Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

feat: ec2 dev 서버 배포 구현 #40

Merged
merged 9 commits into from
Nov 3, 2023
Merged

feat: ec2 dev 서버 배포 구현 #40

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
9 commits
Select commit Hold shift + click to select a range
f8b8992
chore: submodule 업데이트
Shin-Jae-Yoon Nov 3, 2023
13dbdcd
feat: docker-compose 파일 세팅
Shin-Jae-Yoon Nov 3, 2023
21f9041
feat: nginx 템플릿 설정
Shin-Jae-Yoon Nov 3, 2023
e2d14c1
feat: Dockerfile 설정
Shin-Jae-Yoon Nov 3, 2023
934bbf5
feat: 쉘 스크립트 파일 작성
Shin-Jae-Yoon Nov 3, 2023
8610eee
feat: HealthCheckController 구현
Shin-Jae-Yoon Nov 3, 2023
fd97083
chore: build.gradle 커버리지 항목 제외 추가
Shin-Jae-Yoon Nov 3, 2023
133d045
feat: github actions ci, cd 작성
Shin-Jae-Yoon Nov 3, 2023
af81a31
style: ci 파일 오타 수정
Shin-Jae-Yoon Nov 3, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
12 changes: 12 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -21,6 +21,10 @@ jobs:
java-version: '17'
distribution: 'corretto'

- name: environment 세팅
run: |
echo "${{secrets.DEV_ENV_FILE }}" > ./.env

- name: Gradle 캐싱
uses: actions/cache@v3
with:
Expand All @@ -34,6 +38,14 @@ jobs:
- name: Gradle Grant 권한 부여
run: chmod +x gradlew

- name: 테스트용 MySQL 도커 컨테이너 실행
run: |
sudo docker run -d -p 3306:3306 --env MYSQL_DATABASE=test --env MYSQL_ROOT_PASSWORD=test mysql:8.0.33

- name: 테스트용 Redis 도커 컨테이너 실행
run: |
sudo docker run --name redis-test -p 6379:6379 -d redis

- name: SonarCloud 캐싱
uses: actions/cache@v3
with:
Expand Down
187 changes: 187 additions & 0 deletions .github/workflows/develop-cd.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,187 @@
name: develop-CD

on:
push:
branches: [ "develop" ]

permissions:
contents: write

jobs:
move-files:
name: move-files
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
token: ${{ secrets.MOABAM_SUBMODULE_KEY }}

- name: Github Actions IP 획득
id: ip
uses: haythem/[email protected]

- name: AWS Credentials 설정
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}

- name: Github Actions IP 보안그룹 추가
run: |
aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32

- name: 디렉토리 생성
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.EC2_INSTANCE_HOST }}
port: 22
username: ubuntu
key: ${{ secrets.EC2_INSTANCE_PRIVATE_KEY }}
script: |
mkdir -p /home/ubuntu/moabam/nginx

- name: Docker env 파일 생성
run:
echo "${{secrets.DEV_ENV_FILE }}" > ./.env

- name: 서버로 전송 기본 파일들 전송
uses: appleboy/scp-action@master
with:
host: ${{ secrets.EC2_INSTANCE_HOST }}
port: 22
username: ${{ secrets.EC2_INSTANCE_USERNAME }}
key: ${{ secrets.EC2_INSTANCE_PRIVATE_KEY }}
source: "./.env, ./docker-compose-dev.yml, init-letsencrypt.sh, ./scripts/*"
target: "/home/ubuntu/moabam"

- name: 서버로 전송 "nginx conf 파일들"
uses: appleboy/scp-action@master
with:
host: ${{ secrets.EC2_INSTANCE_HOST }}
port: 22
username: ${{ secrets.EC2_INSTANCE_USERNAME }}
key: ${{ secrets.EC2_INSTANCE_PRIVATE_KEY }}
source: "./nginx/*"
target: "/home/ubuntu/moabam"

- name: 파일 세팅
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.EC2_INSTANCE_HOST }}
port: 22
username: ubuntu
key: ${{ secrets.EC2_INSTANCE_PRIVATE_KEY }}
script: |
cd /home/ubuntu/moabam
mv docker-compose-dev.yml docker-compose.yml
chmod +x ./scripts/deploy-dev.sh
chmod +x ./scripts/init-letsencrypt.sh
chmod +x ./scripts/init-nginx-converter.sh

- name: Github Actions IP 보안그룹에서 삭제
if: always()
run: |
aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32

deploy:
name: deploy
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
token: ${{ secrets.MOABAM_SUBMODULE_KEY }}

- name: JDK 17 셋업
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'corretto'

- name: Gradle 캐싱
uses: actions/cache@v3
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-

- name: Gradle Grant 권한 부여
run: chmod +x gradlew

- name: 테스트용 MySQL 도커 컨테이너 실행
run: |
sudo docker run -d -p 3306:3306 --env MYSQL_DATABASE=test --env MYSQL_ROOT_PASSWORD=test mysql:8.0.33

- name: 테스트용 Redis 도커 컨테이너 실행
run: |
sudo docker run --name redis-test -p 6379:6379 -d redis

- name: Gradle 빌드
uses: gradle/gradle-build-action@bd5760595778326ba7f1441bcf7e88b49de61a25 # v2.6.0
with:
arguments: build

- name: 멀티플랫폼 위한 Docker Buildx 설정
uses: docker/setup-buildx-action@v2

- name: Docker Hub 로그인
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKER_HUB_USERNAME }}
password: ${{ secrets.DOCKER_HUB_TOKEN }}

- name: Docker Hub 빌드하고 푸시
uses: docker/build-push-action@v4
with:
context: .
push: true
tags: ${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.DOCKER_HUB_REPOSITORY }}:${{ secrets.DOCKER_HUB_DEV_TAG }}
build-args: |
"SPRING_ACTIVE_PROFILES=dev"
platforms: |
linux/amd64
linux/arm64

- name: Github Actions IP 획득
id: ip
uses: haythem/[email protected]

- name: AWS Credentials 설정
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ secrets.AWS_REGION }}

- name: Github Actions IP 보안그룹 추가
run: |
aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32

- name: EC2 서버에 배포
uses: appleboy/ssh-action@master
id: deploy-dev
if: contains(github.ref, 'dev')
with:
host: ${{ secrets.EC2_INSTANCE_HOST }}
port: 22
username: ubuntu
key: ${{ secrets.EC2_INSTANCE_PRIVATE_KEY }}
source: "docker-compose-dev.yml"
script: |
cd /home/ubuntu/moabam
echo ${{ secrets.DOCKER_HUB_TOKEN }} | docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} --password-stdin
sudo docker pull ${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.DOCKER_HUB_REPOSITORY }}:${{ secrets.DOCKER_HUB_DEV_TAG }}
./scripts/deploy-dev.sh
docker rm `docker ps -a -q`
docker rmi $(docker images -aq)
echo "### 배포 완료 ###"

- name: Github Actions IP 보안그룹에서 삭제
if: always()
run: |
aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
8 changes: 8 additions & 0 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
FROM amazoncorretto:17

ARG SPRING_ACTIVE_PROFILES
ENV SPRING_ACTIVE_PROFILES ${SPRING_ACTIVE_PROFILES}

COPY build/libs/moabam-server-0.0.1-SNAPSHOT.jar moabam.jar

ENTRYPOINT ["java", "-jar", "-Dspring.profiles.active=${SPRING_ACTIVE_PROFILES}", "/moabam.jar"]
5 changes: 3 additions & 2 deletions build.gradle
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -55,7 +55,7 @@ dependencies {

// Configuration Binding
annotationProcessor "org.springframework.boot:spring-boot-configuration-processor"

// Apache Commons Lang 3
implementation 'org.apache.commons:commons-lang3:3.13.0'

Expand Down Expand Up @@ -96,6 +96,7 @@ jacocoTestReport {
"**/*ErrorMessage*",
"**/*DynamicQuery*",
"**/*BaseTimeEntity*",
"**/*HealthCheckController*",
] + Qdomains)
})
)
Expand Down Expand Up @@ -127,7 +128,7 @@ sonar {
property 'sonar.coverage.jacoco.xmlReportPaths', 'build/reports/jacoco/test/jacocoTestReport.xml'
property 'sonar.coverage.exclusions', '**/test/**, **/Q*.java, **/*Doc*.java, **/resources/** ' +
',**/*Application*.java , **/*Config*.java, **/*Request*.java, **/*Response*.java ,**/*Exception*.java ' +
',**/*ErrorMessage*.java, **/*Mapper*.java'
',**/*ErrorMessage*.java, **/*Mapper*.java, **/*DynamicQuery*, **/*BaseTimeEntity*, **/*HealthCheckController*'
property 'sonar.java.checkstyle.reportPaths', 'build/reports/checkstyle/main.xml'
}
}
73 changes: 73 additions & 0 deletions docker-compose-dev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,73 @@
version: '3.7'

services:
nginx:
image: nginx:latest
container_name: nginx
platform: linux/arm64/v8
restart: always
ports:
- "80:80"
- "443:443"
volumes:
- /home/ubuntu/moabam/nginx/certbot/conf:/etc/letsencrypt
- /home/ubuntu/moabam/nginx/certbot/www:/var/www/certbot
- /home/ubuntu/moabam/nginx/nginx.conf:/etc/nginx/nginx.conf
command: "/bin/sh -c 'while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g \"daemon off;\"'"
certbot:
image: certbot/certbot:latest
container_name: certbot
platform: linux/arm64
restart: unless-stopped
volumes:
- /home/ubuntu/moabam/nginx/certbot/conf:/etc/letsencrypt
- /home/ubuntu/moabam/nginx/certbot/www:/var/www/certbot
entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'"
moabam-blue:
image: ${DOCKER_HUB_USERNAME}/${DOCKER_HUB_REPOSITORY}:${DOCKER_HUB_TAG}
container_name: ${BLUE_CONTAINER}
restart: always
expose:
- ${SERVER_PORT}
depends_on:
- redis
- mysql
environment:
SPRING_ACTIVE_PROFILES: ${SPRING_ACTIVE_PROFILES}
moabam-green:
image: ${DOCKER_HUB_USERNAME}/${DOCKER_HUB_REPOSITORY}:${DOCKER_HUB_TAG}
container_name: ${GREEN_CONTAINER}
expose:
- ${SERVER_PORT}
depends_on:
- redis
- mysql
environment:
SPRING_ACTIVE_PROFILES: ${SPRING_ACTIVE_PROFILES}
redis:
image: redis:alpine
container_name: redis
platform: linux/arm64
restart: always
command: redis-server
ports:
- "6379:6379"
volumes:
- /home/ubuntu/moabam/data/redis:/data
mysql:
image: mysql:8.0.33
container_name: mysql
platform: linux/arm64/v8
restart: always
ports:
- "3306:3306"
environment:
MYSQL_DATABASE: ${DEV_MYSQL_DATABASE}
MYSQL_USERNAME: ${DEV_MYSQL_USERNAME}
MYSQL_ROOT_PASSWORD: ${DEV_MYSQL_PASSWORD}
TZ: Asia/Seoul
command:
- --character-set-server=utf8mb4
- --collation-server=utf8mb4_unicode_ci
volumes:
- /home/ubuntu/moabam/data/mysql:/var/lib/mysql
60 changes: 60 additions & 0 deletions nginx/nginx.template
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,60 @@
worker_processes auto;

events {
use epoll;
worker_connections 1024;
}

http {

include mime.types;
sendfile on;

map $http_upgrade $connection_upgrade {
default "upgrade";
}

upstream backend {
server ${BLUE_CONTAINER}:${SERVER_PORT};
keepalive 1024;
}

server {
listen 80;
server_name ${SERVER_DOMAIN};
server_tokens off;

location / {
return 301 https://$host$request_uri;
}

location /.well-known/acme-challenge/ {
allow all;
root /var/www/certbot;
}
}

server {
listen 443 ssl;
server_name ${SERVER_DOMAIN};
server_tokens off;

ssl_certificate /etc/letsencrypt/live/${SERVER_DOMAIN}/fullchain.pem;
ssl_certificate_key /etc/letsencrypt/live/${SERVER_DOMAIN}/privkey.pem;
include /etc/letsencrypt/options-ssl-nginx.conf;
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;

location / {
resolver ${RESOLVER_IP} valid=10s;
proxy_pass http://backend;
proxy_http_version 1.1;
proxy_set_header Host $host;
proxy_set_header Connection $connection_upgrade;
proxy_set_header Upgrade $http_upgrade;

proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_set_header X-Forwarded-Proto $scheme;
}
}
}
Loading