.github/workflows/animation-application-prod-ci-cd-flow.yml

name: animation-prod-application-ci/cd

on:
  push:
    branches:
      - prod_back_animation
      - build/cicd-prod-B-#580
      - 'hotfix/[0-9a-zA-z]+-B-animation-#[0-9a-zA-z]+'
  pull_request:
    branches:
      - prod_back_animation

jobs:
  deploy-animation:
    name: animation application deploy
    if: ${{ github.event_name == 'push' }}
    runs-on: ubuntu-latest

    defaults:
      run:
        working-directory: ./backend/AnimatedDrawings

    permissions:
      id-token: write
      contents: read

    steps:
      - name: Checkout
        uses: actions/checkout@v4
        with:
          submodules: true
          token: ${{ secrets.CI_PAT }}

      - name: move yaml files
        run: |
          mkdir -p ./config/yaml
          cp -r ../core/src/main/resources/config ./application/config/yaml

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
          aws-region: ${{ secrets.AWS_REGION }}

      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v2

      - name: Extract metadata (tags, labels) for Docker
        id: meta
        uses: docker/metadata-action@v5
        with:
          images: |
            ${{ steps.login-ecr.outputs.registry }}/${{ secrets.AWS_PROD_ECR_ANIMATION_REPOSITORY_NAME }}
          tags: |
            type=raw,value={{date 'YYYYMMDD-HHmmss'}}

      - name: Build and push
        uses: docker/build-push-action@v5
        with:
          context: ./backend/AnimatedDrawings
          push: true
          tags: ${{ steps.meta.outputs.tags }}
          provenance: false

      - name: Get Github action IP
        id: ip
        uses: haythem/public-ip@v1.3

      - name: Add Github Actions IP to Security group
        run: |
          aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_PROD_ANIMATION_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32

      - name: Connect ec2 and Run Docker Container
        uses: appleboy/ssh-action@v0.1.6
        env:
          AWS_ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
        with:
          host: ${{ secrets.SSH_PROD_ANIMATION_HOST }}
          username: ${{ secrets.SSH_PROD_ANIMATION_USERNAME }}
          key: ${{ secrets.SSH_PROD_ANIMATION_CORE_PRIVATE_KEY }}
          port: ${{ secrets.SSH_PROD_ANIMATION_PORT }}
          script: |
            docker ps -q --filter "name=animated_drawings" | xargs -r docker stop
            docker ps -aq --filter "name=animated_drawings" | xargs -r docker rm
            aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | docker login --username ${{ secrets.AWS_PROD_ANIMATION_DOCKER_USER }} --password-stdin ${{ secrets.AWS_PROD_ANIMATION_USER_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
            docker image prune -f
            docker pull ${{ steps.meta.outputs.tags }}
            docker run -d -p 5555:5555 -p 9001:9001 --name animated_drawings -e ENVIRONMENT='dev' ${{ steps.meta.outputs.tags }}

      - name: Remove Github Actions IP from security group
        if: always()
        run: |
          aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_PROD_ANIMATION_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32

      - uses: sarisia/actions-status-discord@v1
        if: success()
        with:
          webhook: ${{ secrets.DISCORD_WEBHOOK }}
          status: ${{ job.status }}
          content: "여러분 <@384742716933668867> <@1084774841460215839> <@545902166842408960> <@1081452554149449748>\n 배포 완료했습니다!!"
          title: "애니메이션 서버 배포 완료 알림"
          description: "백엔드 애니메이션 개발 브랜치에 깃허브 액션으로 배포 완료"
          image: ${{ secrets.EMBED_IMAGE }}
          color: 0x0000ff
          url: "https://github.com/tukcomCD2024/DroidBlossom/actions"
          username: GitHub Actions Bot
          avatar_url: ${{ secrets.AVATAR_URL }}