name: Deploy jar to EC2 on: push: branches: [ "main" ] permissions: id-token: write # This is required for requesting the JWT contents: read # This is required for actions/checkout jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@v4 - name: Set up JDK 17 uses: actions/setup-java@v3 with: java-version: '17' distribution: 'temurin' cache: maven - name: Set environment variables run: | echo "SERVER_DB_URL=${{ secrets.DB_URL }}" >> $GITHUB_ENV echo "SERVER_DB_USERNAME=${{ secrets.DB_USERNAME }}" >> $GITHUB_ENV echo "SERVER_DB_PASSWORD=${{ secrets.DB_PASSWORD }}" >> $GITHUB_ENV echo "SERVER_DB_DRIVER_CLASS_NAME=${{ secrets.DB_DRIVER }}" >> $GITHUB_ENV echo "SERVER_DB_DIALECT=${{ secrets.SERVER_DB_DIALECT }}" >> $GITHUB_ENV echo "HTTP_PORT=${{ secrets.HTTP_PORT }}" >> $GITHUB_ENV echo "SERVER_PORT=${{ secrets.SERVER_PORT }}" >> $GITHUB_ENV echo "SERVER_SSL_KEY_STORE_TYPE=${{ secrets.SERVER_SSL_KEY_STORE_TYPE }}" >> $GITHUB_ENV echo "SERVER_SSL_KEY_STORE_LOCATION=${{ secrets.SERVER_SSL_KEY_STORE_LOCATION }}" >> $GITHUB_ENV echo "SERVER_SSL_KEY_STORE_PASSWORD=${{ secrets.SERVER_SSL_KEY_STORE_PASSWORD }}" >> $GITHUB_ENV echo "SERVER_SSL_KEY_ALIAS=${{ secrets.SERVER_SSL_KEY_ALIAS }}" >> $GITHUB_ENV echo "SERVER_SSL_TRUST_STORE_LOCATION=${{ secrets.SERVER_SSL_TRUST_STORE_LOCATION }}" >> $GITHUB_ENV echo "SERVER_SSL_TRUST_STORE_PASSWORD=${{ secrets.SERVER_SSL_TRUST_STORE_PASSWORD }}" >> $GITHUB_ENV echo "GOOGLE_SAFE_BROWSING_API_KEY=${{ secrets.GOOGLE_SAFE_BROWSING_API_KEY }}" >> $GITHUB_ENV echo "VIRUSTOTAL_API_KEY=${{ secrets.VIRUSTOTAL_API_KEY }}" >> $GITHUB_ENV echo "GOOGLE_CLIENT_ID=${{ secrets.GOOGLE_CLIENT_ID }}" >> $GITHUB_ENV echo "GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET }}" >> $GITHUB_ENV - name: Build with Maven run: mvn -B package --file pom.xml - name: Configure AWS Credentials id: configure-aws-credentials uses: aws-actions/configure-aws-credentials@v4 with: role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE }} aws-region: ${{ secrets.AWS_REGION }} - name: Get Instance ID id: get_instance_id run: | INSTANCE_ID=$(aws ec2 describe-instances --filters "Name=tag:Name,Values=safeqr-ec2" --query "Reservations[0].Instances[0].InstanceId" --output text) echo "INSTANCE_ID=$INSTANCE_ID" >> $GITHUB_ENV - name: Upload JAR to S3 run: | aws s3 cp target/app-0.0.1-SNAPSHOT.jar s3://s3-bucket-safeqr/ - name: Download JAR from S3 to EC2 run: | aws ssm send-command --instance-ids ${{ env.INSTANCE_ID }} --document-name "AWS-RunShellScript" --comment "Download JAR from S3" --parameters 'commands=[ "aws s3 cp s3://s3-bucket-safeqr/app-0.0.1-SNAPSHOT.jar /home/ssm-user/app-0.0.1-SNAPSHOT.jar", ]' - name: Create and Start Systemd Service run: | aws ssm send-command --instance-ids ${{ env.INSTANCE_ID }} --document-name "AWS-RunShellScript" --comment "Create and start service" --parameters 'commands=[ "aws s3 cp s3://s3-bucket-safeqr/springboot-app.service /etc/systemd/system/springboot-app.service", "aws s3 cp s3://s3-bucket-safeqr/springboot-app.var /etc/systemd/system/springboot-app.var", "sudo systemctl stop springboot-app", "sudo systemctl daemon-reload", "sudo systemctl enable springboot-app", "sudo systemctl start springboot-app", "sudo systemctl status springboot-app" ]'