Merge pull request #17 from CAPS-DGU/feat/#16-security #25
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Development CI/CD | |
| on: | |
| push: | |
| branches: [ develop ] | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| # 📂 빌드 전에 환경변수를 로드하도록 설정 | |
| - name: Create application.yml for build | |
| run: | | |
| mkdir -p ./src/main/resources | |
| echo "${{ secrets.DEVELOPMENT_APPLICATION }}" > ./src/main/resources/application.yml | |
| # Gradle 캐시 설정 (Gradle Wrapper 포함) | |
| - name: Cache Gradle packages | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: gradle-${{ runner.os }}-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
| restore-keys: | | |
| gradle-${{ runner.os }}- | |
| - name: Build with Gradle Wrapper (Skip Tests) | |
| run: ./gradlew build -x test | |
| # Docker 빌드 및 Docker Hub에 푸시 | |
| - name: Docker build & push to Docker Hub | |
| run: | | |
| echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin | |
| docker build -t ${{ secrets.DOCKER_USERNAME }}/caps-dev:${{ github.sha }} . | |
| docker push ${{ secrets.DOCKER_USERNAME }}/caps-dev:${{ github.sha }} | |
| docker logout | |
| # EC2에 배포 | |
| - name: Docker image pull & deploy to EC2 | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.DEV_EC2_HOST }} | |
| username: ubuntu | |
| key: ${{ secrets.DEV_EC2_PRIVATE_KEY }} | |
| script: | | |
| set -e # 에러 발생 시 즉시 스크립트 종료 | |
| # 네트워크가 존재하는지 확인하고, 없으면 생성 | |
| if [ -z "$(sudo docker network ls | grep caps-network)" ]; then | |
| sudo docker network create caps-network | |
| fi | |
| # Redis 컨테이너 배포: 네트워크에 연결, 포트 매핑 (내부 통신용) | |
| echo "🚀 Redis 컨테이너 배포 중..." | |
| if [ "$(sudo docker inspect --format='{{.State.Running}}' redis 2>/dev/null)" != "true" ]; then | |
| sudo docker pull redis:alpine | |
| sudo docker run -d --name redis --network caps-network -p 6379:6379 redis:alpine | |
| fi | |
| echo "🚀 최신 Docker 이미지 Pull 중..." | |
| sudo docker pull ${{ secrets.DOCKER_USERNAME }}/caps-dev:${{ github.sha }} | |
| echo "🛑 기존 컨테이너 중지 및 삭제" | |
| if [ "$(sudo docker inspect --format='{{.State.Running}}' caps-dev 2>/dev/null)" = "true" ]; then | |
| sudo docker stop caps-dev | |
| sudo docker rm caps-dev | |
| fi | |
| echo "📂 yml 파일을 저장할 디렉토리 생성" | |
| sudo mkdir -p /home/ubuntu/app/src/main/resources | |
| sudo chown -R ubuntu:ubuntu /home/ubuntu/app # ubuntu 사용자가 접근 가능하도록 변경 | |
| sudo chmod -R 755 /home/ubuntu/app # 디렉토리에 읽기, 쓰기, 실행 권한 부여 | |
| echo "📄 yml 파일 생성 및 GitHub Secrets 값 적용" | |
| echo "${{ secrets.DEVELOPMENT_APPLICATION }}" | sudo tee /home/ubuntu/app/src/main/resources/application.yml > /dev/null | |
| sudo chmod 644 /home/ubuntu/app/src/main/resources/application.yml # 모든 사용자 읽기 가능, 소유자만 쓰기 가능 | |
| echo "🚀 새 컨테이너 실행 중..." | |
| sudo docker run -d --log-driver=syslog --name caps-dev --network caps-network -p 8080:8080 \ | |
| -v /home/ubuntu/app/src/main/resources:/app/src/main/resources \ | |
| --restart always \ | |
| ${{ secrets.DOCKER_USERNAME }}/caps-dev:${{ github.sha }} | |
| echo "✅ 실행 중인 컨테이너 확인" | |
| sudo docker ps -a | grep "caps-dev" | |
| echo "🧹 사용하지 않는 Docker 이미지 정리" | |
| sudo docker system prune -af |