.github/workflows/spring-boot-cd.yml

name: Deploy to AWS ECR

on:
  push:
    branches: 
      - main
env:
  AWS_REGION: ap-northeast-2
  IMAGE_TAG: latest
  ECR_REPOSITORY: wasin

defaults:
  run:
    working-directory: ./wasin

jobs:
  deploy:
    runs-on: ubuntu-latest
  
    steps:

      - name: get Github Action Public IP
        id: ip
        uses: haythem/public-ip@v1.3
        
      - name: Checkout code
        uses: actions/checkout@v4

      - name: Set up JDK 17
        uses: actions/setup-java@v3
        with:
          java-version: '17'
          distribution: 'adopt'

      - name: Grant execute permission for gradlew
        run: chmod +x ./gradlew

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ap-northeast-2

      - name: Login to Amazon ECR
        uses: aws-actions/amazon-ecr-login@v2
        id: login-ecr

      - name: docker build
        env: 
          REGISTRY: ${{ steps.login-ecr.outputs.registry }}

        run: docker build -t $REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f DockerFileProd .

      - name: docker build2
        env:
          REGISTRY: ${{ steps.login-ecr.outputs.registry }}

        run: |
          docker push $REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
      
      - name: add Github Actions IP to Security group
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: ap-northeast-2
        run: |
          aws ec2 authorize-security-group-ingress --group-name ${{ secrets.AWS_SECURITY_GROUP }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
          
      - name: deploy ec2 server
        uses: appleboy/ssh-action@v1.0.3
        with:
          host: ${{ secrets.AWS_HOST }}
          username: ${{ secrets.AWS_USER_NAME }}
          key: ${{ secrets.AWS_SSH_KEY }}
          script: |
            cd ~/wasin-backend/wasin
            sudo git pull
            aws ecr get-login-password --region ap-northeast-2 | sudo docker login --username AWS --password-stdin ${{ steps.login-ecr.outputs.registry }}
            sudo docker compose -f docker-compose.prod.yml pull
            sudo docker compose -f docker-compose.prod.yml down nginx wasin
            sudo docker compose -f docker-compose.prod.yml up -d
            sudo docker image prune -f

      - name: remove github Actions IP from security group
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          AWS_DEFAULT_REGION: ap-northeast-2
        run: |
          aws ec2 revoke-security-group-ingress --group-name ${{ secrets.AWS_SECURITY_GROUP }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32