diff --git a/.github/workflows/DeployOnPRD.yml b/.github/workflows/DeployOnPRD.yml new file mode 100644 index 0000000..cd9d0ab --- /dev/null +++ b/.github/workflows/DeployOnPRD.yml @@ -0,0 +1,86 @@ +name: Deploy on STG Server (Amazon ECS) + +on: + pull_request: + types: [closed] + branches: [release] + +env: + AWS_REGION: ap-northeast-2 + ECR_REPOSITORY: community-prd + ECS_SERVICE: community-service + ECS_CLUSTER: gloddy-ecs-prd + ECS_TASK_DEFINITION: task-definition-prd.json + + CONTAINER_NAME: springboot + +permissions: + contents: read + +jobs: + deploy: + name: Deploy + runs-on: ubuntu-latest + environment: production + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + java-version: '17' + distribution: 'temurin' + + - uses: actions/cache@v3 + with: + path: | + ~/.gradle/caches + ~/.gradle/wrapper + key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} + restore-keys: | + ${{ runner.os }}-gradle- + + - name: Grant execute permission for gradlew + run: chmod +x ./gradlew + + - name: Build with Gradle + run: ./gradlew clean :bootstrap:bootJar + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ECS_ACCESS }} + aws-secret-access-key: ${{ secrets.AWS_ECS_SECRET }} + aws-region: ${{ env.AWS_REGION }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v1 + + - name: Build, tag, and push image to Amazon ECR + id: build-image + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + IMAGE_TAG: latest + run: | + docker build -f Dockerfile_PRD -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . + docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG + echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT + + - name: Fill in the new image ID in the Amazon ECS task definition + id: task-def + uses: aws-actions/amazon-ecs-render-task-definition@v1 + with: + task-definition: ${{ env.ECS_TASK_DEFINITION }} + container-name: ${{ env.CONTAINER_NAME }} + image: ${{ steps.build-image.outputs.image }} + + - name: Deploy Amazon ECS task definition + uses: aws-actions/amazon-ecs-deploy-task-definition@v1 + with: + task-definition: ${{ steps.task-def.outputs.task-definition }} + service: ${{ env.ECS_SERVICE }} + cluster: ${{ env.ECS_CLUSTER }} + wait-for-service-stability: true diff --git a/Dockerfile_PRD b/Dockerfile_PRD new file mode 100644 index 0000000..b4ae7c9 --- /dev/null +++ b/Dockerfile_PRD @@ -0,0 +1,17 @@ +FROM openjdk:17.0-slim + +ARG PROJECT_DIRECTORY=/build +WORKDIR $PROJECT_DIRECTORY + +ARG JAR_FILE_PATH=bootstrap/build/libs/bootstrap-0.0.1-SNAPSHOT.jar +COPY ${JAR_FILE_PATH} app.jar + +ENV TZ=Asia/Seoul + +EXPOSE 8080 + +RUN apt-get update && apt-get install -y curl wget \ + && wget -O dd-java-agent.jar 'https://dtdg.co/latest-java-tracer' \ + && rm -rf /var/lib/apt/lists/* + +ENTRYPOINT ["java", "-javaagent:dd-java-agent.jar", "-Ddd.profiling.enabled=true", "-XX:FlightRecorderOptions=stackdepth=256", "-Ddd.appsec.enabled=true", "-Ddd.iast.enabled=true", "-Ddd.logs.injection=true", "-Ddd.jmxfetch.enabled=true", "-Ddd.service=gloddy-community", "-Ddd.env=production", "-jar", "app.jar"] diff --git a/task-definition-prd.json b/task-definition-prd.json new file mode 100644 index 0000000..a283a85 --- /dev/null +++ b/task-definition-prd.json @@ -0,0 +1,146 @@ +{ + "taskDefinitionArn": "arn:aws:ecs:ap-northeast-2:750773866215:task-definition/community-prd:1", + "containerDefinitions": [ + { + "name": "springboot", + "image": "750773866215.dkr.ecr.ap-northeast-2.amazonaws.com/community-prd:latest", + "cpu": 389, + "memory": 614, + "portMappings": [ + { + "name": "springboot-8080-tcp", + "containerPort": 8080, + "hostPort": 8080, + "protocol": "tcp", + "appProtocol": "http" + } + ], + "essential": true, + "environment": [], + "environmentFiles": [ + { + "value": "arn:aws:s3:::gloddy-env/env/gloddy-community-prd.env", + "type": "s3" + } + ], + "mountPoints": [], + "volumesFrom": [], + "ulimits": [], + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-create-group": "true", + "awslogs-group": "/ecs/community-prd", + "awslogs-region": "ap-northeast-2", + "awslogs-stream-prefix": "ecs" + }, + "secretOptions": [] + } + }, + { + "name": "community-datadog-agent-prd", + "image": "public.ecr.aws/datadog/agent:latest", + "cpu": 102, + "memory": 200, + "portMappings": [ + { + "name": "datadog-agent-8126-tcp", + "containerPort": 8126, + "hostPort": 8126, + "protocol": "tcp", + "appProtocol": "http" + }, + { + "containerPort": 8125, + "hostPort": 8125, + "protocol": "udp" + } + ], + "essential": false, + "environment": [ + { + "name": "DD_SITE", + "value": "us5.datadoghq.com" + }, + { + "name": "DD_APM_ENABLED", + "value": "true" + }, + { + "name": "DD_DOGSTATSD_NON_LOCAL_TRAFFIC", + "value": "true" + } + ], + "environmentFiles": [ + { + "value": "arn:aws:s3:::gloddy-env/env/datadog.env", + "type": "s3" + } + ], + "mountPoints": [], + "volumesFrom": [], + "logConfiguration": { + "logDriver": "awslogs", + "options": { + "awslogs-create-group": "true", + "awslogs-group": "/ecs/community-prd", + "awslogs-region": "ap-northeast-2", + "awslogs-stream-prefix": "ecs" + }, + "secretOptions": [] + } + } + ], + "family": "community-prd", + "executionRoleArn": "arn:aws:iam::750773866215:role/ecsTaskExecutionRole", + "networkMode": "awsvpc", + "revision": 1, + "volumes": [], + "status": "ACTIVE", + "requiresAttributes": [ + { + "name": "com.amazonaws.ecs.capability.logging-driver.awslogs" + }, + { + "name": "ecs.capability.execution-role-awslogs" + }, + { + "name": "com.amazonaws.ecs.capability.ecr-auth" + }, + { + "name": "com.amazonaws.ecs.capability.docker-remote-api.1.19" + }, + { + "name": "ecs.capability.env-files.s3" + }, + { + "name": "ecs.capability.execution-role-ecr-pull" + }, + { + "name": "com.amazonaws.ecs.capability.docker-remote-api.1.18" + }, + { + "name": "ecs.capability.task-eni" + }, + { + "name": "com.amazonaws.ecs.capability.docker-remote-api.1.29" + } + ], + "placementConstraints": [], + "compatibilities": [ + "EC2", + "FARGATE" + ], + "requiresCompatibilities": [ + "FARGATE" + ], + "cpu": "512", + "memory": "1024", + "runtimePlatform": { + "cpuArchitecture": "X86_64", + "operatingSystemFamily": "LINUX" + }, + "registeredAt": "2024-02-21T07:18:28.517Z", + "registeredBy": "arn:aws:iam::750773866215:root", + "tags": [] +} \ No newline at end of file