Merge pull request #188 from PROJECT-NEXUS-JS/feat/#186 #254
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD with AWS ECR and EC2 | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| types: [ opened, synchronize, reopened ] | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout source code | |
| uses: actions/checkout@v3 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '21' | |
| distribution: 'temurin' | |
| - name: Grant execute permission for gradlew | |
| run: chmod +x ./gradlew | |
| - name: Build with Gradle | |
| run: ./gradlew build -x test | |
| deploy: | |
| needs: build | |
| if: github.ref == 'refs/heads/main' && github.event_name == 'push' | |
| runs-on: ubuntu-latest | |
| env: | |
| DB_HOST: ${{ secrets.DB_HOST }} | |
| DB_NAME: ${{ secrets.DB_NAME }} | |
| DB_USERNAME: ${{ secrets.DB_USERNAME }} | |
| DB_PASSWORD: ${{ secrets.DB_PASSWORD }} | |
| JWT_SECRET_KEY: ${{ secrets.JWT_SECRET_KEY }} | |
| JWT_ACCESS_EXPIRATION: ${{ secrets.JWT_ACCESS_EXPIRATION }} | |
| JWT_ACCESS_HEADER: ${{ secrets.JWT_ACCESS_HEADER }} | |
| JWT_REFRESH_EXPIRATION: ${{ secrets.JWT_REFRESH_EXPIRATION }} | |
| JWT_REFRESH_HEADER: ${{ secrets.JWT_REFRESH_HEADER }} | |
| steps: | |
| - name: Checkout source code | |
| uses: actions/checkout@v3 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Build, tag, and push image to Amazon ECR | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| ECR_REPOSITORY: ${{ secrets.ECR_REPOSITORY }} | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| - name: Deploy to EC2 instance | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ${{ secrets.EC2_USERNAME }} | |
| key: ${{ secrets.EC2_SSH_KEY }} | |
| script: | | |
| aws ecr get-login-password --region ${{ secrets.AWS_REGION }} \ | |
| | docker login --username AWS --password-stdin ${{ steps.login-ecr.outputs.registry }} | |
| docker network create betalab-network || true | |
| docker network connect betalab-network betalab-redis || true | |
| docker stop my-app || true | |
| docker rm my-app || true | |
| docker pull ${{ steps.login-ecr.outputs.registry }}/${{ secrets.ECR_REPOSITORY }}:${{ github.sha }} | |
| docker run -d --name my-app \ | |
| --network betalab-network \ | |
| -p 8080:8080 \ | |
| -v /etc/certs/keystore.p12:/etc/certs/keystore.p12 \ | |
| -e DB_HOST=${{ env.DB_HOST }} \ | |
| -e DB_NAME=${{ env.DB_NAME }} \ | |
| -e DB_USERNAME=${{ env.DB_USERNAME }} \ | |
| -e DB_PASSWORD=${{ env.DB_PASSWORD }} \ | |
| -e JWT_SECRET_KEY=${{ env.JWT_SECRET_KEY }} \ | |
| -e JWT_ACCESS_EXPIRATION=${{ env.JWT_ACCESS_EXPIRATION }} \ | |
| -e JWT_ACCESS_HEADER=${{ env.JWT_ACCESS_HEADER }} \ | |
| -e JWT_REFRESH_EXPIRATION=${{ env.JWT_REFRESH_EXPIRATION }} \ | |
| -e JWT_REFRESH_HEADER=${{ env.JWT_REFRESH_HEADER }} \ | |
| -e S3_REGION=${{ secrets.S3_REGION }} \ | |
| -e S3_BUCKETNAME=${{ secrets.S3_BUCKETNAME }} \ | |
| -e REDIS_HOST=betalab-redis \ | |
| -e REDIS_PORT=6379 \ | |
| ${{ steps.login-ecr.outputs.registry }}/${{ secrets.ECR_REPOSITORY }}:${{ github.sha }} |