Merge pull request #350 from Clokey-dev/develop #63
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Clokey-Prod CD | |
| on: | |
| push: | |
| branches: [ main ] | |
| jobs: | |
| dev-cd: | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| clean: true | |
| - name: Setup Java 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'corretto' | |
| java-version: '21' | |
| - name: Gradle Cache | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
| restore-keys: ${{ runner.os }}-gradle- | |
| - name: Grant gradlew permission | |
| run: chmod +x ./gradlew | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| install: true | |
| - name: Create buildx builder | |
| run: | | |
| docker buildx create --use --name mybuilder | |
| docker buildx inspect --bootstrap | |
| - name: Log in to DockerHub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build & Push App Image | |
| run: | | |
| docker buildx build \ | |
| --platform linux/amd64 \ | |
| --push \ | |
| --file clokey-api/Dockerfile \ | |
| --tag ${{ secrets.DOCKERHUB_USERNAME }}/clokey-docker-2025:prod-app \ | |
| . | |
| - name: Copy prod-docker-compose.yml | |
| uses: appleboy/scp-action@v0.1.3 | |
| with: | |
| username: ubuntu | |
| host: ${{ secrets.PROD_EC2_HOST }} | |
| key: ${{ secrets.PROD_EC2_SSH_KEY }} | |
| source: ./clokey-api/prod-compose.yml | |
| target: /home/ubuntu/ | |
| - name: Deploy App | |
| uses: appleboy/ssh-action@master | |
| with: | |
| username: ubuntu | |
| host: ${{ secrets.PROD_EC2_HOST }} | |
| key: ${{ secrets.PROD_EC2_SSH_KEY }} | |
| envs: DOCKERHUB_USERNAME,SPRING_PROFILES_ACTIVE,PROD_MYSQL_HOST,MYSQL_PORT,DB_NAME,DB_USERNAME,DB_PASSWORD,REDIS_HOST,REDIS_PORT,REDIS_PASSWORD,PROD_KAKAO_CLIENT_ID,PROD_KAKAO_CLIENT_SECRET,PROD_APPLE_CLIENT_ID,PROD_APPLE_CLIENT_SECRET,JWT_ACCESS_TOKEN_SECRET,JWT_REFRESH_TOKEN_SECRET,JWT_ACCESS_TOKEN_EXPIRATION_TIME,JWT_REFRESH_TOKEN_EXPIRATION_TIME,JWT_ISSUER,PROD_AWS_ACCESS_KEY_ID,PROD_AWS_SECRET_ACCESS_KEY,AWS_REGION,PROD_S3_BUCKET,PROD_S3_ENDPOINT,SWAGGER_USERNAME,SWAGGER_PASSWORD,FIREBASE_SA_JSON_B64,AI_SERVER_IP,CLOTH_INFERENCE_PATH,STYLE_INFERENCE_PATH,CLOTH_DETECT_PATH,MEILISEARCH_ENDPOINT,MEILISEARCH_KEY | |
| script: | | |
| export DOCKERHUB_NAME=${{ secrets.DOCKERHUB_USERNAME }} | |
| export DOCKER_TAG=prod-app | |
| export PROD_MYSQL_HOST=${{ secrets.PROD_MYSQL_HOST }} | |
| export MYSQL_PORT=${{ secrets.MYSQL_PORT }} | |
| export DB_NAME=${{ secrets.DB_NAME }} | |
| export DB_USERNAME=${{ secrets.DB_USERNAME }} | |
| export DB_PASSWORD=${{ secrets.DB_PASSWORD }} | |
| export REDIS_HOST=${{ secrets.REDIS_HOST }} | |
| export REDIS_PORT=${{ secrets.REDIS_PORT }} | |
| export REDIS_PASSWORD=${{ secrets.REDIS_PASSWORD }} | |
| export KAKAO_CLIENT_ID=${{ secrets.KAKAO_CLIENT_ID }} | |
| export KAKAO_CLIENT_SECRET=${{ secrets.KAKAO_CLIENT_SECRET }} | |
| export APPLE_CLIENT_ID=${{ secrets.APPLE_CLIENT_ID }} | |
| export APPLE_CLIENT_SECRET=${{ secrets.APPLE_CLIENT_SECRET }} | |
| export JWT_ACCESS_TOKEN_SECRET=${{ secrets.JWT_ACCESS_TOKEN_SECRET }} | |
| export JWT_REFRESH_TOKEN_SECRET=${{ secrets.JWT_REFRESH_TOKEN_SECRET }} | |
| export JWT_ACCESS_TOKEN_EXPIRATION_TIME=${{ secrets.JWT_ACCESS_TOKEN_EXPIRATION_TIME }} | |
| export JWT_REFRESH_TOKEN_EXPIRATION_TIME=${{ secrets.JWT_REFRESH_TOKEN_EXPIRATION_TIME }} | |
| export JWT_ISSUER=${{ secrets.JWT_ISSUER }} | |
| export PROD_AWS_ACCESS_KEY_ID=${{ secrets.PROD_AWS_ACCESS_KEY_ID }} | |
| export PROD_AWS_SECRET_ACCESS_KEY=${{ secrets.PROD_AWS_SECRET_ACCESS_KEY }} | |
| export AWS_REGION=${{ secrets.AWS_REGION }} | |
| export PROD_S3_BUCKET=${{ secrets.PROD_S3_BUCKET }} | |
| export PROD_S3_ENDPOINT=${{ secrets.PROD_S3_ENDPOINT }} | |
| export SWAGGER_USERNAME=${{ secrets.SWAGGER_USERNAME }} | |
| export SWAGGER_PASSWORD=${{ secrets.SWAGGER_PASSWORD }} | |
| export MEILISEARCH_ENDPOINT=${{ secrets.MEILISEARCH_ENDPOINT }} | |
| export MEILISEARCH_KEY=${{ secrets.MEILISEARCH_KEY }} | |
| export AI_SERVER_IP=${{ secrets.AI_SERVER_IP }} | |
| export CLOTH_INFERENCE_PATH=${{ secrets.CLOTH_INFERENCE_PATH }} | |
| export STYLE_INFERENCE_PATH=${{ secrets.STYLE_INFERENCE_PATH }} | |
| export CLOTH_DETECT_PATH=${{ secrets.CLOTH_DETECT_PATH }} | |
| sudo mkdir -p /home/ubuntu/secrets | |
| echo "${{ secrets.FIREBASE_SA_JSON_B64 }}" | base64 -d | sudo tee /home/ubuntu/secrets/firebase-sa.json > /dev/null | |
| sudo chmod 600 /home/ubuntu/secrets/firebase-sa.json | |
| export FIREBASE_CREDENTIALS_PATH=/home/ubuntu/secrets/firebase-sa.json | |
| echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin | |
| cd /home/ubuntu | |
| docker compose -f clokey-api/prod-compose.yml up -d | |
| echo "Cleaning up dangling Docker images..." | |
| docker image prune -f | |