Update gradle.yml #65
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD with Gradle, Docker Image & Docker Compose | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| permissions: | |
| contents: read | |
| env: | |
| # Azure VM에서 docker compose 명령 시 sudo 권한이 필요하면 이 변수를 사용 | |
| DOCKER_COMPOSE_CMD: "sudo docker compose" | |
| jobs: | |
| # ───────────────────────────────────────────── | |
| # 1) Build-and-Push-Image Job | |
| # 이미지를 빌드하고 Docker Hub에 Push | |
| # ───────────────────────────────────────────── | |
| build-and-push-image: | |
| name: Build & Push Docker Image | |
| runs-on: ubuntu-latest | |
| steps: | |
| # 1.1) 소스 코드 체크아웃 | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| # 1.2) JDK 17 설치 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| # 1.3) Gradle 실행권한 부여 | |
| - name: Grant execute permission for Gradle | |
| run: chmod +x ./gradlew | |
| # 1.4) Gradle로 빌드 (bootJar 생성) | |
| - name: Build with Gradle | |
| run: ./gradlew clean bootJar | |
| # 1.5) Docker 이미지 빌드 | |
| - name: Build Docker Image | |
| run: docker build -t ${{ secrets.DOCKER_USERNAME }}/fossistant:latest . | |
| # 1.6) Docker Hub 로그인 | |
| - name: Docker Hub Login | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| # 1.7) Docker 이미지 Push | |
| - name: Push Docker Image to Docker Hub | |
| run: docker push ${{ secrets.DOCKER_USERNAME }}/fossistant:latest | |
| # ───────────────────────────────────────────── | |
| # 2) Deploy-with-Compose Job | |
| # 빌드가 끝나면 Azure VM에 SSH 접속 → Compose로 배포 | |
| # ───────────────────────────────────────────── | |
| deploy-with-compose: | |
| name: Deploy to Azure VM via Docker Compose | |
| runs-on: ubuntu-latest | |
| needs: build-and-push-image # build-and-push-image가 성공해야 실행됨 | |
| steps: | |
| # 2.1) 소스 코드 체크아웃 (★반드시 추가★) | |
| # → 이 단계가 없으면 docker-compose.yml이 워크스페이스에 없어서 scp가 실패합니다. | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| # 2.2) SSH 키 세팅 | |
| - name: Setup SSH private key | |
| run: | | |
| echo "${{ secrets.SSH_KEY }}" > private_key.pem | |
| chmod 600 private_key.pem | |
| # 2.3) SSH 연결 테스트 (디버깅용) | |
| - name: Debug SSH connection | |
| run: | | |
| ssh -o StrictHostKeyChecking=no -i private_key.pem \ | |
| ${{ secrets.AZURE_VM_USER }}@${{ secrets.AZURE_VM_HOST }} \ | |
| "echo ✅ SSH 접속 성공!" | |
| # 2.4) .env 파일 생성 | |
| - name: Generate .env for Docker Compose | |
| run: | | |
| cat <<EOF > .env | |
| AZURE_DB_USERNAME=${{ secrets.AZURE_DB_USERNAME }} | |
| AZURE_DB_PASSWORD=${{ secrets.AZURE_DB_PASSWORD }} | |
| GEMINI_KEY=${{ secrets.GEMINI_KEY }} | |
| GITHUB_TOKEN=${{ secrets.HUB_TOKEN }} | |
| JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }} | |
| JWT_ACCESS_TOKEN_TIME=${{ secrets.JWT_ACCESS_TOKEN_TIME }} | |
| JWT_REFRESH_TOKEN_TIME=${{ secrets.JWT_REFRESH_TOKEN_TIME }} | |
| GITHUB_CLIENT_ID=${{ secrets.CLIENT_ID }} | |
| GITHUB_CLIENT_SECRET=${{ secrets.CLIENT_SECRET }} | |
| EOF | |
| # 2.5) docker-compose.yml 업로드 | |
| - name: Upload docker-compose.yml to Azure VM | |
| run: | | |
| scp -i private_key.pem -o StrictHostKeyChecking=no \ | |
| docker-compose.yml \ | |
| ${{ secrets.AZURE_VM_USER }}@${{ secrets.AZURE_VM_HOST }}:/home/ubuntu/fossistant/docker-compose.yml | |
| # 2.6) .env 업로드 | |
| - name: Upload .env to Azure VM | |
| run: | | |
| scp -i private_key.pem -o StrictHostKeyChecking=no \ | |
| .env \ | |
| ${{ secrets.AZURE_VM_USER }}@${{ secrets.AZURE_VM_HOST }}:/home/ubuntu/fossistant/.env | |
| # 2.7) SSH로 접속하여 Azure VM에 배포 | |
| - name: SSH to Azure VM and Deploy with Compose | |
| uses: appleboy/ssh-action@v0.1.3 | |
| with: | |
| host: ${{ secrets.AZURE_VM_HOST }} | |
| username: ${{ secrets.AZURE_VM_USER }} | |
| key: ${{ secrets.SSH_KEY }} | |
| port: 22 | |
| script: | | |
| set -eux | |
| cd /home/ubuntu/fossistant | |
| echo "🧼 Killing any process listening on port 6379..." | |
| sudo fuser -k 6379/tcp || true | |
| echo "🧼 Forcibly removing any existing containers named 'redis' or 'fossistant'..." | |
| docker rm -f redis fossistant || true | |
| echo "🧹 Stopping old containers and removing orphans..." | |
| $DOCKER_COMPOSE_CMD down --remove-orphans || true | |
| $DOCKER_COMPOSE_CMD rm -f || true | |
| echo "✅ Pulling latest images from Docker Hub..." | |
| $DOCKER_COMPOSE_CMD pull | |
| echo "🚀 Starting new containers with Docker Compose..." | |
| $DOCKER_COMPOSE_CMD up -d --build | |
| echo "🎉 Deployment complete! Current containers:" | |
| docker ps |