✨ 알림 기능 구현 #94
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [ dev ] # dev 브랜치로 푸시할때마다 실행 | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 # 저장소 코드 체크아웃 | |
| - name: Set up JDK 17 # Java 개발 킷 설정 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '17' | |
| - name: Make application.yml # application.yml 파일 생성 | |
| run: | | |
| cd ./src/main/resources | |
| echo "${{ secrets.APPLICATION_YML }}" > ./application.yml | |
| shell: bash | |
| - name: Grant execute permission for gradlew # gradlew 실행 권한 부여 | |
| run: chmod +x gradlew | |
| - name: Build with Gradle # Gradle을 사용하여 프로젝트 빌드 | |
| uses: gradle/gradle-build-action@v3 | |
| with: | |
| arguments: clean build -x test | |
| - name: Upload build artifact # 빌드된 아티팩트 업로드 | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: serverTest | |
| path: build/libs/*.jar | |
| deploy: | |
| needs: build # build 작업이 성공적으로 완료된 후 실행 | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Download build artifact # 이전 단계에서 업로드한 아티팩트 다운로드 | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: serverTest | |
| path: build/libs/ | |
| - name: Deploy to EC2 # EC2에 배포 | |
| env: | |
| EC2_SSH_KEY: ${{ secrets.EC2_SSH_KEY }} | |
| EC2_USERNAME: ${{ secrets.EC2_USERNAME }} | |
| EC2_HOST: ${{ secrets.EC2_HOST }} | |
| FCM_SERVICE_ACCOUNT_JSON: ${{ secrets.FCM_SERVICE_ACCOUNT_JSON }} | |
| run: | | |
| echo "$EC2_SSH_KEY" > private_key.pem | |
| chmod 600 private_key.pem | |
| jar_file=$(find build/libs -name '*.jar' ! -name '*plain.jar' | head -n 1) | |
| # NEW: 시크릿을 파일로 안전히 저장(개행/따옴표 이슈 회피) | |
| printf "%s" "$FCM_SERVICE_ACCOUNT_JSON" > fcm.json | |
| # CHANGED: JAR + fcm.json 모두 전송 | |
| scp -i private_key.pem -o StrictHostKeyChecking=no "$jar_file" fcm.json $EC2_USERNAME@$EC2_HOST:/home/$EC2_USERNAME/ | |
| # CHANGED: 원격에서 환경변수 export 후 실행 | |
| ssh -i private_key.pem -o StrictHostKeyChecking=no $EC2_USERNAME@$EC2_HOST " | |
| pgrep java | xargs -r kill -15 | |
| sleep 10 | |
| # NEW: Spring이 읽을 환경변수로 등록 | |
| export FCM_SERVICE_ACCOUNT_JSON=\"\$(cat /home/$EC2_USERNAME/fcm.json)\" | |
| # CHANGED: 앱 실행 | |
| nohup java -jar /home/$EC2_USERNAME/$(basename "$jar_file") > app.log 2>&1 & | |
| # NEW: 민감파일 즉시 삭제 | |
| rm -f /home/$EC2_USERNAME/fcm.json | |
| " | |
| # CHANGED: 로컬 임시파일도 정리 | |
| rm -f private_key.pem fcm.json |