diff --git a/.github/workflows/deploy-prod.yml b/.github/workflows/deploy-prod.yml index f23aacfb..af81801b 100644 --- a/.github/workflows/deploy-prod.yml +++ b/.github/workflows/deploy-prod.yml @@ -1,60 +1,67 @@ -name: deploy - -on: - push: - branches: [ main ] - -jobs: - build: - runs-on: ubuntu-22.04 - - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Set up JDK 17 - uses: actions/setup-java@v3 - with: - java-version: 17 - distribution: 'temurin' - cache: gradle - - - name: Create application-secret.yml - run: | - pwd - touch src/main/resources/application-secret.yml - echo "${{ secrets.APPLICATION_SECRET_YML }}" >> src/main/resources/application-secret.yml - cat src/main/resources/application-secret.yml - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1-node16 - with: - aws-access-key-id: ${{ secrets.ACCESS_KEY_ID_PROD }} - aws-secret-access-key: ${{ secrets.ACCESS_KEY_SECRET_PROD }} - aws-region: ap-northeast-2 - - - name: Grant execute permission for gradlew - run: chmod +x ./gradlew - shell: bash - - - name: Build with Gradle - run: ./gradlew build - shell: bash - - - name: Make zip file - run: zip -qq -r ./$GITHUB_SHA.zip . - shell: bash - - - name: Upload to AWS S3 - run: | - aws deploy push \ - --application-name softie-code-deploy \ - --ignore-hidden-files \ - --s3-location s3://${{ secrets.AWS_BUCKET_NAME_PROD }}/$GITHUB_SHA.zip \ - --source . - - - name: Code Deploy - run: aws deploy create-deployment --application-name softie-code-deploy - --deployment-config-name CodeDeployDefault.AllAtOnce - --deployment-group-name prod-group - --s3-location bucket=${{ secrets.AWS_BUCKET_NAME_PROD }},bundleType=zip,key=$GITHUB_SHA.zip \ No newline at end of file +name: deploy-prod + +on: + push: + branches: [ main ] + +jobs: + build: + runs-on: ubuntu-22.04 + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: 'temurin' + cache: gradle + + - name: Create application-secret.yml + run: | + pwd + touch src/main/resources/application-secret.yml + echo "${{ secrets.APPLICATION_SECRET_YML }}" >> src/main/resources/application-secret.yml + cat src/main/resources/application-secret.yml + + - name: build + run: | + chmod +x gradlew + ./gradlew build -x test + working-directory: ${{ env.working-directory }} + shell: bash + + + - name: docker build 환경 설정 + uses: docker/setup-buildx-action@v2.9.1 + + - name: docker hub 로그인 + uses: docker/login-action@v2.2.0 + with: + username: ${{ secrets.DOCKER_LOGIN_USERNAME_PROD }} + password: ${{ secrets.DOCKER_LOGIN_ACCESSTOKEN_PROD }} + + - name: docker image 빌드 및 푸시 + uses: docker/build-push-action@v4 + with: + context: . + file: ./Dockerfile-prod + push: true + tags: ${{ secrets.DOCKER_LOGIN_USERNAME_PROD }}/prod + + cd: + needs: build + runs-on: ubuntu-22.04 + + steps: + - name: docker 컨테이너 실행 + uses: appleboy/ssh-action@master + with: + host: ${{ secrets.SERVER_IP_PROD }} + username: ${{ secrets.SERVER_USER_PROD }} + key: ${{ secrets.SERVER_KEY_PROD }} + script: | + cd ~ + ./deploy.sh diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 48a06f7a..212c74ba 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -6,7 +6,7 @@ on: - published jobs: - build: + ci: runs-on: ubuntu-22.04 steps: @@ -27,35 +27,42 @@ jobs: echo "${{ secrets.APPLICATION_SECRET_YML }}" >> src/main/resources/application-secret.yml cat src/main/resources/application-secret.yml - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1-node16 - with: - aws-access-key-id: ${{ secrets.ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.ACCESS_KEY_SECRET }} - aws-region: ap-northeast-2 - - - name: Grant execute permission for gradlew - run: chmod +x ./gradlew + - name: build + run: | + chmod +x gradlew + ./gradlew build -x test + working-directory: ${{ env.working-directory }} shell: bash - - name: Build with Gradle - run: ./gradlew build - shell: bash - - name: Make zip file - run: zip -qq -r ./$GITHUB_SHA.zip . - shell: bash + - name: docker build 환경 설정 + uses: docker/setup-buildx-action@v2.9.1 - - name: Upload to AWS S3 - run: | - aws deploy push \ - --application-name sopetit-codedeploy \ - --ignore-hidden-files \ - --s3-location s3://${{ secrets.AWS_BUCKET_NAME }}/$GITHUB_SHA.zip \ - --source . - - - name: Code Deploy - run: aws deploy create-deployment --application-name sopetit-codedeploy - --deployment-config-name CodeDeployDefault.AllAtOnce - --deployment-group-name sopetit-group - --s3-location bucket=${{ secrets.AWS_BUCKET_NAME }},bundleType=zip,key=$GITHUB_SHA.zip + - name: docker hub 로그인 + uses: docker/login-action@v2.2.0 + with: + username: ${{ secrets.DOCKER_LOGIN_USERNAME }} + password: ${{ secrets.DOCKER_LOGIN_ACCESSTOKEN }} + + - name: docker image 빌드 및 푸시 + uses: docker/build-push-action@v4 + with: + context: . + file: ./Dockerfile-dev + push: true + tags: ${{ secrets.DOCKER_LOGIN_USERNAME }}/dev + + cd: + needs: ci + runs-on: ubuntu-22.04 + + steps: + - name: docker 컨테이너 실행 + uses: appleboy/ssh-action@master + with: + host: ${{ secrets.SERVER_IP }} + username: ${{ secrets.SERVER_USER }} + key: ${{ secrets.SERVER_KEY }} + script: | + cd ~ + ./deploy.sh diff --git a/Dockerfile-dev b/Dockerfile-dev new file mode 100644 index 00000000..8171df94 --- /dev/null +++ b/Dockerfile-dev @@ -0,0 +1,4 @@ +FROM amd64/amazoncorretto:17 +WORKDIR /app +COPY ./build/libs/server-0.0.1-SNAPSHOT.jar /app/Sofite.jar +CMD ["java", "-Duser.timezone=Asia/Seoul" ,"-jar", "-Dspring.profiles.active=dev","Sofite.jar"] \ No newline at end of file diff --git a/Dockerfile-prod b/Dockerfile-prod new file mode 100644 index 00000000..4907386c --- /dev/null +++ b/Dockerfile-prod @@ -0,0 +1,4 @@ +FROM amd64/amazoncorretto:17 +WORKDIR /app +COPY ./build/libs/server-0.0.1-SNAPSHOT.jar /app/Sofite.jar +CMD ["java", "-Duser.timezone=Asia/Seoul" ,"-jar", "-Dspring.profiles.active=prod","Sofite.jar"] \ No newline at end of file diff --git a/build.gradle b/build.gradle index 37e92ea1..89976477 100644 --- a/build.gradle +++ b/build.gradle @@ -35,6 +35,7 @@ dependencies { implementation 'org.springframework.boot:spring-boot-starter-data-jpa' implementation 'org.springframework.boot:spring-boot-starter-security' implementation 'org.springframework.boot:spring-boot-starter-web' + implementation 'org.springframework.boot:spring-boot-starter-actuator' implementation 'org.springframework.boot:spring-boot-starter-validation' compileOnly 'org.projectlombok:lombok' runtimeOnly 'com.h2database:h2' diff --git a/src/main/java/com/soptie/server/config/SecurityConfig.java b/src/main/java/com/soptie/server/config/SecurityConfig.java index 8fa214b6..f7355797 100644 --- a/src/main/java/com/soptie/server/config/SecurityConfig.java +++ b/src/main/java/com/soptie/server/config/SecurityConfig.java @@ -69,6 +69,7 @@ private void authorizeHttpRequests(HttpSecurity http) throws Exception { .requestMatchers(new AntPathRequestMatcher("/api/v1/versions/client/app")).permitAll() .requestMatchers(new AntPathRequestMatcher("/api/v2/routines/daily", "GET")).permitAll() .requestMatchers(new AntPathRequestMatcher("/error")).permitAll() + .requestMatchers(new AntPathRequestMatcher("/actuator/health")).permitAll() .anyRequest().authenticated() ); }