Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

[Infra/#11] 무중단 배포 자동화 환경 구축 (Docker) #21

Merged
merged 34 commits into from
Dec 5, 2024
Merged
Changes from all commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
5750297
[FEAT] 기본 어플리케이션 빌드 확인 CI Script 작성
yummygyudon Nov 15, 2024
129af14
[FEAT] 1차 CI/CD workflow script 작성
yummygyudon Nov 16, 2024
cd0ddf9
[FEAT] Build 및 Run 도커파일 작성
yummygyudon Nov 16, 2024
05ab304
[FEAT] Code Deploy 실행 단계 및 실행위치 설정
yummygyudon Nov 16, 2024
615c585
[FEAT] Code Deploy `appspec.yml` 실행 Script 순서 지정 및 이름 지정
yummygyudon Nov 18, 2024
3a881a1
[FEAT] CD Script 작성
yummygyudon Nov 18, 2024
3921983
[FEAT] CI Script 내 Key Pem 파일 생성 명령어 추가
yummygyudon Nov 18, 2024
101c841
[FEAT] scripts 환경변수 주입 세팅
yummygyudon Nov 18, 2024
bcdb501
[CHORE] `.gitignore` 내 배포 과정에 사용되는 script 폴더 path 추가
yummygyudon Nov 19, 2024
9ba2c5b
[CHORE] Spring Actuator 라이브러리 의존성 추가
yummygyudon Nov 19, 2024
5fa64cf
[FEAT] 1차 배포 Script 작성 완료
yummygyudon Nov 19, 2024
0e8b9d1
[FIX] Jwt Pem 파일 환경별 분리에 따른 Script 환경 변수 반영
yummygyudon Nov 19, 2024
a36a4a9
[FEAT] Apple Credential 파일 반영
yummygyudon Nov 19, 2024
b9d7e8d
[FEAT] EC2 내 파일 존재 시, 덮어쓸 수 있도록 appspec.yml 반영
yummygyudon Nov 19, 2024
affb7c4
[FIX] appspec file path 수정
yummygyudon Nov 26, 2024
a537480
[FEAT] .dockerignore 추가
yummygyudon Nov 26, 2024
d9ac72d
[CHORE] 불필요한 명령 제거 및 브랜치 이름 수정
yummygyudon Nov 26, 2024
32dd59d
[FIX] CodeDeploy resource mapped path 수정
yummygyudon Nov 26, 2024
74e6744
[FIX] 설정 파일 관리방법 변경 반영
yummygyudon Nov 26, 2024
d194e1b
[CHORE] 배포 변경 사항 Prod script sync
yummygyudon Nov 26, 2024
353779b
[FIX] 잘못된 git ignore 등록 요소 수정
yummygyudon Nov 26, 2024
87d0cce
[FIX] CI 빌드 실행 명령 수정
yummygyudon Nov 26, 2024
63dd7a8
[FIX] appspec 소스파일 저장 위치 변경
yummygyudon Dec 2, 2024
d93541f
[FEAT] Spring Actuator Health Check 엔드포인트 설정 추가
yummygyudon Dec 2, 2024
f01193b
[FEAT] appspec pem 파일 및 key 파일 리소스 path 추가
yummygyudon Dec 2, 2024
69bc987
[FIX] .env 파일 주입 방식 변경에 대한 application yaml 파일 반영
yummygyudon Dec 2, 2024
b94aed1
[CHORE] gitignore .env 파일 추가
yummygyudon Dec 2, 2024
014d12e
[FEAT] 동적 Profile parameter 주입 Build 방식 & 생성 jar 파일 지정 내용 `build.grad…
yummygyudon Dec 2, 2024
e6421f8
[REFACTOR] copy 시, 명시된 jar만 복사할 수 있도록 수정 및 build 주체 변경(Gradle -> Open…
yummygyudon Dec 2, 2024
9f47d13
[REFACTOR] CI Build 방식 Docker 변경
yummygyudon Dec 2, 2024
5402168
[REFACTOR] CD Script 수정
yummygyudon Dec 2, 2024
b42cf66
[FIX] docker 빌드 시, 수행되는 `.github/script/pre-commit` 파일 .dockerignore 제외
yummygyudon Dec 2, 2024
cb17408
Merge branch 'dev' into infra/#11
yummygyudon Dec 5, 2024
c2b10f1
[CHORE] Spotless 스펙 통일
yummygyudon Dec 5, 2024
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
8 changes: 8 additions & 0 deletions .dockerignore
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
.idea
*.md
appspec.yml
.github
!.github/script/pre-commit
.gitignore
.gitattributes
script
113 changes: 113 additions & 0 deletions .github/workflows/cd-dev.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,113 @@
name: Continuous Deployment for SOPT makers Authentication Development Server

on:
workflow_dispatch:
push:
branches: [ dev ]

jobs:

build-and-push-image:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v3

- name: ✅ Set up JDK 21
uses: actions/setup-java@v3
with:
java-version: 21
distribution: 'corretto'
cache: gradle

- name: 🤝 Grant execute permission for gradlew
run: chmod +x ./gradlew
shell: bash

- name: 🔒 Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
aws-region: ${{ secrets.AWS_REGION }}

- name: ⚙️ Create Property File
run: |
touch ./gradle.properties

echo "${{ secrets.PROPERTY_GRADLE }}" >> ./gradle.properties

- name: 🧱 Build Image and Push to ECR
env:
AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
AWS_ECR_REPO: ${{ secrets.AWS_ECR_REPO_DEV }}
run: |
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
docker build --build-arg PROFILE=dev -t $AWS_ECR_REPO .
docker tag $AWS_ECR_REPO:latest public.ecr.aws/$AWS_ACCOUNT_ID/$AWS_ECR_REPO:latest
docker push public.ecr.aws/$AWS_ACCOUNT_ID/$AWS_ECR_REPO:latest


create-deploy:
needs: build-and-push-image
runs-on: ubuntu-22.04
steps:
- name: 🔒 Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
aws-region: ${{ secrets.AWS_REGION }}

- name: 🔑 Copy Key File
env:
REGION: ${{ secrets.AWS_REGION }}
APPLE_KEY: ${{ secrets.APPLE_KEY }}
JWT_PUBLIC_KEY: ${{ secrets.JWT_PUBLIC_KEY }}
JWT_PRIVATE_KEY: ${{ secrets.JWT_PRIVATE_KEY }}
S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
run: |
mkdir ./pem
mkdir ./key

aws s3 cp --region $REGION \
s3://$S3_BUCKET/dev/static/$JWT_PUBLIC_KEY ./pem/$JWT_PUBLIC_KEY
aws s3 cp --region $REGION \
s3://$S3_BUCKET/dev/static/$JWT_PRIVATE_KEY ./pem/$JWT_PRIVATE_KEY
aws s3 cp --region $REGION \
s3://$S3_BUCKET/dev/static/$APPLE_KEY ./key/$APPLE_KEY

- name: 📝 Copy Script File
env:
REGION: ${{ secrets.AWS_REGION }}
S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
S3_ENV_FILE_NAME: ${{ secrets.ENV_FILE_NAME_PROD }}
run: |
mkdir ./script
aws s3 cp --region $REGION \
s3://$S3_BUCKET/dev/script/deploy.sh script/deploy.sh
aws s3 cp --region $REGION \
s3://$S3_BUCKET/dev/script/switch.sh script/switch.sh
aws s3 cp --region $REGION \
s3://$S3_BUCKET/dev/script/valid.sh script/valid.sh

aws s3 cp --region $REGION \
s3://$S3_BUCKET/dev/$S3_ENV_FILE_NAME application.env

- name: 📁 Make files to zip
run: zip -r ./$GITHUB_SHA.zip ./script ./pem ./key ./appspec.yml ./application.env
shell: bash

- name: 🚀 Upload Property Zip to S3 and Create Code Deploy
env:
REGION: ${{ secrets.AWS_REGION }}
DEPLOY_APPLICATION: ${{ secrets.AWS_DEPLOY_APPLICATION }}
DEPLOY_GROUP: ${{ secrets.AWS_DEPLOY_GROUP_DEV }}
S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
run: |
aws s3 cp --region $REGION ./$GITHUB_SHA.zip s3://$S3_BUCKET/dev/deploy/$GITHUB_SHA.zip

aws deploy create-deployment --application-name $AWS_DEPLOY_APPLICATION_NAME
--deployment-config-name CodeDeployDefault.AllAtOnce
--deployment-group-name $DEPLOY_GROUP
--s3-location bucket=$S3_BUCKET,bundleType=zip,key=dev/deploy/$GITHUB_SHA.zip
109 changes: 109 additions & 0 deletions .github/workflows/cd-prod.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,109 @@
name: Continuous Deployment for SOPT makers Authentication Production Server

on:
workflow_dispatch:
push:
branches: [ main ]

jobs:

build-and-push-image:
runs-on: ubuntu-22.04
steps:
- name: Checkout
uses: actions/checkout@v3

- name: ✅ Set up JDK 21
uses: actions/setup-java@v3
with:
java-version: 21
distribution: 'corretto'
cache: gradle

- name: 🤝 Grant execute permission for gradlew
run: chmod +x ./gradlew
shell: bash

- name: 🔒 Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
aws-region: ${{ secrets.AWS_REGION }}

- name: ⚙️ Create Property File
run: |
touch ./gradle.properties
touch ./src/main/resources/application.properties

echo "${{ secrets.PROPERTY_GRADLE }}" >> ./gradle.properties
echo "${{ secrets.PROPERTY_APPLICATION }}" >> ./src/main/resources/application.properties

- name: 🔑 Copy Key File
env:
REGION: ${{ secrets.AWS_REGION }}
APPLE_KEY: ${{ secrets.APPLE_KEY }}
JWT_PUBLIC_KEY: ${{ secrets.JWT_PUBLIC_KEY }}
JWT_PRIVATE_KEY: ${{ secrets.JWT_PRIVATE_KEY }}
S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
PROPERTY_PATH: src/main/resources
run: |
aws s3 cp --region $REGION \
s3://$S3_BUCKET/prod/static/$JWT_PUBLIC_KEY $PROPERTY_PATH/$JWT_PUBLIC_KEY
aws s3 cp --region $REGION \
s3://$S3_BUCKET/prod/static/$JWT_PRIVATE_KEY $PROPERTY_PATH/$JWT_PRIVATE_KEY
aws s3 cp --region $REGION \
s3://$S3_BUCKET/prod/static/$APPLE_KEY $PROPERTY_PATH/$APPLE_KEY

- name: 🧱 Build Image and Push to ECR
env:
AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
AWS_ECR_REPO: ${{ secrets.AWS_ECR_REPO_PROD }}
run: |
aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
docker build -t $AWS_ECR_REPO .
docker tag $AWS_ECR_REPO:latest public.ecr.aws/$AWS_ACCOUNT_ID/$AWS_ECR_REPO:latest
docker push public.ecr.aws/$AWS_ACCOUNT_ID/$AWS_ECR_REPO:latest


create-deploy:
needs: build-and-push-image
runs-on: ubuntu-22.04
steps:
- name: 🔒 Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
aws-region: ${{ secrets.AWS_REGION }}

- name: 📝 Copy Script File
env:
REGION: ${{ secrets.AWS_REGION }}
S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
run: |
mkdir script
aws s3 cp --region $REGION \
s3://$S3_BUCKET/prod/script/deploy.sh script/deploy.sh
aws s3 cp --region $REGION \
s3://$S3_BUCKET/prod/script/switch.sh script/switch.sh
aws s3 cp --region $REGION \
s3://$S3_BUCKET/prod/script/valid.sh script/valid.sh

- name: 📁 Make files to zip
run: zip -r ./$GITHUB_SHA.zip ./script
shell: bash

- name: 🚀 Upload Property Zip to S3 and Create Code Deploy
env:
REGION: ${{ secrets.AWS_REGION }}
DEPLOY_APPLICATION: ${{ secrets.AWS_DEPLOY_APPLICATION }}
DEPLOY_GROUP: ${{ secrets.AWS_DEPLOY_GROUP_PROD }}
S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
run: |
aws s3 cp --region $REGION ./$GITHUB_SHA.zip s3://$S3_PATH/prod/deploy/$GITHUB_SHA.zip

aws deploy create-deployment --application-name $AWS_DEPLOY_APPLICATION_NAME
--deployment-config-name CodeDeployDefault.AllAtOnce
--deployment-group-name $DEPLOY_GROUP
--s3-location bucket=$AWS_BUCKET_NAME,bundleType=zip,key=prod/deploy/$GITHUB_SHA.zip
34 changes: 34 additions & 0 deletions .github/workflows/ci.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,34 @@
name: Continuous Integration for SOPT makers Authentication Project

on:
pull_request:
branches: [ dev, prod ]

jobs:
build:
runs-on: ubuntu-22.04

steps:
- name: Checkout
uses: actions/checkout@v3

- name: ⚙️ Set up JDK 21
uses: actions/setup-java@v3
with:
java-version: 21
distribution: 'corretto'
cache: gradle

- name: 🤝 Grant execute permission for gradlew
run: chmod +x ./gradlew
shell: bash

- name: 🔑 Create Application Property File
run: |
touch ./gradle.properties

echo "${{ secrets.PROPERTY_GRADLE }}" >> ./gradle.properties

- name: 🧱 Build with Gradle
run: docker build -t app-ci .
shell: bash
6 changes: 6 additions & 0 deletions .gitignore
Original file line number Diff line number Diff line change
@@ -37,10 +37,16 @@ out/
.vscode/

### Propety ###
!gradle.properties
**/src/main/resources/*.properties
**/src/main/resources/**/*.env
*.properties
!gradle/wrapper/*.properties


### Key ###
*.pem
*p8

### Deploy ###
script/
27 changes: 27 additions & 0 deletions Dockerfile
Original file line number Diff line number Diff line change
@@ -0,0 +1,27 @@
FROM openjdk:21-jdk-slim as builder

# 기본값 : test
ARG PROFILE=test

# mkdir /app-build && cd /app-build
WORKDIR /app-build

# docker cp . gradle:app-build
COPY . /app-build

# create .jar
RUN echo "Build with PROFILE=${PROFILE}" && ./gradlew build -x test -Pprofile=${PROFILE} --no-daemon

# Run-Time Image Setting
FROM openjdk:21-jdk-slim as production

# mkdir /app-run && cd /app-run
WORKDIR /app-run

# copy .jar to Run-Time Image
COPY --from=builder /app-build/build/libs/authentication.jar /app-run/authentication.jar


EXPOSE 8080
ENTRYPOINT ["java"]
CMD ["-jar", "authentication.jar"]
39 changes: 39 additions & 0 deletions appspec.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,39 @@
version: 0.0
os: linux

files:
- source: script/deploy.sh
destination: /home/ubuntu/script/auth
overwrite: yes
- source: script/switch.sh
destination: /home/ubuntu/script/auth
overwrite: yes
- source: script/valid.sh
destination: /home/ubuntu/script/auth
overwrite: yes
- source: pem
destination: /home/ubuntu/property/auth/pem
- source: key
destination: /home/ubuntu/property/auth/key
- source: application.env
destination: /home/ubuntu/env/auth
file_exists_behavior: OVERWRITE

permissions:
- object: /home/ubuntu
pattern: '**'
owner: ubuntu
group: ubuntu

hooks:
AfterInstall:
- location: script/deploy.sh
timeout: 120
runas: root
- location: script/switch.sh
timeout: 120
runas: root
ValidateService:
- location: script/valid.sh
timeout: 60
runas: root
Loading