diff --git a/.github/workflows/CD.yml b/.github/workflows/CD.yml index 1269951..d165544 100644 --- a/.github/workflows/CD.yml +++ b/.github/workflows/CD.yml @@ -4,6 +4,12 @@ on: push: branches: - master + - ci/#4 #for testing !! + +permissions: + contents: read + actions: read + id-token: write jobs: deploy: @@ -15,59 +21,56 @@ jobs: with: token: ${{ secrets.GIT_TOKEN }} submodules: true - - name: Setup Java 17 uses: actions/setup-java@v3 with: java-version: '17' distribution: 'adopt' - - name: Update Git submodules run: git submodule update --remote --recursive - + - name: Configure AWS Credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: arn:aws:iam::125183404358:role/VacgomGithubActionAssumeRole + aws-region: ap-northeast-2 + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + - name: Invoke Gradle + uses: gradle/gradle-build-action@v2 - name: Grant execute permission for gradlew run: chmod +x gradlew - - - name: Build with Gradle - run: ./gradlew clean build --debug - + - name: Build, tag, and push image to Amazon ECR + env: + PROFILE: dev + IMAGE_REPO_URL: ${{ steps.login-ecr.outputs.registry }}/vacgom + IMAGE_TAG: ${{ github.sha }} + run: ./gradlew jib --parallel + - name: Download Task Definition + run: | + aws ecs describe-task-definition \ + --task-definition vacgom-taskdef \ + --query taskDefinition \ + > task-definition.json + - name: Update Task Definition + id: task-def + uses: aws-actions/amazon-ecs-render-task-definition@v1 + with: + task-definition: task-definition.json + container-name: backend + image: ${{ steps.login-ecr.outputs.registry }}/vacgom:${{ github.sha }} + - name: Deploy Amazon ECS task definition + uses: aws-actions/amazon-ecs-deploy-task-definition@v1 + with: + task-definition: ${{ steps.task-def.outputs.task-definition }} + service: vacgom-best-service + cluster: vacgom-cluster + wait-for-service-stability: true - name: Get current time uses: 1466587594/get-current-time@v2 id: current-time with: format: YYYY-MM-DDTHH-mm-ss utcOffset: "+09:00" - - name: Show Current Time run: echo "CurrentTime=${{steps.current-time.outputs.formattedTime}}" - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: ap-northeast-2 - - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v1 - - - name: Build, tag, and push image to Amazon ECR - run: | - docker build -t vacgom:${{steps.current-time.outputs.formattedTime}} . - docker tag vacgom:${{steps.current-time.outputs.formattedTime}} ${{ secrets.ECR_URI }}:${{steps.current-time.outputs.formattedTime}} - docker push ${{ secrets.ECR_URI }}:${{steps.current-time.outputs.formattedTime}} - - - name: SSH into EC2 instance - uses: appleboy/ssh-action@master - with: - host: ${{ secrets.EC2_HOST }} - username: ${{ secrets.EC2_USERNAME }} - key: ${{ secrets.EC2_PRIVATE_KEY }} - port: ${{ secrets.EC2_SSH_PORT }} - script: | - aws ecr get-login-password | docker login --username AWS --password-stdin ${{ secrets.ECR_URI }} - docker pull ${{ secrets.ECR_URI }}:${{ steps.current-time.outputs.formattedTime }} - docker ps -f name=vacgom-api -q | xargs --no-run-if-empty docker container stop - docker ps -a -f name=vacgom-api -q | xargs --no-run-if-empty docker container rm - docker run -d --name vacgom-api -p 80:8080 ${{ secrets.ECR_URI }}:${{ steps.current-time.outputs.formattedTime }}