배포 스크립트 백업

기존 배포 스크립트

# deploy.yml

# GitHub Actions 워크플로우의 이름
name: deploy

# 워크플로우를 언제 실행할지 지정
on:
  push: #테스트를 위한 push
    branches:
      - main
      - dev

# 권한 설정
permissions:
  contents: read

# Jobs 정의
jobs:

  # AWS 컨테이너 레지스트리로 푸시하는 작업
  push_to_registry:
    name: Push to AWS Container Registry
    runs-on: ubuntu-latest

    # 작업 단계 정의
    steps:
      - name: Checkout
        uses: actions/checkout@v3

      - name: Set up JDK 17
        uses: actions/setup-java@v3
        with:
          java-version: '17'
          distribution: 'corretto'

      - name: make application-prod.yml
        if: contains(github.ref, 'dev') || contains(github.ref, 'main')
        run: |
          echo ${{ github.ref }}
          cd ./src/main/resources
          touch ./application-prod.yml
          echo "${{ secrets.YML_PROD }}" > ./application-prod.yml
        shell: bash

      - name: Grant execute permission for gradlew
        run: chmod +x ./gradlew
        shell: bash

      - name: Build with Gradle
        env:
          SPRING_PROFILES_ACTIVE: prod
        run: ./gradlew clean build --stacktrace
        shell: bash

      # Docker 이미지 빌드
      - name: Docker build
        if: contains(github.ref, 'dev') || contains(github.ref, 'main')
        # Docker 이미지 빌드 및 태그 # Docker 이미지 푸시
        run: |
          docker login -u ${{ secrets.DOCKER_USER }} -p ${{ secrets.DOCKER_PASSWORD }}
          docker build -t moayoeats -f ./infra/Dockerfile .
          docker tag moayoeats:latest ${{ secrets.DOCKER_USER }}/moayoeats:latest
          docker push ${{ secrets.DOCKER_USER }}/moayoeats:latest

  # AWS 컨테이너 레지스트리에서 서버로 풀하는 작업
  pull_from_registry:
    name: Connect server SSH and pull from Container Registry
    needs: push_to_registry
    runs-on: ubuntu-latest

    # 작업 단계 정의
    steps:
      - name: Get GitHub Actions IP
        id: ip
        uses: haythem/public-ip@v1.2

      - name: Setting environment variables
        run: |
          echo "AWS_DEFAULT_REGION=ap-northeast-2" >> $GITHUB_ENV
          echo "AWS_SG_NAME=launch-wizard-1" >> $GITHUB_ENV

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.ACCESS_KEY_SECRET }}
          aws-region: ap-northeast-2

      - name: Add GitHub Actions IP to Security group
        # 보안 그룹에 GitHub Actions IP 추가
        run: |
          aws ec2 authorize-security-group-ingress --group-name ${{ env.AWS_SG_NAME }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.ACCESS_KEY_SECRET }}
          AWS_DEFAULT_REGION: ap-northeast-2

      - name: Deploy to prod
        if: contains(github.ref, 'dev') || contains(github.ref, 'main')
        uses: appleboy/ssh-action@master
        with:
          host: ${{ secrets.HOST_NAME }}
          username: ${{ secrets.EC2_INSTANCE_USER_NAME }}
          key: ${{ secrets.AWS_PRIVATE_KEY }}
          port: ${{ secrets.AWS_PORT }}
          # Docker 이미지 풀 및 컨테이너 배포 # 사용하지 않는 Docker 이미지 정리
          script: |
            docker pull ${{ secrets.DOCKER_USER }}/moayoeats:latest
            docker stop moayoeats
            docker rm moayoeats
            docker run -d --network moayoeats --name moayoeats -p 8080:8080 ${{ secrets.DOCKER_USER }}/moayoeats:latest

            if docker images -f "dangling=true" -q | grep . > /dev/null; then
              docker rmi $(docker images -f "dangling=true" -q)
            fi

      # 1. AWS 보안 그룹에서 GitHub Actions IP의 인바운드(Ingress) 규칙을 제거합니다.
      - name: Remove GitHub Actions IP from security group
        run: |
          aws ec2 revoke-security-group-ingress --group-name ${{ env.AWS_SG_NAME }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.ACCESS_KEY_SECRET }}
          AWS_DEFAULT_REGION: ap-northeast-2

name: Build check

on:
  push:
    branches:
      - dev
  pull_request:
    branches:
      - dev

permissions:
  contents: read
  issues: read
  checks: write
  pull-requests: write

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Set up CI server
        uses: actions/checkout@v3
      - name: Set up JDK 17
        uses: actions/setup-java@v3
        with:
          java-version: '17'
          distribution: 'zulu'

      # Gradle caching
      #      - name: Gradle Caching
      #        uses: actions/cache@v3
      #        with:
      #          path: |
      #            ~/.gradle/caches
      #            ~/.gradle/wrapper
      #          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
      #          restore-keys: |
      #            ${{ runner.os }}-gradle-

      - name: Grant execute permission for gradlew
        run: chmod +x gradlew

      # Build Gradle
      - name: Build with Gradle
        # test code는 빌드하지 않음 # test code까지 빌드 # fix : 해당 사항 test 완성 후 변경 # run: ./gradlew build
        run: ./gradlew build

      - name: Publish Test Results
        uses: EnricoMi/publish-unit-test-result-action@v2
        if: always()  # 테스트가 실패하여도 Report를 보기 위해 `always`로 설정
        with:
          files: |
            build/test-results/**/*.xml

으악 ?