diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml new file mode 100644 index 00000000..5408d4c5 --- /dev/null +++ b/.github/workflows/build-and-deploy.yml @@ -0,0 +1,126 @@ +name: Release - Code Deploy with Github Actions (WIF & IAP Version) + +on: +# push: +# tags: +# - 'v*' + push: + branches: [ main ] # 버전 관리 적용 전 임의로 0.0.0 버전으로 생성 및 적용 + +env: + PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} + IMAGE_NAME: pfplay-api + GCE_INSTANCE: pfplay-api + GCE_ZONE: asia-northeast3-a + +jobs: + deploy: + name: Build, Dockerize & Deploy + runs-on: ubuntu-latest + permissions: + contents: write # GitHub Release 생성 + packages: write # GHCR 이미지 push + id-token: write # WIF 인증 + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Extract release version from tag + run: echo "RELEASE_VERSION=0.0.0" >> $GITHUB_ENV +# run: echo "RELEASE_VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV + + # --- [빌드] --- + - name: Set up JDK + uses: actions/setup-java@v4 + with: + java-version: '17' + distribution: 'temurin' + cache: 'gradle' + + - name: Build with Gradle + run: chmod +x ./gradlew && ./gradlew :app:build -x test + + # --- [릴리스 생성] --- +# - name: Create GitHub Release +# uses: softprops/action-gh-release@v2 +# with: +# tag_name: ${{ env.RELEASE_VERSION }} +# name: Release ${{ env.RELEASE_VERSION }} +# generate_release_notes: true + + # --- [도커화 및 GHCR 업로드] --- + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + - name: Login to GitHub Container Registry + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build and Push image + uses: docker/build-push-action@v5 + with: + context: . + file: ./app/Dockerfile + push: true + tags: | + ghcr.io/pfplay/${{ env.IMAGE_NAME }}:latest + ghcr.io/pfplay/${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }} + cache-from: type=gha + cache-to: type=gha,mode=max + + # --- [GCP 인증] --- + - name: Authenticate to Google Cloud + id: auth + uses: google-github-actions/auth@v2 + with: + workload_identity_provider: ${{ secrets.WIF_PROVIDER }} + service_account: ${{ secrets.WIF_SERVICE_ACCOUNT }} + + - name: Set up Cloud SDK + uses: google-github-actions/setup-gcloud@v2 + + # --- [환경변수 파일 생성 및 전송] --- + - name: Generate .env file + run: echo "${{ secrets.DOT_ENV }}" > pfplay.env + + - name: Copy .env to VM + run: | + gcloud compute scp pfplay.env ${{ env.GCE_INSTANCE }}:/tmp/pfplay.env \ + --zone=${{ env.GCE_ZONE }} \ + --tunnel-through-iap \ + --project=${{ env.PROJECT_ID }} + + # --- [IAP 배포] --- + - name: Check SSH username + run: | + gcloud compute ssh ${{ env.GCE_INSTANCE }} \ + --zone=${{ env.GCE_ZONE }} \ + --tunnel-through-iap \ + --project=${{ env.PROJECT_ID }} \ + --command="whoami" + + - name: Deploy to VM via IAP Tunnel + run: | + gcloud compute ssh ${{ env.GCE_INSTANCE }} \ + --zone=${{ env.GCE_ZONE }} \ + --tunnel-through-iap \ + --project=${{ env.PROJECT_ID }} \ + --command=" + echo '${{ secrets.PACKAGE_ACCESS_TOKEN }}' | docker login ghcr.io -u JeekLee --password-stdin && + docker pull ghcr.io/pfplay/${{ env.IMAGE_NAME }}:latest && + docker stop pfplay-api 2>/dev/null || true && + docker rm pfplay-api 2>/dev/null || true && + mv /tmp/pfplay.env ~/pfplay.env && chmod 600 ~/pfplay.env && + docker run -d \ + --name pfplay-api \ + --network api_backend \ + --env-file ~/pfplay.env \ + -p 8080:8080 \ + --restart unless-stopped \ + ghcr.io/pfplay/${{ env.IMAGE_NAME }}:latest && + docker image prune -f + " diff --git a/.github/workflows/config/release-draft-config.yml b/.github/workflows/config/release-draft-config.yml deleted file mode 100644 index d8a71cb0..00000000 --- a/.github/workflows/config/release-draft-config.yml +++ /dev/null @@ -1,25 +0,0 @@ -name-template: 'v$RESOLVED_VERSION' -tag-template: 'v$RESOLVED_VERSION' -categories: - - title: '🚀 Features' - label: 'enhancement' - - title: '🐛 Bugfixes' - label: 'bug' - - title: '📚 Docs' - label: 'documentation' -change-template: '- $TITLE #$NUMBER @$AUTHOR ' -template: | - $CHANGES - ### 모든 PR이 반영된 후에는 Pre-release에서 release로 변경 부탁드립니다. - -version-resolver: - major: - labels: - - 'major' - minor: - labels: - - 'minor' - patch: - labels: - - 'patch' - default: patch \ No newline at end of file diff --git a/.github/workflows/release-code-deploy.yml b/.github/workflows/release-code-deploy.yml deleted file mode 100644 index 7e45fb48..00000000 --- a/.github/workflows/release-code-deploy.yml +++ /dev/null @@ -1,111 +0,0 @@ -name: Release - Code Deploy with Github Actions - -on: - push: - tags: - - 'v*' - -env: - RESOURCE_DIR: src/main/resources - GCR_PACKAGE_NAME: prod-pfplay-backend-java -jobs: - deploy: - name: Build and dockerize & deploy - runs-on: ubuntu-latest - - defaults: - run: - working-directory: api - - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Set env - run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/v}" >> $GITHUB_ENV - - - name: Create directory for resources - run: mkdir -p $RESOURCE_DIR/key - - - name: Set application.yml - env: - PROPERTY_FILE: ${{ secrets.PROD_PROFILE }} - PROPERTY_FILE_NAME: application.yml - run: echo $PROPERTY_FILE | base64 --decode > $RESOURCE_DIR/$PROPERTY_FILE_NAME - - - name: Set JWT private key - env: - JWT_PRIVATE_KEY_FILE: ${{ secrets.JWT_PRIVATE_KEY }} - JWT_PRIVATE_KEY_FILE_NAME: private_key.pem - run: echo $JWT_PRIVATE_KEY_FILE | base64 --decode > $RESOURCE_DIR/key/$JWT_PRIVATE_KEY_FILE_NAME - - - name: Set JWT public key - env: - JWT_PUBLIC_KEY_FILE: ${{ secrets.JWT_PUBLIC_KEY }} - JWT_PUBLIC_KEY_FILE_NAME: public_key.pem - run: echo $JWT_PUBLIC_KEY_FILE | base64 --decode > $RESOURCE_DIR/key/$JWT_PUBLIC_KEY_FILE_NAME - - - name: Set up JDK - uses: actions/setup-java@v4 - with: - java-version: '17' - distribution: 'temurin' - - - name: Set up Git Actions cache - uses: actions/cache@v3 - with: - path: | - ~/.gradle/caches - ~/.gradle/wrapper - key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} - restore-keys: | - ${{ runner.os }}-gradle- - - - name: Grant execute permission for gradlew - run: chmod +x ./gradlew - - - name: Build with Gradle - run: ./gradlew build -x test - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - - name: Login to GitHub Container Registry - uses: docker/login-action@v1 - with: - registry: ghcr.io - username: JeekLee - password: ${{ secrets.PACKAGE_ACCESS_TOKEN }} - - - name: Build, tag and push image to Github Container Registry - uses: docker/build-push-action@v2 - with: - context: . - file: ./api/Dockerfile-deploy - push: true - tags: | - ghcr.io/pfplay/${{ env.GCR_PACKAGE_NAME }}:latest - ghcr.io/pfplay/${{ env.GCR_PACKAGE_NAME }}:${{ env.RELEASE_VERSION }} - cache-from: type=gha # Refer: https://docs.docker.com/build/ci/github-actions/cache/ - cache-to: type=gha,mode=max - - - name: Pull image from Github registry to GCP VM - uses: appleboy/ssh-action@master - env: - PACKAGE_ACCESS_TOKEN: ${{ secrets.PACKAGE_ACCESS_TOKEN }} - GCR_PACKAGE_NAME: ${{ env.GCR_PACKAGE_NAME }} - with: - host: ${{ secrets.GCP_VM_INSTANCE }} - username: gm - port: 22 - key: ${{ secrets.GCP_VM_SSH_SECRET}} - passphrase: ${{ secrets.GCP_VM_SSH_PASSPHRASE }} - envs: PACKAGE_ACCESS_TOKEN, GCR_PACKAGE_NAME - script: | - docker stop pfplay-api-server && docker rm pfplay-api-server - sudo docker rmi $(docker images | grep "prod-pfplay-backend-java") -f - echo $PACKAGE_ACCESS_TOKEN | docker login ghcr.io -u JeekLee --password-stdin - docker pull ghcr.io/pfplay/$GCR_PACKAGE_NAME:latest - docker run -d --name pfplay-api-server -p 8088:8080 --restart unless-stopped ghcr.io/pfplay/$GCR_PACKAGE_NAME:latest - docker network connect api_backend pfplay-api-server - diff --git a/.github/workflows/release-draft.yml b/.github/workflows/release-draft.yml deleted file mode 100644 index ebe930b6..00000000 --- a/.github/workflows/release-draft.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: Release - Release Draft with Github Actions - -on: - push: - branches: - - release - -jobs: - update_release_draft: - runs-on: ubuntu-latest - steps: - - uses: release-drafter/release-drafter@v5 - with: - config-name: workflows/config/release-draft-config.yml - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} \ No newline at end of file diff --git a/app/.gitignore b/app/.gitignore index 13ad77e0..9a14210d 100644 --- a/app/.gitignore +++ b/app/.gitignore @@ -36,7 +36,4 @@ out/ ### VS Code ### .vscode/ -/src/test/resources/key/** -api/src/main/resources/** - *.env diff --git a/app/Dockerfile b/app/Dockerfile index fd6e996e..2368bfc9 100644 --- a/app/Dockerfile +++ b/app/Dockerfile @@ -1,26 +1,4 @@ -#FROM eclipse-temurin:17-jdk-alpine as build -##FROM --platform=linux/amd64 eclipse-temurin:17-jdk-alpine as build -#WORKDIR /opt/pfplay -#COPY . /opt/pfplay -#RUN --mount=type=cache,target=/root/.gradle ./gradlew clean build -x test --no-daemon -##RUN ./gradlew clean build -x test --refresh-dependencies -#RUN mkdir -p build/dependency && (cd build/dependency; jar -xf ../libs/*-SNAPSHOT.jar) -# -#FROM eclipse-temurin:17-jre-alpine -#WORKDIR /opt/api -#ARG JAR_FILE=/opt/pfplay/build/libs/*.jar -#ENV JAR_NAME=pfplay-api-v1.jar -#COPY --from=build ${JAR_FILE} ${JAR_NAME} -#ENTRYPOINT ["sh", "-c", "java -jar ${JAR_NAME}"] -FROM eclipse-temurin:17-jdk-alpine as build - -ARG SPRING_PROFILES_ACTIVE -ENV SPRING_PROFILES_ACTIVE=${SPRING_PROFILES_ACTIVE} -RUN echo ${SPRING_PROFILES_ACTIVE} - -WORKDIR /opt/pfplay -COPY . . -RUN ./gradlew clean build -x test --refresh-dependencies -#ENTRYPOINT ["sh", "-c", "java -jar ./build/libs/*-SNAPSHOT.jar"] -ENTRYPOINT ["sh", "-c", "java -jar -Dspring.profiles.active=$SPRING_PROFILES_ACTIVE ./build/libs/*-SNAPSHOT.jar"] - +FROM eclipse-temurin:17-jre-alpine +WORKDIR /opt/api +COPY app/build/libs/*.jar app.jar +ENTRYPOINT ["java", "-jar", "app.jar"] diff --git a/app/Dockerfile-deploy b/app/Dockerfile-deploy deleted file mode 100644 index 10521318..00000000 --- a/app/Dockerfile-deploy +++ /dev/null @@ -1,5 +0,0 @@ -FROM eclipse-temurin:17-jdk - -COPY api/build/libs/*-SNAPSHOT.jar app.jar - -ENTRYPOINT ["java", "-jar", "-Dspring.profiles.active=dev", "app.jar"] \ No newline at end of file diff --git a/app/src/main/resources/application.yml b/app/src/main/resources/application.yml index df231751..e4e40262 100644 --- a/app/src/main/resources/application.yml +++ b/app/src/main/resources/application.yml @@ -36,8 +36,8 @@ spring: data: redis: - host: localhost - port: 6379 + host: ${REDIS_HOST:localhost} + port: ${REDIS_PORT:6379} repositories: enabled: false diff --git a/app/src/main/resources/key/private_key.pem b/app/src/main/resources/key/private_key.pem deleted file mode 100644 index 0c65211e..00000000 --- a/app/src/main/resources/key/private_key.pem +++ /dev/null @@ -1,28 +0,0 @@ ------BEGIN PRIVATE KEY----- -MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCcyqqVvy//SPG8 -O4q7HCt+6ANRqf3AVQViCXCaBEHJ0ONabNh7gnfdb2wpaREw/TIaooPyQqlHcb3f -xatevHHy2ru96R7vTvCeFEYU7/Zii+dgDLdOM1vqq4ZeiJqvPjdjQBCR+oHC21Ug -7RxzEYmua45/xRT4kbl+GWlIqnILj1aEpsUSfr/p4EecscGxlc9SdwQhT0OwKu/X -Q/4+Srh7EKVvVPuy4Sq939TtGU7s4sbMIKwuzOs1j4n6sKTss6IcxERYyZKqC5Ar -hUtVyXdLwvZhmnT+cuhIPOuknrpzNkMReC2qDxWCAZXhwv8GdUu2/0QtpCcFwW8g -7uTc0mUvAgMBAAECggEAAvFs7/WlmCmi2/vUIqdTNlpy4YAK3XwwZy2H2bmVuzeQ -D5z2bU8UIpRvrSal5iECj+xtWfP1YHwalSONOsXXxQ1lCRoMn2+rED86LN9vj7Gn -l1kgbGKGFFVsPBmyqZ0bMLeS+A0sjV9M7ZrLIL/QsUpJ46Jr6S83Ek5gzbaMAHqE -lxp9n6pWd8+U0Jhl90E2dvVc0RD2A5tRqbFZV5D22gj5WPRaEEcLdsEdXV8UrOUy -BgkjMwWd4TQjRx9tX9DlM51Sisrhx5KVaw68yvmYnPGYvckfnr3EVpvt/J7wFrnr -wKw7/j19FhOBnpIcaORCT3ko88aMBn2+wePDujcUdQKBgQDbP2GAm1oqv9Rt0r5O -sXUA4mL99VQafsZq/0WGcb1bxKBtVajOIxrY15bXsuHH1bMUD6j9cqtUyqhmLaHV -CjqLSKorjPAsww9uM3GyR5Qx9/JXnDBE/ROyga8a1nsngKmuWv2qG0uYVLnf+99e -ql+Q36o8uM3wneuPOxOkzD4nXQKBgQC3ExnmeZQquVBtyCwk7jG4lg7eTOhPm7uW -kIsRdxjpWuAHa1iEatBltgYYJRI7qJtoZU8E4/x/HOVOMxbTGCRRlKA4eST+T8rr -I7X7r679+Y8iNkTRc4Eu9/3kqx/I2KxSIqjZ9b5A0Ffm2vNXl8ZmpngTOkGZjub9 -xGHVRy0x+wKBgQCnds/4tbC3enK9t/zYir89/61xIVQuMKtJytXGDVZ/o76OBKG9 -Yh79hh6XfvDp/JaeOh/wBwhK6cia0zwLR5bUEJq6TRqedhdxKyYq8HWHfUXEGW7d -IxlKfbfMHgtPbv0sSh/7MIIbRov7Q52n5ya7t7uGSfozUcw9SPiGJeNLmQKBgBYb -fmMwh03pdubq5znGccaiiEUb8Gm8mpiB9+kyApYbXTZIJjZHV8cQhgfgYiVGJQ4k -PbiPd2w6Jw6caMMxBSG82uQ27Nqw9AYVF+K+wlj1C+3Ls9+/HPh5BfXZHEt6rsR0 -XwODA2h8QEEma4BGWbUHoTRhMo7CjO5UCqRgpfqFAoGAUMSpZHVlg69hSV4JPY4W -TidlxZZ2EkNSFR53mvdfYwBimZJfQOMPhB1zzW4k1gnqvRL3ZOy2SEIqkRtB1EDo -hsa8urDYeKX0Wn49nCI7YpN6l5TZi15z3so7Mi5R504R05TTnJeUG9qDiLxgoeYw -AeA0DNNt/boaEGAdi2KBajU= ------END PRIVATE KEY----- diff --git a/app/src/main/resources/key/public_key.pem b/app/src/main/resources/key/public_key.pem deleted file mode 100644 index 2120d910..00000000 --- a/app/src/main/resources/key/public_key.pem +++ /dev/null @@ -1,9 +0,0 @@ ------BEGIN PUBLIC KEY----- -MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAnMqqlb8v/0jxvDuKuxwr -fugDUan9wFUFYglwmgRBydDjWmzYe4J33W9sKWkRMP0yGqKD8kKpR3G938WrXrxx -8tq7veke707wnhRGFO/2YovnYAy3TjNb6quGXoiarz43Y0AQkfqBwttVIO0ccxGJ -rmuOf8UU+JG5fhlpSKpyC49WhKbFEn6/6eBHnLHBsZXPUncEIU9DsCrv10P+Pkq4 -exClb1T7suEqvd/U7RlO7OLGzCCsLszrNY+J+rCk7LOiHMREWMmSqguQK4VLVcl3 -S8L2YZp0/nLoSDzrpJ66czZDEXgtqg8VggGV4cL/BnVLtv9ELaQnBcFvIO7k3NJl -LwIDAQAB ------END PUBLIC KEY-----