[feat] 발행, 구독시 토큰 검증 추가 #53
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow uses actions that are not certified by GitHub. | |
# They are provided by a third-party and are governed by | |
# separate terms of service, privacy policy, and support | |
# documentation. | |
# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time | |
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle | |
name: Deploy | |
on: | |
push: | |
branches: [ "main" ] | |
pull_request: | |
branches: [ "main" ] | |
permissions: | |
contents: read | |
jobs: | |
build: | |
runs-on: ubuntu-latest # 실행될 인스턴스 OS와 버전 | |
steps: | |
# 기본 체크아웃 | |
# 지정한 저장소(현재 REPO)에서 코드를 워크플로우 환경으로 가져오도록 하는 github action | |
- name: Checkout | |
uses: actions/checkout@v3 | |
# Gradlew 실행 허용 | |
- name: Run chmod to make gradlew executable | |
run: chmod +x ./gradlew | |
# JDK 11 세팅 | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
# 환경 변수 설정 | |
- name: Make application.properties | |
run: | | |
cd ./src/main/resources | |
touch ./application.properties | |
echo "${{ secrets.APPLICATION }}" > ./application.properties | |
shell: bash | |
# Gradle build (Test 제외) | |
- name: Build with Gradle | |
run: | | |
./gradlew clean bootJar -x test | |
# Docker login | |
- name: Login to DockerHub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
# Docker build | |
- name: Docker build & push to docker repo | |
run: | | |
docker build -t ${{ secrets.DOCKERHUB_REPOSITORY }} . | |
docker tag ${{ secrets.DOCKERHUB_REPOSITORY }} ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}:${GITHUB_SHA::7} | |
docker push ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}:${GITHUB_SHA::7} | |
# Deploy | |
# appleboy/ssh-action@master 액션을 사용하여 지정한 서버에 ssh로 접속하고, script를 실행합니다. | |
# script의 내용은 도커의 기존 프로세스들을 제거하고, docker repo로부터 방금 위에서 push한 내용을 pull 받아 실행하는 것입니다. | |
# 실행 시, docker-compose를 사용합니다. | |
- name: Deploy | |
uses: appleboy/ssh-action@master | |
with: | |
host: ${{ secrets.HOST }} # EC2 인스턴스 퍼블릭 DNS | |
username: ${{ secrets.SSH_USERNAME }} | |
key: ${{ secrets.SSH_PRIVATE_KEY }} # pem 키 | |
#passphrase: ${{ secrets.SSH_PASSPHRASE }} | |
envs: GITHUB_SHA | |
script: | | |
echo "${{ secrets.DOCKERHUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin | |
docker pull ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}:${GITHUB_SHA::7} | |
docker tag ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.DOCKERHUB_REPOSITORY }}:${GITHUB_SHA::7} gc_spring | |
docker-compose -p grocery up -d | |
debug: true |