80 lines
4.3 KiB
YAML
80 lines
4.3 KiB
YAML
name: Deploy jar to EC2
|
|
|
|
on:
|
|
push:
|
|
branches: [ "main" ]
|
|
|
|
permissions:
|
|
id-token: write # This is required for requesting the JWT
|
|
contents: read # This is required for actions/checkout
|
|
|
|
jobs:
|
|
build:
|
|
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
- name: Set up JDK 17
|
|
uses: actions/setup-java@v3
|
|
with:
|
|
java-version: '17'
|
|
distribution: 'temurin'
|
|
cache: maven
|
|
|
|
- name: Set environment variables
|
|
run: |
|
|
echo "SERVER_DB_URL=${{ secrets.DB_URL }}" >> $GITHUB_ENV
|
|
echo "SERVER_DB_USERNAME=${{ secrets.DB_USERNAME }}" >> $GITHUB_ENV
|
|
echo "SERVER_DB_PASSWORD=${{ secrets.DB_PASSWORD }}" >> $GITHUB_ENV
|
|
echo "SERVER_DB_DRIVER_CLASS_NAME=${{ secrets.DB_DRIVER }}" >> $GITHUB_ENV
|
|
echo "SERVER_DB_DIALECT=${{ secrets.SERVER_DB_DIALECT }}" >> $GITHUB_ENV
|
|
echo "HTTP_PORT=${{ secrets.HTTP_PORT }}" >> $GITHUB_ENV
|
|
echo "SERVER_PORT=${{ secrets.SERVER_PORT }}" >> $GITHUB_ENV
|
|
echo "SERVER_SSL_KEY_STORE_TYPE=${{ secrets.SERVER_SSL_KEY_STORE_TYPE }}" >> $GITHUB_ENV
|
|
echo "SERVER_SSL_KEY_STORE_LOCATION=${{ secrets.SERVER_SSL_KEY_STORE_LOCATION }}" >> $GITHUB_ENV
|
|
echo "SERVER_SSL_KEY_STORE_PASSWORD=${{ secrets.SERVER_SSL_KEY_STORE_PASSWORD }}" >> $GITHUB_ENV
|
|
echo "SERVER_SSL_KEY_ALIAS=${{ secrets.SERVER_SSL_KEY_ALIAS }}" >> $GITHUB_ENV
|
|
echo "SERVER_SSL_TRUST_STORE_LOCATION=${{ secrets.SERVER_SSL_TRUST_STORE_LOCATION }}" >> $GITHUB_ENV
|
|
echo "SERVER_SSL_TRUST_STORE_PASSWORD=${{ secrets.SERVER_SSL_TRUST_STORE_PASSWORD }}" >> $GITHUB_ENV
|
|
|
|
- name: Build with Maven
|
|
run: mvn -B package --file pom.xml
|
|
|
|
- name: Configure AWS Credentials
|
|
id: configure-aws-credentials
|
|
uses: aws-actions/configure-aws-credentials@v4
|
|
with:
|
|
role-to-assume: arn:aws:iam::${{ secrets.AWS_ACCOUNT_ID }}:role/${{ secrets.AWS_ROLE }}
|
|
aws-region: ${{ secrets.AWS_REGION }}
|
|
|
|
- name: Get Instance ID
|
|
id: get_instance_id
|
|
run: |
|
|
INSTANCE_ID=$(aws ec2 describe-instances --filters "Name=tag:Name,Values=safeqr-ec2" --query "Reservations[0].Instances[0].InstanceId" --output text)
|
|
echo "INSTANCE_ID=$INSTANCE_ID" >> $GITHUB_ENV
|
|
|
|
- name: Upload JAR to S3
|
|
run: |
|
|
aws s3 cp target/app-0.0.1-SNAPSHOT.jar s3://s3-bucket-safeqr/
|
|
|
|
- name: Download JAR from S3 to EC2
|
|
run: |
|
|
aws ssm send-command --instance-ids ${{ env.INSTANCE_ID }} --document-name "AWS-RunShellScript" --comment "Download JAR from S3" --parameters 'commands=[
|
|
"aws s3 cp s3://s3-bucket-safeqr/app-0.0.1-SNAPSHOT.jar /home/ssm-user/app-0.0.1-SNAPSHOT.jar",
|
|
"ls -l /home/ssm-user/app-0.0.1-SNAPSHOT.jar"
|
|
]'
|
|
|
|
- name: Create and Start Systemd Service
|
|
run: |
|
|
aws ssm send-command --instance-ids ${{ env.INSTANCE_ID }} --document-name "AWS-RunShellScript" --comment "Create and start service" --parameters 'commands=[
|
|
"aws s3 cp s3://s3-bucket-safeqr/update_env_var.sh /home/ssm-user/update_env_var.sh",
|
|
"sudo chmod +x /home/ssm-user/update_env_var.sh",
|
|
"sudo source /home/ssm-user/.bashrc",
|
|
"echo -e \"[Unit]\\nDescription=Spring Boot Application\\nAfter=network.target\\n\\n[Service]\\nUser=ssm-user\\nEnvironment=\\"SERVER_DB_URL=${SERVER_DB_URL}\\" \\"SERVER_DB_USERNAME=${SERVER_DB_USERNAME}\\" \\"SERVER_DB_PASSWORD=${SERVER_DB_PASSWORD}\\" \\"SERVER_DB_DRIVER_CLASS_NAME=${SERVER_DB_DRIVER_CLASS_NAME}\\" \\"SERVER_SSL_KEY_STORE_LOCATION=${SERVER_SSL_KEY_STORE_LOCATION}\\" \\"SERVER_SSL_KEY_STORE_PASSWORD=${SERVER_SSL_KEY_STORE_PASSWORD}\\" \\"SERVER_SSL_KEY_ALIAS=${SERVER_SSL_KEY_ALIAS}\\" \\"SERVER_SSL_TRUST_STORE_LOCATION=${SERVER_SSL_TRUST_STORE_LOCATION}\\" \\"SERVER_SSL_TRUST_STORE_PASSWORD=${SERVER_SSL_TRUST_STORE_PASSWORD}\\" \\"SERVER_PORT=${SERVER_PORT}\\"\\nExecStart=/usr/bin/java -jar /home/ssm-user/app-0.0.1-SNAPSHOT.jar\\nSuccessExitStatus=143\\nRestart=always\\nRestartSec=3\\n\\n[Install]\\nWantedBy=multi-user.target\\n\" | sudo tee /etc/systemd/system/springboot-app.service",
|
|
"sudo systemctl daemon-reload",
|
|
"sudo systemctl enable springboot-app",
|
|
"sudo systemctl start springboot-app",
|
|
"sudo systemctl status springboot-app"
|
|
]'
|