Merge pull request #242 from ghkdqhrbals/feature/ecr-token-refresh-sc… #135
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deployment | |
| on: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| ECR_URL: ${{ secrets.ECR_URL }} | |
| jobs: | |
| pushNewTag: | |
| name: Push new tag | |
| runs-on: ubuntu-latest | |
| outputs: | |
| NEW_VERSION: ${{ steps.increment_version.outputs.NEW_VERSION }} | |
| ECR_URL: ${{ steps.increment_version.outputs.ECR_URL }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 # get all history so we can checkout any branch | |
| - name: Get latest tag | |
| id: latesttag | |
| run: | | |
| LATEST_TAG=$(git describe --tags --abbrev=0) | |
| echo "LATEST_TAG=$LATEST_TAG" >> $GITHUB_ENV | |
| # Increment version number(ex) 5.0.1 -> 5.0.2) | |
| # PR title contains "[patch]" -> 5.0.1 -> 5.0.2 | |
| # PR title contains "[minor]" -> 5.0.1 -> 5.1.0 | |
| # PR title contains "[major]" -> 5.0.1 -> 6.0.0 | |
| - name: Increment version based on commit message with commit hash | |
| id: increment_version | |
| run: | | |
| current_version=${LATEST_TAG#"v"} | |
| echo "CURRENT_VERSION=$current_version" >> $GITHUB_ENV | |
| IFS='.' read -ra version_parts <<< "$current_version" | |
| major=${version_parts[0]} | |
| minor=${version_parts[1]} | |
| patch=${version_parts[2]} | |
| patch=$(echo $patch | cut -d'-' -f1) | |
| pr_title="${{ github.event.pull_request.title }}" | |
| short_commit_hash=$(git rev-parse --short HEAD) | |
| if [[ $pr_title == *"[major]"* ]]; then | |
| major=$(( major + 1 )) | |
| minor=0 | |
| patch=0 | |
| elif [[ $pr_title == *"[minor]"* ]]; then | |
| minor=$(( minor + 1 )) | |
| patch=0 | |
| else | |
| patch=$(( patch + 1 )) | |
| fi | |
| new_version="$major.$minor.$patch-$short_commit_hash" | |
| echo "Output new_version: [$new_version]" | |
| echo "Output ecr_url: [${{ secrets.ECR_URL }}]" | |
| echo "NEW_VERSION=$new_version" >> $GITHUB_OUTPUT | |
| echo "ECR_URL=${{ secrets.ECR_URL }}" >> $GITHUB_OUTPUT | |
| - name: Create and push new tag to Github | |
| run: | | |
| git config --global user.name 'GitHub Actions' | |
| git config --global user.email 'actions@github.com' | |
| git tag v${{ steps.increment_version.outputs.NEW_VERSION }} | |
| git push origin v${{ steps.increment_version.outputs.NEW_VERSION }} | |
| pushImageToEcr: | |
| needs: pushNewTag | |
| name: Push image to AWS-ECR | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v2 | |
| - name: Set up Corretto openJDK 17 | |
| uses: actions/setup-java@v3 # check specific version in https://github.com/actions/setup-java | |
| with: | |
| distribution: 'corretto' # using Amazon openJDK | |
| java-version: '17' | |
| - name: Gradle caching | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| - name: Grant execute permission for gradlew | |
| run: | | |
| chmod +x ./gradlew | |
| - name: Build project and create Dockerfiles | |
| run: ./gradlew build --daemon --parallel -Pversion=${{ needs.pushNewTag.outputs.NEW_VERSION }} | |
| - name: Build docker images | |
| run: docker-compose -f docker-compose-prod.yaml build | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ap-northeast-2 | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Grant execute permission for push_to_ecr.sh | |
| run: chmod +x ./push_to_ecr.sh | |
| - name: Tag Push images to ECR | |
| env: | |
| ECR_URL: ${{ env.ECR_URL }} | |
| run: ./push_to_ecr.sh ${ECR_URL} ${{ needs.pushNewTag.outputs.NEW_VERSION }} | |
| DeployToEC2KubernetesCluster: | |
| name: Deploy to EC2 Kubernetes Cluster | |
| needs: [pushImageToEcr,pushNewTag] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| name: Code checkout | |
| - name: Deploy to EC2 Kubernetes Cluster | |
| uses: appleboy/ssh-action@v1.0.0 | |
| env: | |
| ECR_URL: ${{ secrets.ECR_URL }} | |
| NEW_VERSION: ${{ needs.pushNewTag.outputs.NEW_VERSION }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| with: | |
| host: ${{ secrets.EC2_URL }} | |
| username: root | |
| key: ${{ secrets.EC2_SSH_PRIVATE_KEY }} | |
| envs: ECR_URL,NEW_VERSION | |
| script_stop: true | |
| script: | | |
| echo "connect to ECR: $ECR_URL" | |
| echo "new version will be deployed $NEW_VERSION" | |
| if [ ! -d "spring-chatting-server" ]; then | |
| git clone https://github.com/ghkdqhrbals/spring-chatting-server.git spring-chatting-server | |
| fi | |
| cd spring-chatting-server | |
| git checkout main | |
| git reset --hard | |
| git pull | |
| cd k8s/onlychat/deployment | |
| sh write_image_to_deploy.sh $ECR_URL ap-northeast-2 $NEW_VERSION | |
| cd .. | |
| kubectl apply -f redis.yaml | |
| kubectl apply -f ./volume/ | |
| kubectl apply -f ./namespace/ | |
| kubectl apply -f ./service/ | |
| kubectl apply -f ./deployment/ | |
| pushSlack: | |
| needs: [pushImageToEcr, pushNewTag, DeployToEC2KubernetesCluster] | |
| if: always() | |
| name: Slack Alert | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: 8398a7/action-slack@v3 | |
| with: | |
| status: ${{ job.status }} | |
| fields: job,took,author | |
| env: | |
| SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} |