${{ secrets.AWS_REGION }}

      - name: 📂 Download Keys and Env from S3
        env:
          REGION: ${{ secrets.AWS_REGION }}
          S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
          JWT_PUBLIC_KEY_PATH: ${{ secrets.JWT_PUBLIC_KEY_PATH }}
          JWT_PRIVATE_KEY_PATH: ${{ secrets.JWT_PRIVATE_KEY_PATH }}
          DEV_ENV_FILE_PATH: ${{ secrets.ENV_FILE_PATH_DEV }}
        run: |
          mkdir -p ./key
          aws s3 cp s3://$S3_BUCKET/dev/static/$JWT_PUBLIC_KEY_PATH ./key/jwt_public_key.pem --region $REGION
          aws s3 cp s3://$S3_BUCKET/dev/static/$JWT_PRIVATE_KEY_PATH ./key/jwt_private_key.pem --region $REGION
          aws s3 cp s3://$S3_BUCKET/dev/$DEV_ENV_FILE_PATH .env --region $REGION

      - name: 🔄 Transfer Deployment Files to EC2
        uses: appleboy/scp-action@master
        with:
          host: ${{ secrets.HOST_DEV }}
          username: ec2-user
          key: ${{ secrets.PEM_KEY_DEV }}
          port: 22
          source: ".env,docker-compose.yml,scripts,key"
          target: /home/ec2-user/authentication
          overwrite: true

      - name: 🚀 Remote SSH Deployment
        uses: appleboy/ssh-action@master
        with:
          host: ${{ secrets.HOST_DEV }}
          username: ec2-user
          key: ${{ secrets.PEM_KEY_DEV }}
          port: 22
          script: |
            sudo chmod +x /home/ec2-user/authentication/scripts/*.sh
            cd /home/ec2-user/authentication/scripts
            ./deploy.sh