Merge pull request #66 from yeong-hwan/yeong-hwan

[19기_장영환] Github Action을 이용한 CI/CD 배포 미션 제출합니다.
CEOS-Developers · May 22, 2024 · 41f7d0d · 41f7d0d
2 parents c065d8b + 064ea93
commit 41f7d0d
Show file tree

Hide file tree

Showing 12 changed files with 212 additions and 2 deletions.
diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
@@ -0,0 +1,62 @@
+name: Deploy Development Server
+
+on:
+  push:
+    branches: [ "yeong-hwan" ]
+
+permissions:
+  contents: read
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+
+      - name: checkout
+        uses: actions/checkout@v3
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      ## gradle build
+      - name: Build with Gradle
+        run: ./gradlew bootJar
+
+
+      - name: web docker build and push
+        run: |
+          docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
+          docker build -t my-repo/my-web-image .
+          docker push my-repo/my-web-image
+          docker build -f dockerfile-nginx -t my-repo/my-nginx-image .
+          docker push my-repo/my-nginx-image
+
+      - name: executing remote ssh commands using password
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.HOST }}
+          username: ubuntu
+          key: ${{ secrets.KEY }}
+          script: |
+          
+          ## 여러분이 원하는 경로로 이동합니다.
+            cd /home/ubuntu/
+
+          ## .env 파일을 생성합니다.
+            sudo touch .env
+            echo "${{ secrets.ENV_VARS }}" | sudo tee .env > /dev/null
+
+          ## docker-compose.yaml 파일을 생성합니다.
+            sudo touch docker-compose.yaml
+            echo "${{ vars.DOCKER_COMPOSE }}" | sudo tee docker-compose.yaml > /dev/null
+
+          ## docker-compose를 실행합니다.
+            sudo chmod 666 /var/run/docker.sock
+            sudo docker rm -f $(docker ps -qa)
+            sudo docker pull my-repo/my-web-image
+            sudo docker pull my-repo/my-nginx-image
+            docker-compose -f docker-compose.yaml --env-file ./.env up -d
+            docker image prune -f
diff --git a/.gitignore b/.gitignore
@@ -42,4 +42,9 @@ secrets.yml
 
 .idea
 
-*.yml
+# *.yml
+
+*.pem
+
+imgs/ModifyInboundSecurityGroupRules _ EC2 _ ap-northeast-2.html
+imgs/ModifyInboundSecurityGroupRules _ EC2 _ ap-northeast-2_files
diff --git a/Dockerfile b/Dockerfile
@@ -1,4 +1,17 @@
+# Use the OpenJDK 17 base image
 FROM openjdk:17
+
+# Define the build argument with the default value
 ARG JAR_FILE=/build/libs/*.jar
+
+# Print the JAR_FILE variable value for debugging
+RUN echo "JAR_FILE is set to ${JAR_FILE}"
+
+# List files in the current directory for debugging
+RUN ls -l .
+
+# Copy the JAR file to the container
 COPY ${JAR_FILE} app.jar
-ENTRYPOINT ["java","-jar", "/app.jar"]
+
+# Specify the entry point to run the application
+ENTRYPOINT ["java", "-jar", "app.jar"]
diff --git a/README.md b/README.md
@@ -46,6 +46,53 @@ public class User {
 }
 ```
 
+# 7주차 - Github CI/CD
+[References](https://sjh9708.tistory.com/100)
+
+### SSH 키 등록
+<div align="center">
+  <img src="imgs/ssh_key.png" alt="drawing" width=500"/>
+</div>
+
+### 에러
+<div align="center">
+  <img src="imgs/compose_up_error.png" alt="drawing" width=500"/>
+</div>
+
+> requests 라이브러리 버전 다운으로 해결
+
+<div align="center">
+  <img src="imgs/docker_web_error.png" alt="drawing" width=500"/>
+</div>
+
+```bash
+sudo apt-get install network-manager
+nmcli dev show | grep 'IP4.DNS'
+```
+> DNS 꼬인 포트 확인
+
+### Docker ps로 확인
+<div align="center">
+  <img src="imgs/docker_ps.png" alt="drawing" width=500"/>
+</div>
+
+### Security Protocol
+앱 실행이 성공했으나, EC2 Public IP(외부 IP)를 통해 접속하기 어려운 상황이다.
+어떤 사용자 어떤 포트에 접근 가능한지 규약 추가해주어야 한다.
+
+<div align="center">
+  <img src="imgs/security_protocol.png" alt="drawing" width=500"/>
+</div>
+
+유형에서 **사용자 지정 TCP를 설정하면 원하는 포트의 접근제어**가 가능하다.  
+- 포트 범위에서 접근 가능하게 하려는 포트, 나의 경우 스프링 applicaiton 포트 번호.
+**0.0.0.0/0** 은 모든 IP에 대해서 해당 Public IP에 대한 8080 포트 접근을 허용한다는 의미.
+
+<div align="center">
+  <img src="imgs/inbound_protocol.png" alt="drawing" width=500"/>
+</div>
+
+
 # 6주차 - Docker
 Docker : 컨테이너 기반의 가상화 도구
 - 가상화 : 서버의 성능을 나눠서 사용하자.
@@ -94,6 +141,9 @@ guest OS : hypervisor에 의해 생성되고 관리되는 운영체제.
 <div align="center">
   <img src="imgs/ddl_exception.png" alt="drawing" width=500"/>
 </div>
+
+컨테이너 입장에서 localhost != 내 local pc
+host local internal
 
 # 5주차 - Spring Security & JWT
 

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,33 @@
+version: "3"
+
+services:
+  db:
+    image: mysql:8.0.29-oracle
+#    image: mariadb:latest #mac
+    platform: linux/amd64
+    environment:
+      MYSQL_ROOT_PASSWORD: Jyh0914@
+      MYSQL_DATABASE: everytime
+    volumes:
+      - dbdata:/var/lib/mysql
+    ports:
+      - 3306:3306
+    restart: always
+
+  web:
+    container_name: web
+    build: .
+    ports:
+      - "8080:8080"
+    depends_on:
+      - db
+    environment:
+      mysql_host: db
+    restart: always
+    volumes:
+      - app:/app
+
+
+volumes:
+  dbdata:
+  app:
diff --git a/imgs/compose_up_error.png b/imgs/compose_up_error.png
diff --git a/imgs/docker_ps.png b/imgs/docker_ps.png
diff --git a/imgs/docker_web_error.png b/imgs/docker_web_error.png
diff --git a/imgs/inbound_protocol.png b/imgs/inbound_protocol.png
diff --git a/imgs/security_protocol.png b/imgs/security_protocol.png
diff --git a/imgs/ssh_key.png b/imgs/ssh_key.png
diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml
@@ -0,0 +1,47 @@
+spring:
+  datasource:
+    driver-class-name: com.mysql.cj.jdbc.Driver
+    url: jdbc:mysql://localhost:3306/everytime?createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true&useUnicode=true&serverTimezone=Asia/Seoul?useSSL=false
+  #  url: jdbc:mysql://localhost:8080/everytime?createDatabaseIfNotExist=true&allowPublicKeyRetrieval=true&serverTimezone=Asia/Seoul?useSSL=false
+    username: root
+    password: Jyh0914@
+  jpa:
+    database: mysql
+    database-platform: org.hibernate.dialect.MySQL8Dialect
+    hibernate:
+      ddl-auto: create-drop
+    properties:
+      hibernate:
+        dialect: org.hibernate.dialect.MySQL8Dialect
+        database-platform: org.hibernate.dialect.MySQL8Dialect
+        show_sql: true
+        format_sql: false
+    defer-datasource-initialization: true
+  sql:
+    init:
+      mode: always
+  mvc:
+    pathmatch:
+      matching-strategy: ant_path_matcher
+
+
+
+server:
+  port: 8080
+  servlet:
+    contextPath: /ceos-everytime
+
+springdoc:
+  api-docs:
+    enabled: true
+  swagger-ui:
+    enabled: true
+    tagsSorter: alpha
+    operations-sorter: alpha
+    display-request-duration: true
+
+jwt:
+  header: Authorization
+  #HS512 알고리즘을 사용할 것이기 때문에 512bit, 즉 64byte 이상의 secret key를 사용해야 한다.
+  secret: a2FyaW10b2thcmltdG9rYXJpbXRva2FyaW10b2thcmltdG9rYXJpbXRva2FyaW10b2thcmltdG9rYXJpbXRva2FyaW10b2thcmltdG9rYXJpbXRva2FyaW10b2thcmltdG9rYXJpbXRva2FyaW10b2thcmltdG9rYXJpbXRva2FyaW10b2thcmltdG9rYXJpbQ==
+  token-validity-in-seconds: 86400 # ttl (초)
-Original file line number
+Diff line change
@@ Expand Up / @@ -42,4 +42,9 @@ secrets.yml @@
     .idea
-    *.yml
+    # *.yml
+    *.pem
+    imgs/ModifyInboundSecurityGroupRules _ EC2 _ ap-northeast-2.html
+    imgs/ModifyInboundSecurityGroupRules _ EC2 _ ap-northeast-2_files