Skip to content

Commit

Permalink
Merge branch 'develop' into feature/#23-get-items
Browse files Browse the repository at this point in the history
  • Loading branch information
@kmebin
kmebin committed Nov 4, 2023
2 parents 9e50a2b + 7ad2629 commit abbb40f
Show file tree
Hide file tree
Showing 13 changed files with 599 additions and 6 deletions.
12 changes: 12 additions & 0 deletions .github/workflows/ci.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ jobs:
java-version: '17'
distribution: 'corretto'

- name: environment 세팅
run: |
echo "${{secrets.DEV_ENV_FILE }}" > ./.env
- name: Gradle 캐싱
uses: actions/cache@v3
with:
Expand All @@ -34,6 +38,14 @@ jobs:
- name: Gradle Grant 권한 부여
run: chmod +x gradlew

- name: 테스트용 MySQL 도커 컨테이너 실행
run: |
sudo docker run -d -p 3306:3306 --env MYSQL_DATABASE=test --env MYSQL_ROOT_PASSWORD=test mysql:8.0.33
- name: 테스트용 Redis 도커 컨테이너 실행
run: |
sudo docker run --name redis-test -p 6379:6379 -d redis
- name: SonarCloud 캐싱
uses: actions/cache@v3
with:
Expand Down
187 changes: 187 additions & 0 deletions .github/workflows/develop-cd.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,187 @@
name: develop-CD

on:
push:
branches: [ "develop" ]

permissions:
contents: write

jobs:
move-files:
name: move-files
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
token: ${{ secrets.MOABAM_SUBMODULE_KEY }}

- name: Github Actions IP 획득
id: ip
uses: haythem/[email protected]

- name: AWS Credentials 설정
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}

- name: Github Actions IP 보안그룹 추가
run: |
aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
- name: 디렉토리 생성
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.EC2_INSTANCE_HOST }}
port: 22
username: ubuntu
key: ${{ secrets.EC2_INSTANCE_PRIVATE_KEY }}
script: |
mkdir -p /home/ubuntu/moabam/nginx
- name: Docker env 파일 생성
run:
echo "${{secrets.DEV_ENV_FILE }}" > ./.env

- name: 서버로 전송 기본 파일들 전송
uses: appleboy/scp-action@master
with:
host: ${{ secrets.EC2_INSTANCE_HOST }}
port: 22
username: ${{ secrets.EC2_INSTANCE_USERNAME }}
key: ${{ secrets.EC2_INSTANCE_PRIVATE_KEY }}
source: "./.env, ./docker-compose-dev.yml, init-letsencrypt.sh, ./scripts/*"
target: "/home/ubuntu/moabam"

- name: 서버로 전송 "nginx conf 파일들"
uses: appleboy/scp-action@master
with:
host: ${{ secrets.EC2_INSTANCE_HOST }}
port: 22
username: ${{ secrets.EC2_INSTANCE_USERNAME }}
key: ${{ secrets.EC2_INSTANCE_PRIVATE_KEY }}
source: "./nginx/*"
target: "/home/ubuntu/moabam"

- name: 파일 세팅
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.EC2_INSTANCE_HOST }}
port: 22
username: ubuntu
key: ${{ secrets.EC2_INSTANCE_PRIVATE_KEY }}
script: |
cd /home/ubuntu/moabam
mv docker-compose-dev.yml docker-compose.yml
chmod +x ./scripts/deploy-dev.sh
chmod +x ./scripts/init-letsencrypt.sh
chmod +x ./scripts/init-nginx-converter.sh
- name: Github Actions IP 보안그룹에서 삭제
if: always()
run: |
aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
deploy:
name: deploy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
token: ${{ secrets.MOABAM_SUBMODULE_KEY }}

- name: JDK 17 셋업
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'corretto'

- name: Gradle 캐싱
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-
- name: Gradle Grant 권한 부여
run: chmod +x gradlew

- name: 테스트용 MySQL 도커 컨테이너 실행
run: |
sudo docker run -d -p 3306:3306 --env MYSQL_DATABASE=test --env MYSQL_ROOT_PASSWORD=test mysql:8.0.33
- name: 테스트용 Redis 도커 컨테이너 실행
run: |
sudo docker run --name redis-test -p 6379:6379 -d redis
- name: Gradle 빌드
uses: gradle/gradle-build-action@bd5760595778326ba7f1441bcf7e88b49de61a25 # v2.6.0
with:
arguments: build

- name: 멀티플랫폼 위한 Docker Buildx 설정
uses: docker/setup-buildx-action@v2

- name: Docker Hub 로그인
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}

- name: Docker Hub 빌드하고 푸시
uses: docker/build-push-action@v4
with:
context: .
push: true
tags: ${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.DOCKER_HUB_REPOSITORY }}:${{ secrets.DOCKER_HUB_DEV_TAG }}
build-args: |
"SPRING_ACTIVE_PROFILES=dev"
platforms: |
linux/amd64
linux/arm64
- name: Github Actions IP 획득
id: ip
uses: haythem/[email protected]

- name: AWS Credentials 설정
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}

- name: Github Actions IP 보안그룹 추가
run: |
aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
- name: EC2 서버에 배포
uses: appleboy/ssh-action@master
id: deploy-dev
if: contains(github.ref, 'dev')
with:
host: ${{ secrets.EC2_INSTANCE_HOST }}
port: 22
username: ubuntu
key: ${{ secrets.EC2_INSTANCE_PRIVATE_KEY }}
source: "docker-compose-dev.yml"
script: |
cd /home/ubuntu/moabam
echo ${{ secrets.DOCKER_HUB_TOKEN }} | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
sudo docker pull ${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.DOCKER_HUB_REPOSITORY }}:${{ secrets.DOCKER_HUB_DEV_TAG }}
./scripts/deploy-dev.sh
docker rm `docker ps -a -q`
docker rmi $(docker images -aq)
echo "### 배포 완료 ###"
- name: Github Actions IP 보안그룹에서 삭제
if: always()
run: |
aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
8 changes: 8 additions & 0 deletions Dockerfile
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
FROM amazoncorretto:17

ARG SPRING_ACTIVE_PROFILES
ENV SPRING_ACTIVE_PROFILES ${SPRING_ACTIVE_PROFILES}

COPY build/libs/moabam-server-0.0.1-SNAPSHOT.jar moabam.jar

ENTRYPOINT ["java", "-jar", "-Dspring.profiles.active=${SPRING_ACTIVE_PROFILES}", "/moabam.jar"]
5 changes: 3 additions & 2 deletions build.gradle
View file
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ dependencies {

// Configuration Binding
annotationProcessor "org.springframework.boot:spring-boot-configuration-processor"

// Apache Commons Lang 3
implementation 'org.apache.commons:commons-lang3:3.13.0'

Expand Down Expand Up @@ -96,6 +96,7 @@ jacocoTestReport {
"**/*ErrorMessage*",
"**/*DynamicQuery*",
"**/*BaseTimeEntity*",
"**/*HealthCheckController*",
] + Qdomains)
})
)
Expand Down Expand Up @@ -127,7 +128,7 @@ sonar {
property 'sonar.coverage.jacoco.xmlReportPaths', 'build/reports/jacoco/test/jacocoTestReport.xml'
property 'sonar.coverage.exclusions', '**/test/**, **/Q*.java, **/*Doc*.java, **/resources/** ' +
',**/*Application*.java , **/*Config*.java, **/*Request*.java, **/*Response*.java ,**/*Exception*.java ' +
',**/*ErrorMessage*.java, **/*Mapper*.java'
',**/*ErrorMessage*.java, **/*Mapper*.java, **/*DynamicQuery*, **/*BaseTimeEntity*, **/*HealthCheckController*'
property 'sonar.java.checkstyle.reportPaths', 'build/reports/checkstyle/main.xml'
}
}
73 changes: 73 additions & 0 deletions docker-compose-dev.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
version: '3.7'

services:
nginx:
image: nginx:latest
container_name: nginx
platform: linux/arm64/v8
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- /home/ubuntu/moabam/nginx/certbot/conf:/etc/letsencrypt
- /home/ubuntu/moabam/nginx/certbot/www:/var/www/certbot
- /home/ubuntu/moabam/nginx/nginx.conf:/etc/nginx/nginx.conf
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
certbot:
image: certbot/certbot:latest
container_name: certbot
platform: linux/arm64
restart: unless-stopped
volumes:
- /home/ubuntu/moabam/nginx/certbot/conf:/etc/letsencrypt
- /home/ubuntu/moabam/nginx/certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
moabam-blue:
image: ${DOCKER_HUB_USERNAME}/${DOCKER_HUB_REPOSITORY}:${DOCKER_HUB_TAG}
container_name: ${BLUE_CONTAINER}
restart: always
expose:
- ${SERVER_PORT}
depends_on:
- redis
- mysql
environment:
SPRING_ACTIVE_PROFILES: ${SPRING_ACTIVE_PROFILES}
moabam-green:
image: ${DOCKER_HUB_USERNAME}/${DOCKER_HUB_REPOSITORY}:${DOCKER_HUB_TAG}
container_name: ${GREEN_CONTAINER}
expose:
- ${SERVER_PORT}
depends_on:
- redis
- mysql
environment:
SPRING_ACTIVE_PROFILES: ${SPRING_ACTIVE_PROFILES}
redis:
image: redis:alpine
container_name: redis
platform: linux/arm64
restart: always
command: redis-server
ports:
- "6379:6379"
volumes:
- /home/ubuntu/moabam/data/redis:/data
mysql:
image: mysql:8.0.33
container_name: mysql
platform: linux/arm64/v8
restart: always
ports:
- "3306:3306"
environment:
MYSQL_DATABASE: ${DEV_MYSQL_DATABASE}
MYSQL_USERNAME: ${DEV_MYSQL_USERNAME}
MYSQL_ROOT_PASSWORD: ${DEV_MYSQL_PASSWORD}
TZ: Asia/Seoul
command:
- --character-set-server=utf8mb4
- --collation-server=utf8mb4_unicode_ci
volumes:
- /home/ubuntu/moabam/data/mysql:/var/lib/mysql
60 changes: 60 additions & 0 deletions nginx/nginx.template
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
worker_processes auto;

events {
use epoll;
worker_connections 1024;
}

http {

include mime.types;
sendfile on;

map $http_upgrade $connection_upgrade {
default "upgrade";
}

upstream backend {
server ${BLUE_CONTAINER}:${SERVER_PORT};
keepalive 1024;
}

server {
listen 80;
server_name ${SERVER_DOMAIN};
server_tokens off;

location / {
return 301 https://$host$request_uri;
}

location /.well-known/acme-challenge/ {
allow all;
root /var/www/certbot;
}
}

server {
listen 443 ssl;
server_name ${SERVER_DOMAIN};
server_tokens off;

ssl_certificate /etc/letsencrypt/live/${SERVER_DOMAIN}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${SERVER_DOMAIN}/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

location / {
resolver ${RESOLVER_IP} valid=10s;
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
Loading

0 comments on commit abbb40f

Please sign in to comment.