diff --git a/.github/workflows/deploy-to-ec2.yml b/.github/workflows/deploy-to-ec2.yml new file mode 100644 index 0000000..3450eeb --- /dev/null +++ b/.github/workflows/deploy-to-ec2.yml @@ -0,0 +1,80 @@ +name: Build and Deploy + +on: + push: + branches: ["release"] + +jobs: + build: + runs-on: ubuntu-latest + steps: + + - name: 현재 실행 환경에 JDK 17 설치하기 + uses: actions/setup-java@v3 + with: + java-version: '17' + distribution: 'temurin' + server-id: github + settings-path: ${{ github.workspace }} + + - name: 현재 실행 환경에 Repository 불러오기 + uses: actions/checkout@v3 + with: + token: ${{ secrets.GIT_TOKEN }} + submodules: true + + - name: App을 Gradle로 빌드하기 + run: | + git submodule update --init --recursive + chmod +x gradlew + ./gradlew clean build + + - name: Docker Buildx 설치하기 + uses: docker/setup-buildx-action@v3 + + - name: GitHub Container Registry에 로그인 하기 + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GIT_TOKEN }} + + - name: Docker image로 build 후 GHCR에 push하기 + uses: docker/build-push-action@v5 + with: + context: . + file: ./Dockerfile + push: true + tags: ghcr.io/flytraphub/venus-planner-be:release + + - name: AWS 자격 증명 설정하기 + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCOUNT_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_ACCOUNT_SECRET_ACCESS_KEY }} + aws-region: ${{secrets.AWS_REGION}} + + - name: 현재 실행 환경의 Public IP 주소 얻기 + id: public-ip + run: | + response=$(curl -s canhazip.com) + echo "ip=$response" >> "$GITHUB_OUTPUT" + + - name: AWS 보안 그룹에 Github Actions IP 추가 + run: | + aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SECURITY_GROUP_ID }} --protocol tcp --port 22 --cidr ${{ steps.public-ip.outputs.ip }}/32 + + - name: 원격 서버에 SSH로 접속 후 명령어 실행 + uses: appleboy/ssh-action@master + with: + host: ${{ secrets.AWS_EC2_HOST_ADDRESS }} + username: ec2-user + key: ${{ secrets.AWS_EC2_SSH_PRIVATE_KEY }} + script: | + cd venus-planner-be/ + chmod +x ./run.sh + ./run.sh + + - name: AWS 보안 그룹에서 Github Actions IP 제거 + run: | + aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SECURITY_GROUP_ID }} --protocol tcp --port 22 --cidr ${{ steps.public-ip.outputs.ip }}/32 diff --git a/.gitignore b/.gitignore index 52f99c9..918d346 100644 --- a/.gitignore +++ b/.gitignore @@ -35,6 +35,4 @@ out/ ### VS Code ### .vscode/ -/gradle/wrapper/gradle-wrapper.jar -/src/main/resources/application-auth.yml -/src/main/resources/application-oauth-local.yml +/src/main/resources/* diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..5e29ba4 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,6 @@ +FROM openjdk:17 + +ARG JAR_FILE=/build/libs/*-SNAPSHOT.jar +COPY ${JAR_FILE} app.jar + +ENTRYPOINT ["java","-jar","/app.jar"] diff --git a/docker-compose.yml b/docker-compose.yml new file mode 100644 index 0000000..6bbf43d --- /dev/null +++ b/docker-compose.yml @@ -0,0 +1,43 @@ +version: "3" + +services: + balancer: + image: nginx:latest + container_name: balancer + restart: unless-stopped + ports: + - "80:80" + - "443:443" + volumes: + - ./nginx/conf.d:/etc/nginx/conf.d + - ./data/certbot/conf:/etc/letsencrypt + - ./data/certbot/www:/var/www/certbot + depends_on: + - was-dev + command: '/bin/sh -c ''while :; do sleep 6h & wait $${!}; nginx -s reload; done & nginx -g "daemon off;"''' + + + certbot: + image: certbot/certbot + restart: unless-stopped + volumes: + - ./data/certbot/conf:/etc/letsencrypt + - ./data/certbot/www:/var/www/certbot + entrypoint: "/bin/sh -c 'trap exit TERM; while :; do certbot renew; sleep 12h & wait $${!}; done;'" + + was-dev: + image: ghcr.io/flytraphub/venus-planner-be:release + ports: + - "8080:8080" + container_name: was-dev + + redis: + image: redis:latest + restart: always + container_name: redis + ports: + - "6379:6379" + volumes: + - redis-data:/data/redis +volumes: + redis-data: \ No newline at end of file diff --git a/gradle/wrapper/gradle-wrapper.jar b/gradle/wrapper/gradle-wrapper.jar new file mode 100644 index 0000000..d64cd49 Binary files /dev/null and b/gradle/wrapper/gradle-wrapper.jar differ diff --git a/nginx/conf.d/nginx.conf b/nginx/conf.d/nginx.conf new file mode 100644 index 0000000..08dbf2b --- /dev/null +++ b/nginx/conf.d/nginx.conf @@ -0,0 +1,45 @@ +upstream back-server { + server was-dev:8080; +} + +server { + listen 80; + server_name api.planner.flytraphub.net; + server_tokens off; + + location /.well-known/acme-challenge/ { + root /var/www/certbot; + } + + + location / { + return 301 https://$host$request_uri; + } + +} + +server { + listen 443 ssl; + server_name api.planner.flytraphub.net; + server_tokens off; + + ssl_certificate /etc/letsencrypt/live/api.planner.flytraphub.net/fullchain.pem; + ssl_certificate_key /etc/letsencrypt/live/api.planner.flytraphub.net/privkey.pem; + include /etc/letsencrypt/options-ssl-nginx.conf; + ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; + + location /api/ { + proxy_pass http://back-server; + + proxy_http_version 1.1; + proxy_set_header Upgrade $http_upgrade; + proxy_set_header Connection "Upgrade"; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + proxy_set_header X-Forwarded-Proto $scheme; + proxy_set_header Cookie $http_cookie; + proxy_read_timeout 21600000; + proxy_send_timeout 21600000; + } +} \ No newline at end of file diff --git a/run.sh b/run.sh new file mode 100644 index 0000000..6cd6571 --- /dev/null +++ b/run.sh @@ -0,0 +1,20 @@ + +#!/bin/bash + +echo "🏁 Script Start." +echo "👉 Pulling github repository..." +git pull origin release + +echo "👉 Pulling backend Docker image..." +cd .. +cat github_token/github_token.txt | docker login ghcr.io -u crtEvent --password-stdin +docker pull ghcr.io/flytraphub/venus-planner-be:release + +echo "👉 Starting Docker Compose..." +cd venus-planner-be/ +sudo docker-compose up -d + +echo "👉 Cleaning up unused Docker images..." +sudo docker image prune -a -f + +echo "🫡 Script execution completed."