From d6296bc55ce9791cce7d3505c655bffc714c2873 Mon Sep 17 00:00:00 2001 From: sirius506775 Date: Sun, 17 Mar 2024 16:50:04 +0900 Subject: [PATCH 1/6] =?UTF-8?q?Chore=20:=20private=20registry=20=EC=82=AC?= =?UTF-8?q?=EC=9A=A9=EC=9C=BC=EB=A1=9C=20=EC=9D=B8=ED=95=B4=20ignore?= =?UTF-8?q?=EC=97=90=EC=84=9C=20yml=20=EC=84=A4=EC=A0=95=20=EC=A0=9C?= =?UTF-8?q?=EA=B1=B0?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .dockerignore | 2 -- 1 file changed, 2 deletions(-) diff --git a/.dockerignore b/.dockerignore index 0a5604a..201530a 100644 --- a/.dockerignore +++ b/.dockerignore @@ -7,6 +7,4 @@ scripts README.md -/src/main/resources/application-secret.yml -/src/main/resources/application.tar /src/test/ \ No newline at end of file From c55b99235c0508e5ecab340bbf90b7cbe758ffe4 Mon Sep 17 00:00:00 2001 From: sirius506775 Date: Sun, 17 Mar 2024 16:50:42 +0900 Subject: [PATCH 2/6] =?UTF-8?q?Chore=20:=20docker=20build=20=EC=A0=84=20ke?= =?UTF-8?q?ystore=20=EC=8B=9C=ED=81=AC=EB=A6=BF=ED=82=A4=20=EC=83=9D?= =?UTF-8?q?=EC=84=B1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deploy.yml | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 4838bfb..129d190 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -32,6 +32,12 @@ jobs: - name: Build with Gradle run: ./gradlew build -x test + - name: Prepare keystore + run: echo "${{ secrets.KEYSTORE }}" > keystore.p12 + + - name: Move keystore file to Docker build context + run: mv keystore.p12 src/main/resources/ + - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 From 0dcb8d5a1ffb2b73b0e130c258f22eeffe3ac7b6 Mon Sep 17 00:00:00 2001 From: sirius506775 Date: Sun, 17 Mar 2024 17:20:57 +0900 Subject: [PATCH 3/6] =?UTF-8?q?Chore=20:=20gpg=20=EC=95=95=EC=B6=95?= =?UTF-8?q?=ED=8C=8C=EC=9D=BC=EC=9D=84=20=EC=82=AC=EC=9A=A9=ED=95=98?= =?UTF-8?q?=EC=97=AC=20=EB=AF=BC=EA=B0=90=EC=A0=95=EB=B3=B4=20=ED=8C=8C?= =?UTF-8?q?=EC=9D=BC=EC=9D=84=20=EC=83=9D=EC=84=B1=ED=95=98=EB=8A=94=20act?= =?UTF-8?q?ion=20=EC=B6=94=EA=B0=80=20#1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deploy.yml | 24 ++++++++++++++++++++---- src/main/resources/application.tar.gpg | Bin 0 -> 801 bytes 2 files changed, 20 insertions(+), 4 deletions(-) create mode 100644 src/main/resources/application.tar.gpg diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 129d190..2323f16 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -8,6 +8,10 @@ on: branches: - main +env: + PROJECT_NAME: balpyo-server + RESOURCE_PATH: /home/runner/work/2024_BEOTKKOTTHON_TEAM_32_BE/2024_BEOTKKOTTHON_TEAM_32_BE/src/main/resources + permissions: contents: read checks: write @@ -29,6 +33,18 @@ jobs: - name: Make gradlew executable run: chmod +x ./gradlew + # Decrypt the encrypted application-secret.yml file + - name: Decrypt application-prod yml + run: gpg --quiet --batch --yes --always-trust --decrypt --passphrase=${{ secrets.APPLICATION_PROD_YML }} --output $RESOURCE_PATH/application.tar $RESOURCE_PATH/application.tar.gpg + shell: bash + + # Unzip the application.tar file + - name: Unzip application.tar file to application-prod.yml + run: | + cd $RESOURCE_PATH + tar xvf application.tar + shell: bash + - name: Build with Gradle run: ./gradlew build -x test @@ -54,8 +70,8 @@ jobs: context: . file: ./Dockerfile push: true - tags: ${{ secrets.NCP_CONTAINER_REGISTRY }}/balpyo-server:latest - cache-from: type=registry,ref=${{ secrets.NCP_CONTAINER_REGISTRY }}/balpyo-server:latest + tags: ${{ secrets.NCP_CONTAINER_REGISTRY }}/$PROJECT_NAME:latest + cache-from: type=registry,ref=${{ secrets.NCP_CONTAINER_REGISTRY }}/#PROJECT_NAME:latest cache-to: type=inline secrets: | GIT_AUTH_TOKEN=${{ secrets.GIT_TOKEN }} @@ -70,7 +86,7 @@ jobs: script: | echo "${{ secrets.NCP_SECRET_KEY }}" | docker login -u ${{ secrets.NCP_ACCESS_KEY }} --password-stdin ${{ secrets.NCP_CONTAINER_REGISTRY }} - latest_tag=$(docker pull --quiet ${{ secrets.NCP_CONTAINER_REGISTRY }}/balpyo-server:latest | grep -oP "(?<=digest: ).*") + latest_tag=$(docker pull --quiet ${{ secrets.NCP_CONTAINER_REGISTRY }}/$PROJECT_NAME:latest | grep -oP "(?<=digest: ).*") echo "-----------------Latest tag found: ${{ secrets.LATEST_TAG }}" @@ -82,7 +98,7 @@ jobs: fi docker run -d -p 443:443 - ${{ secrets.NCP_CONTAINER_REGISTRY }}/balpyo-server:${{ secrets.LATEST_TAG }} + ${{ secrets.NCP_CONTAINER_REGISTRY }}/$PROJECT_NAME:${{ secrets.LATEST_TAG }} docker image prune -f \ No newline at end of file diff --git a/src/main/resources/application.tar.gpg b/src/main/resources/application.tar.gpg new file mode 100644 index 0000000000000000000000000000000000000000..3991bfb2d46999f05c82bd8fdd20b681c0408a9c GIT binary patch literal 801 zcmV++1K#|M4Fm}T0?=}Jjx(d9TL04N0r7rL`SsrdEW$YIdG=X#FiwEx%ioZyClPUZ z9Ijl0AS-gHa^EIB>(Q6o9}aujuBuX{zS2$OM)04X|o4kDnh=+^3&2 zXSzNq%FuGMl*q|7)nL0xGJrA6pi&-=-N^4D;DIC>+=pg&<#}zYmwK^m_P;&|=791e zIoCD|%h+gl__0R}=U(-rxnpa?D#|!Gi6ZmD1r({m(sw<|y?6}-2#V_78gXCiMLC50 ztv}preJxdT0;r9u`VXygFDAk-fSJR%-AmDjsH8@YlW|0pFdnv5H@=ey@da0PAxn)~*z)pCdQ44Hi;Uh`I=-hBCXXpZUzN%Dc@xF{PVE-QcqJ!V` zWv4C^(jUekP8adG;{(f7pz-F`dnTxFnjJv+k|pZijV7wGBVHG$ds83^`Z+B+aLjjK z%z2@5cb?+}Q%b(uY@;{2x8mtZwf+MpMo`4G1ABW8N(cQZzw(|3M!a-cGGC81T(ron zP3&P#(b)B-xCdaP$ef;PKM6a7z^zTxxrhG&KtFQ^ciJ%H7U)zf-=rMTlfG(43JrlJ zGI&Ja{*MuD-h1Lci!c+JHPvQqh<9;Eh#S7E>867a3mB~ZjXUPV*4MF3Kf_@{{PRv9 f;EAo99@@R*mK!X?=W9|uA~qN#?gNIpmF8}|Vt15r literal 0 HcmV?d00001 From 0b29f1408085462a5590be291d0e3190ebd28cac Mon Sep 17 00:00:00 2001 From: sirius506775 Date: Sun, 17 Mar 2024 17:24:46 +0900 Subject: [PATCH 4/6] =?UTF-8?q?Fix=20:=20env=20=ED=99=98=EA=B2=BD=EB=B3=80?= =?UTF-8?q?=EC=88=98=20=EB=AA=85=EB=AA=85=20=EC=98=A4=EB=A5=98=20=EC=88=98?= =?UTF-8?q?=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deploy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 2323f16..4d967b4 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -71,7 +71,7 @@ jobs: file: ./Dockerfile push: true tags: ${{ secrets.NCP_CONTAINER_REGISTRY }}/$PROJECT_NAME:latest - cache-from: type=registry,ref=${{ secrets.NCP_CONTAINER_REGISTRY }}/#PROJECT_NAME:latest + cache-from: type=registry,ref=${{ secrets.NCP_CONTAINER_REGISTRY }}/$PROJECT_NAME:latest cache-to: type=inline secrets: | GIT_AUTH_TOKEN=${{ secrets.GIT_TOKEN }} From 934f261e247c6c5829b53be0ce93cd306ab73374 Mon Sep 17 00:00:00 2001 From: sirius506775 Date: Sun, 17 Mar 2024 17:28:08 +0900 Subject: [PATCH 5/6] =?UTF-8?q?Fix=20:=20env=20=ED=99=98=EA=B2=BD=EB=B3=80?= =?UTF-8?q?=EC=88=98=20PROJECT=5FNAME=20=EC=82=AD=EC=A0=9C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deploy.yml | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml index 4d967b4..1bf8c32 100644 --- a/.github/workflows/deploy.yml +++ b/.github/workflows/deploy.yml @@ -9,7 +9,6 @@ on: - main env: - PROJECT_NAME: balpyo-server RESOURCE_PATH: /home/runner/work/2024_BEOTKKOTTHON_TEAM_32_BE/2024_BEOTKKOTTHON_TEAM_32_BE/src/main/resources permissions: @@ -70,8 +69,8 @@ jobs: context: . file: ./Dockerfile push: true - tags: ${{ secrets.NCP_CONTAINER_REGISTRY }}/$PROJECT_NAME:latest - cache-from: type=registry,ref=${{ secrets.NCP_CONTAINER_REGISTRY }}/$PROJECT_NAME:latest + tags: ${{ secrets.NCP_CONTAINER_REGISTRY }}/balpyo-server:latest + cache-from: type=registry,ref=${{ secrets.NCP_CONTAINER_REGISTRY }}/balpyo-server:latest cache-to: type=inline secrets: | GIT_AUTH_TOKEN=${{ secrets.GIT_TOKEN }} @@ -86,7 +85,7 @@ jobs: script: | echo "${{ secrets.NCP_SECRET_KEY }}" | docker login -u ${{ secrets.NCP_ACCESS_KEY }} --password-stdin ${{ secrets.NCP_CONTAINER_REGISTRY }} - latest_tag=$(docker pull --quiet ${{ secrets.NCP_CONTAINER_REGISTRY }}/$PROJECT_NAME:latest | grep -oP "(?<=digest: ).*") + latest_tag=$(docker pull --quiet ${{ secrets.NCP_CONTAINER_REGISTRY }}/balpyo-server:latest | grep -oP "(?<=digest: ).*") echo "-----------------Latest tag found: ${{ secrets.LATEST_TAG }}" @@ -98,7 +97,7 @@ jobs: fi docker run -d -p 443:443 - ${{ secrets.NCP_CONTAINER_REGISTRY }}/$PROJECT_NAME:${{ secrets.LATEST_TAG }} + ${{ secrets.NCP_CONTAINER_REGISTRY }}/balpyo-server:${{ secrets.LATEST_TAG }} docker image prune -f \ No newline at end of file From ed46133d8eabd1047011e0fb76ed7166646e8b67 Mon Sep 17 00:00:00 2001 From: sirius506775 Date: Sun, 17 Mar 2024 17:40:48 +0900 Subject: [PATCH 6/6] =?UTF-8?q?Chore=20:=20=EB=B0=B0=ED=8F=AC=20=EC=8B=9C,?= =?UTF-8?q?=20key-store=20=EC=83=81=EB=8C=80=EC=A3=BC=EC=86=8C=20=EB=B3=80?= =?UTF-8?q?=EA=B2=BD=EC=97=90=20=EB=94=B0=EB=A5=B8=20=EC=95=95=EC=B6=95?= =?UTF-8?q?=ED=8C=8C=EC=9D=BC=20=EB=B3=80=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/resources/application.tar.gpg | Bin 801 -> 857 bytes 1 file changed, 0 insertions(+), 0 deletions(-) diff --git a/src/main/resources/application.tar.gpg b/src/main/resources/application.tar.gpg index 3991bfb2d46999f05c82bd8fdd20b681c0408a9c..c749e2fc4595dd2551e060fb40bbd6cbfc1496ef 100644 GIT binary patch literal 857 zcmV-f1E&0p4Fm}T07Tg52q%TO%*Z3PBZF5{EIR?GwkQh zw_fh2B>xN664X%mVh4@!6}n6CbYpMdr&x zJFdbhK@L_DzP0(&B?IJPABg{qQDREDGq-Zwkv>FUomVu$za(N|@MzilmP1qMiiqNq zR|h1mu%`gPtWggv=aTIWh6UAUmKzM~BRuB?e}~stm#~P{4NwxWl*dxZ!oSV{2u)q@ zKNp-ZdV?}0t1oI9j$)iElpAp>w&4eGK}3y}B%OV)A8T+a$zE>7;KLwR1% zZyLEKpBo%j0*#{~%1ygKen-=V{~-C>S4ZQ~$!0C@yRs}eut<%xZ}Uz6@m=_1s!(4N zyPSVT?EtX*W1^Y2ToU?_1q_dp3bg^XsVZWl2zVT!@I~Ltu!zXuEYlDS561VhxkOCt zPUuLBd27M96DFU0Z^6^6dMA!;({2zcDZlWce67&a8IKR2hH;*A`!GWlr7=?jPb7^3 zCY$dIG|M}1<_siy?o7Qn_~>K5hNAMl(}455(D==A|?CJ z-z1XjcoWy0SEK>fQE6wfmBl7PK)vRu=+rct*yrq#BeQyVQejmEqWW(MV=*x=Z9?Pd z74N&vckT0px)iM46R`RF-3_21rCTSyHmWDQ6BIVH<=4+Dul}_)x>aoAPdyw{$_E(| z-a+WG)HSck@mu@Q7n5w`&ToUr4Vf7aV&40tC_BygRLoL&%bmQnthmsH{K934HIfek zOg#7+8=PsN;4{AHO;{OLC}-la&pvy?-6jV6Ujxa-2h3i}OIy6VubYL2@8ff>hU@Z! zeWTg10@aDCSU;Cw2WaND*Wcf!vs)#kqCgG(Q6o9}aujuBuX{zS2$OM)04X|o4kDnh=+^3&2 zXSzNq%FuGMl*q|7)nL0xGJrA6pi&-=-N^4D;DIC>+=pg&<#}zYmwK^m_P;&|=791e zIoCD|%h+gl__0R}=U(-rxnpa?D#|!Gi6ZmD1r({m(sw<|y?6}-2#V_78gXCiMLC50 ztv}preJxdT0;r9u`VXygFDAk-fSJR%-AmDjsH8@YlW|0pFdnv5H@=ey@da0PAxn)~*z)pCdQ44Hi;Uh`I=-hBCXXpZUzN%Dc@xF{PVE-QcqJ!V` zWv4C^(jUekP8adG;{(f7pz-F`dnTxFnjJv+k|pZijV7wGBVHG$ds83^`Z+B+aLjjK z%z2@5cb?+}Q%b(uY@;{2x8mtZwf+MpMo`4G1ABW8N(cQZzw(|3M!a-cGGC81T(ron zP3&P#(b)B-xCdaP$ef;PKM6a7z^zTxxrhG&KtFQ^ciJ%H7U)zf-=rMTlfG(43JrlJ zGI&Ja{*MuD-h1Lci!c+JHPvQqh<9;Eh#S7E>867a3mB~ZjXUPV*4MF3Kf_@{{PRv9 f;EAo99@@R*mK!X?=W9|uA~qN#?gNIpmF8}|Vt15r