security config 수정 #145
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Java CI with Gradle | |
| on: | |
| push: | |
| paths-ignore: | |
| - '*.md' | |
| branches: [ "develop", "feature/ci-cd" ] # feature/ci-cd 브랜치 후에 삭제 | |
| pull_request: | |
| branches: [ "develop" ] | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Set up JDK 11 | |
| uses: actions/setup-java@v3 | |
| with: | |
| java-version: '11' | |
| distribution: 'temurin' | |
| # gradle 의존성 캐싱 | |
| - name: gradle caching | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| # 권한 설정 | |
| - name: Grant execute permission for gradlew | |
| run: chmod +x gradlew | |
| # 빌드 - 테스트 제외 - !! 필요시 테스트 포함하도록 변경하기 | |
| - name: Build with Gradle | |
| run: ./gradlew build -x test | |
| # Buildx 설정 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v1 | |
| # 도커 허브 로그인 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v1 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| # 도커 빌드 및 푸시 | |
| - name: Build and push | |
| uses: docker/build-push-action@v2 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ secrets.DOCKERHUB_USERNAME }}/pyonsnalcolor:latest # !! 필요시 tag명 수정 | |
| cache-from: type=gha # 캐시 적용 | |
| cache-to: type=gha,mode=max | |
| deploy: | |
| needs: [ build ] | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Deploy | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.SERVER_HOST }} | |
| username: ${{ secrets.SERVER_USERNAME }} | |
| key: ${{ secrets.SERVER_PRIVATE_KEY }} | |
| port: ${{ secrets.SSH_PORT }} | |
| script: | | |
| sudo docker pull ${{ secrets.DOCKERHUB_USERNAME }}/pyonsnalcolor:latest | |
| sudo docker tag ${{ secrets.DOCKERHUB_USERNAME }}/pyonsnalcolor:latest pyonsnalcolor | |
| sudo docker rmi $(docker images -f "dangling=true" -q) | |
| sudo docker-compose up -d |