name: Deploy jar to EC2 on: push: branches: [ "main" ] permissions: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up JDK 17 uses: actions/setup-java@v3 with: java-version: '17' distribution: 'temurin' cache: maven - name: Set environment variables run: | echo "SERVER_DB_URL=${{ secrets.DB_URL }}" >> $GITHUB_ENV echo "SERVER_DB_USERNAME=${{ secrets.DB_USERNAME }}" >> $GITHUB_ENV echo "SERVER_DB_PASSWORD=${{ secrets.DB_PASSWORD }}" >> $GITHUB_ENV echo "SERVER_DB_DRIVER_CLASS_NAME=${{ secrets.DB_DRIVER }}" >> $GITHUB_ENV echo "SERVER_DB_DIALECT=${{ secrets.SERVER_DB_DIALECT }}" >> $GITHUB_ENV echo "HTTP_PORT=${{ secrets.HTTP_PORT }}" >> $GITHUB_ENV echo "SERVER_PORT=${{ secrets.SERVER_PORT }}" >> $GITHUB_ENV echo "SERVER_SSL_KEY_STORE_TYPE=${{ secrets.SERVER_SSL_KEY_STORE_TYPE }}" >> $GITHUB_ENV echo "SERVER_SSL_KEY_STORE_LOCATION=${{ secrets.SERVER_SSL_KEY_STORE_LOCATION }}" >> $GITHUB_ENV echo "SERVER_SSL_KEY_STORE_PASSWORD=${{ secrets.SERVER_SSL_KEY_STORE_PASSWORD }}" >> $GITHUB_ENV echo "SERVER_SSL_KEY_ALIAS=${{ secrets.SERVER_SSL_KEY_ALIAS }}" >> $GITHUB_ENV echo "SERVER_SSL_TRUST_STORE_LOCATION=${{ secrets.SERVER_SSL_TRUST_STORE_LOCATION }}" >> $GITHUB_ENV echo "SERVER_SSL_TRUST_STORE_PASSWORD=${{ secrets.SERVER_SSL_TRUST_STORE_PASSWORD }}" >> $GITHUB_ENV - name: Build with Maven run: mvn -B package --file pom.xml - name: Configure AWS Credentials id: configure-aws-credentials uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE }} aws-region: ${{ secrets.AWS_REGION }} - name: Get Instance ID id: get_instance_id run: | INSTANCE_ID=$(aws ec2 describe-instances --filters "Name=tag:Name,Values=safeqr-ec2" --query "Reservations[0].Instances[0].InstanceId" --output text) echo "INSTANCE_ID=$INSTANCE_ID" >> $GITHUB_ENV - name: Upload JAR to S3 run: | aws s3 cp target/app-0.0.1-SNAPSHOT.jar s3://s3-bucket-safeqr/ - name: Download JAR from S3 to EC2 run: | aws ssm send-command --instance-ids ${{ env.INSTANCE_ID }} --document-name "AWS-RunShellScript" --comment "Download JAR from S3" --parameters 'commands=[ "aws s3 cp s3://s3-bucket-safeqr/app-0.0.1-SNAPSHOT.jar /home/ssm-user/app-0.0.1-SNAPSHOT.jar", "ls -l /home/ssm-user/app-0.0.1-SNAPSHOT.jar" ]' - name: Create and Start Systemd Service run: | aws ssm send-command --instance-ids ${{ env.INSTANCE_ID }} --document-name "AWS-RunShellScript" --comment "Create and start service" --parameters 'commands=[ "aws s3 cp s3://s3-bucket-safeqr/update_env_var.sh /home/ssm-user/update_env_var.sh", "chmod +x /home/ssm-user/update_env_var.sh", "source /home/ssm-user/.bashrc", "echo \\"[Unit]\nDescription=Spring Boot Application\nAfter=network.target\n\n[Service]\nUser=ssm-user\nEnvironment=\"SERVER_DB_URL=${SERVER_DB_URL}\" \"SERVER_DB_USERNAME=${SERVER_DB_USERNAME}\" \"SERVER_DB_PASSWORD=${SERVER_DB_PASSWORD}\" \"SERVER_DB_DRIVER_CLASS_NAME=${SERVER_DB_DRIVER_CLASS_NAME}\" \"SERVER_SSL_KEY_STORE_LOCATION=${SERVER_SSL_KEY_STORE_LOCATION}\" \"SERVER_SSL_KEY_STORE_PASSWORD=${SERVER_SSL_KEY_STORE_PASSWORD}\" \"SERVER_SSL_KEY_ALIAS=${SERVER_SSL_KEY_ALIAS}\" \"SERVER_SSL_TRUST_STORE_LOCATION=${SERVER_SSL_TRUST_STORE_LOCATION}\" \"SERVER_SSL_TRUST_STORE_PASSWORD=${SERVER_SSL_TRUST_STORE_PASSWORD}\" \"SERVER_PORT=${SERVER_PORT}\"\nExecStart=/usr/bin/java -jar /home/ssm-user/app-0.0.1-SNAPSHOT.jar\nSuccessExitStatus=143\nRestart=always\nRestartSec=3\n\n[Install]\nWantedBy=multi-user.target\n\\" > /etc/systemd/system/springboot-app.service", "sudo systemctl daemon-reload", "sudo systemctl enable springboot-app", "sudo systemctl start springboot-app", "sudo systemctl status springboot-app" ]'