Backend Prod CD #29
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Backend Prod CD | |
on: | |
workflow_dispatch: | |
push: | |
branches: [ 'main' ] | |
jobs: | |
detect-changes: | |
runs-on: ubuntu-latest | |
permissions: | |
pull-requests: read | |
outputs: | |
backend: ${{ steps.filter.outputs.backend }} | |
frontend: ${{ steps.filter.outputs.frontend }} | |
manual: ${{ steps.manual-check.outputs.manual }} | |
steps: | |
- id: manual-check | |
if: ${{ github.event_name == 'workflow_dispatch' }} | |
run: echo "manual=true" >> "$GITHUB_OUTPUT" | |
- uses: actions/checkout@v4 # Push 이벤트이기 때문에 checkout 해야 함 | |
with: | |
ref: main | |
submodules: recursive | |
token: ${{ secrets.PAT_TOKEN }} | |
- uses: dorny/paths-filter@v3 | |
if: ${{ github.event_name != 'workflow_dispatch' }} | |
id: filter | |
with: | |
base: 'main' # 해당 브랜치의 last commit과 변경점 비교 | |
filters: | | |
backend: | |
- 'backend/**' | |
frontend: | |
- 'frontend/**' | |
be-build: | |
needs: detect-changes | |
if: ${{ needs.detect-changes.outputs.backend == 'true' || needs.detect-changes.outputs.manual == 'true' }} | |
runs-on: ubuntu-latest | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./backend | |
permissions: | |
contents: read | |
packages: write | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: main | |
- name: Set up JDK 17 | |
uses: actions/setup-java@v4 | |
with: | |
java-version: '17' | |
distribution: 'temurin' | |
cache: gradle | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Setup Gradle | |
uses: gradle/actions/setup-gradle@v3 | |
- name: Grant gradlew execute permission | |
run: chmod +x ./gradlew | |
- name: Build with Gradle (clean) | |
run: ./gradlew clean bootJar | |
# DockerHub 로그인 | |
- name: Docker login | |
uses: docker/login-action@v3 | |
with: | |
username: ${{ secrets.DOCKERHUB_USERNAME }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} | |
# Docker 이미지 빌드 & 푸시 | |
- name: Build and push | |
uses: docker/build-push-action@v5 | |
with: | |
context: . | |
push: true | |
tags: ${{ secrets.DOCKERHUB_USERNAME }}/momo-api-prod | |
platforms: | | |
linux/amd64 | |
linux/arm64 | |
- name: Docker image build | |
run: docker build -t ${{ secrets.DOCKERHUB_USERNAME }}/momo-api-prod . | |
# Docker Hub 이미지 푸시 | |
- name: Docker Hub push | |
run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/momo-api-prod | |
be-depoly: | |
needs: be-build | |
runs-on: [ self-hosted, linux, prod ] | |
defaults: | |
run: | |
shell: bash | |
working-directory: ./ | |
steps: | |
- name: checkout security submodule | |
uses: actions/checkout@v4 | |
with: | |
repository: woowacourse-teams/2024-momo-config | |
token: ${{ secrets.PAT_TOKEN }} | |
- name: copy security config | |
run: mkdir -p $HOME/security; \cp -f *.yml ~/security | |
# 1. 최신 도커 이미지 pull | |
- name: docker pull | |
run: docker pull ${{ secrets.DOCKERHUB_USERNAME }}/momo-api-prod | |
# 2. 블루그린 배포 스크립트 실행 | |
- name: Launch Blue-Green Deployment | |
run: chmod +x $HOME/security/deploy.sh; $HOME/security/deploy.sh | |
# 3. 미사용 이미지 정리 | |
- name: delete old docker image | |
run: docker system prune -f |