chore: update security submodule #39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Checkit Backend CD # workflow 이름 | |
on: # Event | |
pull_request: | |
types: | |
- closed | |
branches: [ main, develop ] | |
push: | |
branches: [ main, develop ] | |
workflow_dispatch: | |
jobs: # Job | |
cd: # Job 이름 | |
if: github.event.pull_request.merged == true || github.event_name == 'push' # Job 실행 조건 | |
runs-on: ubuntu-latest # Runner | |
steps: # Step | |
- name: Checkout | |
uses: actions/checkout@v2 | |
- name: JDK 11 설치 | |
uses: actions/setup-java@v3 | |
with: | |
java-version: '11' | |
distribution: 'temurin' | |
# 이미지 빌드를 위해 gradle.properties 생성 | |
- name: Setting gradle.properties | |
run: | | |
echo "${{ secrets.GRADLE_PROPERTIES }}" > gradle.properties | |
cat gradle.properties | |
# secrets에 base64로 인코딩 되어 있는 application을 디코딩하여 yml파일 생성 | |
- name : Setting application.yml | |
run: | | |
echo "${{ secrets.APPLICATION_YML }}" | base64 --decode > ./src/main/resources/security/application.yml | |
# 도커 허브 사용을 위해 도커에 로그인 | |
- name: Login to DockerHub | |
uses: docker/login-action@v1 | |
with: | |
username: ${{ secrets.DOCKER_ID }} | |
password: ${{ secrets.DOCKERHUB_TOKEN }} # 도커 홈페이지에서 발급받은 토큰 사용 | |
# jib로 이미지 빌드 및 푸시 | |
- name: Build and Push backend docker image using jib | |
run: | | |
./gradlew jib | |
# ssh를 통해 서버 접속, 접속한 후에 실행할 스크립트 작성 | |
- name: Connect to server using SSH | |
uses: appleboy/ssh-action@master | |
with: | |
host: ${{secrets.NCP_HOST}} | |
username: ${{secrets.SSH_USERNAME}} | |
key: ${{secrets.SSH_KEY_PEM}} | |
envs: GITHUB_SHA | |
script: | | |
cd backend | |
git pull | |
cat << 'EOF' > ./elk/logstash/pipeline/logstash.conf | |
${{ secrets.LOGSTASH_CONF }} | |
EOF | |
sudo docker-compose -f docker-compose.yml down | |
sudo docker rmi ${{ secrets.DOCKER_IMAGE_NAME }}:latest || true | |
sudo docker-compose -f docker-compose.yml pull | |
sudo docker-compose -f docker-compose.yml up -d |