feat: staff 수에 따른 요금제 제한 확인 로직 추가 (#130) #23
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CD Pipeline | |
| on: | |
| push: | |
| branches: | |
| - dev | |
| workflow_dispatch: | |
| inputs: | |
| module: | |
| description: 'Select module to deploy' | |
| required: true | |
| default: 'app' | |
| type: choice | |
| options: | |
| - app | |
| - admin | |
| - batch | |
| jobs: | |
| detect_changes: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| app_changed: ${{ steps.filter.outputs.app }} | |
| admin_changed: ${{ steps.filter.outputs.admin }} | |
| batch_changed: ${{ steps.filter.outputs.batch }} | |
| storage_changed: ${{ steps.filter.outputs.storage }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - id: filter | |
| uses: dorny/paths-filter@v2 | |
| with: | |
| filters: | | |
| app: | |
| - 'app/**' | |
| admin: | |
| - 'admin/**' | |
| batch: | |
| - 'batch/**' | |
| storage: | |
| - 'storage/**' | |
| deploy-app: | |
| needs: detect_changes | |
| if: | | |
| github.event_name == 'workflow_dispatch' && github.event.inputs.module == 'app' || | |
| needs.detect_changes.outputs.app_changed == 'true' || | |
| needs.detect_changes.outputs.storage_changed == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'corretto' | |
| - name: Cache Gradle packages | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| - name: Build app module | |
| run: ./gradlew :app:clean :app:build | |
| env: | |
| DB_URL: ${{ secrets.MYSQL_URL }} | |
| DB_USERNAME: ${{ secrets.MYSQL_USERNAME }} | |
| DB_PASSWORD: ${{ secrets.MYSQL_PASSWORD }} | |
| JWT_SECRET: ${{ secrets.JWT_SECRET }} | |
| JWT_ACCESS_EXPIRATION: ${{ secrets.JWT_ACCESS_EXPIRATION }} | |
| JWT_REFRESH_EXPIRATION: ${{ secrets.JWT_REFRESH_EXPIRATION }} | |
| JWT_ISSUER: ${{ secrets.JWT_ISSUER }} | |
| KAKAO_CLIENT_ID: ${{ secrets.KAKAO_CLIENT_ID }} | |
| KAKAO_REDIRECT_URI: ${{ secrets.KAKAO_REDIRECT_URI }} | |
| - name: Build app Docker image | |
| run: docker build -t ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.PROJECT_NAME }}-app:latest ./app | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| - name: Push app Docker image | |
| run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.PROJECT_NAME }}-app:latest | |
| - name: SSH and pull Docker image on EC2 | |
| uses: appleboy/ssh-action@v0.1.5 | |
| with: | |
| host: ${{ secrets.DEV_EC2_APP_HOST }} | |
| username: ${{ secrets.DEV_EC2_APP_USERNAME }} | |
| key: ${{ secrets.DEV_EC2_SSH_KEY }} | |
| port: 22 | |
| script: | | |
| cd /home/ubuntu/workspace | |
| rm .env | |
| touch .env | |
| echo "PROJECT_NAME=${{ secrets.PROJECT_NAME }}" >> .env | |
| echo "MYSQL_DATABASE=${{ secrets.PROJECT_NAME }}" >> .env | |
| echo "MYSQL_USER=${{ secrets.MYSQL_USERNAME }}" >> .env | |
| echo "MYSQL_PASSWORD=${{ secrets.MYSQL_PASSWORD }}" >> .env | |
| echo "SPRING_DATASOURCE_URL=${{ secrets.MYSQL_URL }}" >> .env | |
| echo "SPRING_DATASOURCE_USERNAME=${{ secrets.MYSQL_USERNAME }}" >> .env | |
| echo "SPRING_DATASOURCE_PASSWORD=${{ secrets.MYSQL_PASSWORD }}" >> .env | |
| echo "TEST_ENV_VAR=${{ secrets.TEST_ENV_VAR }}" >> .env | |
| echo "DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }}" >> .env | |
| echo "JWT_SECRET=${{ secrets.JWT_SECRET }}" >> .env | |
| echo "JWT_ACCESS_EXPIRATION=${{ secrets.JWT_ACCESS_EXPIRATION }}" >> .env | |
| echo "JWT_REFRESH_EXPIRATION=${{ secrets.JWT_REFRESH_EXPIRATION }}" >> .env | |
| echo "JWT_ISSUER=${{ secrets.JWT_ISSUER }}" >> .env | |
| echo "KAKAO_CLIENT_ID=${{ secrets.KAKAO_CLIENT_ID }}" >> .env | |
| echo "KAKAO_REDIRECT_URI=${{ secrets.KAKAO_REDIRECT_URI }}" >> .env | |
| echo "BUSINESS_API_KEY=${{ secrets.BUSINESS_API_KEY }}" >> .env | |
| echo "AWS_ACCESS_KEY=${{ secrets.AWS_ACCESS_KEY }}" >> .env | |
| echo "AWS_SECRET_KEY=${{ secrets.AWS_SECRET_KEY }}" >> .env | |
| echo "AWS_KMS_KEY_ID=${{ secrets.AWS_KMS_KEY_ID }}" >> .env | |
| echo "AES_SECRET_KEY=${{ secrets.AES_SECRET_KEY }}" >> .env | |
| echo "VIEW_EXPIRATION_MINUTES=${{ secrets.VIEW_EXPIRATION_MINUTES }}" >> .env | |
| echo "DOWNLOAD_EXPIRATION_MINUTES=${{ secrets.DOWNLOAD_EXPIRATION_MINUTES }}" >> .env | |
| echo "NH_BASE_URL=${{ secrets.NH_BASE_URL }}" >> .env | |
| echo "NH_ACCESS_TOKEN=${{ secrets.NH_ACCESS_TOKEN }}" >> .env | |
| echo "NH_ISCD=${{ secrets.NH_ISCD }}" >> .env | |
| echo "NH_FINTECH_APSNO=${{ secrets.NH_FINTECH_APSNO }}" >> .env | |
| echo "NH_API_SVC_CD=${{ secrets.NH_API_SVC_CD }}" >> .env | |
| echo "NH_API_SVC_CD_RECEIVED=${{ secrets.NH_API_SVC_CD_RECEIVED }}" >> .env | |
| echo "NH_FIN_ACNO=${{ secrets.NH_FIN_ACNO }}" >> .env | |
| echo "NH_MANGOBOSS_ACCOUNT=${{ secrets.NH_MANGOBOSS_ACCOUNT }}" >> .env | |
| echo "NH_MANGOBOSS_BANKCODE=${{ secrets.NH_MANGOBOSS_BANKCODE }}" >> .env | |
| echo "UPLOAD_EXPIRATION_MINUTES=${{ secrets.UPLOAD_EXPIRATION_MINUTES }}" >> .env | |
| echo "AWS_S3_PUBLIC_BUCKET=${{ secrets.AWS_S3_PUBLIC_BUCKET }}" >> .env | |
| echo "AWS_S3_PRIVATE_BUCKET=${{ secrets.AWS_S3_PRIVATE_BUCKET }}" >> .env | |
| echo "AWS_S3_PUBLIC_BASE_URL=${{ secrets.AWS_S3_PUBLIC_BASE_URL }}" >> .env | |
| echo "FRONTEND_URL=${{ secrets.FRONTEND_URL }}" >> .env | |
| echo "TOSS_PAYMENT_SECRET_KEY=${{ secrets.TOSS_PAYMENT_SECRET_KEY }}" >> .env | |
| echo "SENTRY_DSN=${{ secrets.SENTRY_DSN }}" >> .env | |
| echo "SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }}" >> .env | |
| echo "${{ secrets.DOCKERHUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin | |
| docker compose down -v | |
| docker images -q ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.PROJECT_NAME }}-app:latest | grep -q . && docker rmi ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.PROJECT_NAME }}-app:latest | |
| docker compose up -d | |
| deploy-batch: | |
| needs: detect_changes | |
| if: | | |
| github.event_name == 'workflow_dispatch' && github.event.inputs.module == 'batch' || | |
| needs.detect_changes.outputs.batch_changed == 'true' || | |
| needs.detect_changes.outputs.storage_changed == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'corretto' | |
| - name: Decode firebase credential | |
| run: | | |
| mkdir -p batch/src/main/resources/firebase | |
| echo "${{ secrets.FIREBASE_CREDENTIAL_JSON }}" | base64 -d > batch/src/main/resources/firebase/firebase-admin-sdk.json | |
| - name: Cache Gradle packages | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| - name: Build batch module | |
| run: ./gradlew :batch:clean :batch:build | |
| env: | |
| DB_URL: ${{ secrets.MYSQL_URL }} | |
| DB_USERNAME: ${{ secrets.MYSQL_BATCH_USERNAME }} | |
| DB_PASSWORD: ${{ secrets.MYSQL_BATCH_PASSWORD }} | |
| - name: Build batch Docker image | |
| run: docker build -t ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.PROJECT_NAME }}-batch:latest ./batch | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| - name: Push app Docker image | |
| run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.PROJECT_NAME }}-batch:latest | |
| - name: SSH and pull Docker image on EC2 | |
| uses: appleboy/ssh-action@v0.1.5 | |
| with: | |
| host: ${{ secrets.DEV_EC2_BATCH_HOST }} | |
| username: ${{ secrets.DEV_EC2_BATCH_USERNAME }} | |
| key: ${{ secrets.DEV_EC2_SSH_KEY }} | |
| port: 22 | |
| script: | | |
| cd /home/ubuntu/workspace | |
| rm .env | |
| touch .env | |
| echo "PROJECT_NAME=${{ secrets.PROJECT_NAME }}" >> .env | |
| echo "MYSQL_DATABASE=${{ secrets.PROJECT_NAME }}" >> .env | |
| echo "MYSQL_USER=${{ secrets.MYSQL_BATCH_USERNAME }}" >> .env | |
| echo "MYSQL_PASSWORD=${{ secrets.MYSQL_BATCH_PASSWORD }}" >> .env | |
| echo "SPRING_DATASOURCE_URL=${{ secrets.MYSQL_URL }}" >> .env | |
| echo "SPRING_DATASOURCE_USERNAME=${{ secrets.MYSQL_BATCH_USERNAME }}" >> .env | |
| echo "SPRING_DATASOURCE_PASSWORD=${{ secrets.MYSQL_BATCH_PASSWORD }}" >> .env | |
| echo "DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }}" >> .env | |
| echo "NH_BASE_URL=${{ secrets.NH_BASE_URL }}" >> .env | |
| echo "NH_ACCESS_TOKEN=${{ secrets.NH_ACCESS_TOKEN }}" >> .env | |
| echo "NH_ISCD=${{ secrets.NH_ISCD }}" >> .env | |
| echo "NH_FINTECH_APSNO=${{ secrets.NH_FINTECH_APSNO }}" >> .env | |
| echo "NH_API_SVC_CD=${{ secrets.NH_API_SVC_CD }}" >> .env | |
| echo "NH_API_SVC_CD_RECEIVED=${{ secrets.NH_API_SVC_CD_RECEIVED }}" >> .env | |
| echo "NH_FIN_ACNO=${{ secrets.NH_FIN_ACNO }}" >> .env | |
| echo "NH_MANGOBOSS_ACCOUNT=${{ secrets.NH_MANGOBOSS_ACCOUNT }}" >> .env | |
| echo "NH_MANGOBOSS_BANKCODE=${{ secrets.NH_MANGOBOSS_BANKCODE }}" >> .env | |
| echo "CRON_CLOCK_OUT=${{ secrets.CRON_CLOCK_OUT }}" >> .env | |
| echo "CRON_PAYROLL=${{ secrets.CRON_PAYROLL }}" >> .env | |
| echo "CRON_PAYSLIP=${{ secrets.CRON_PAYSLIP }}" >> .env | |
| echo "CRON_NOTIFICATION=${{ secrets.CRON_NOTIFICATION }}" >> .env | |
| echo "CRON_BILLING=${{ secrets.CRON_BILLING }}" >> .env | |
| echo "CRON_CLOCK_IN=${{ secrets.CRON_CLOCK_IN }}" >> .env | |
| echo "FRONTEND_URL=${{ secrets.FRONTEND_URL }}" >> .env | |
| echo "PAYROLL_BATCH_SIZE=${{ secrets.PAYROLL_BATCH_SIZE }}" >> .env | |
| echo "PAYSLIP_BATCH_SIZE=${{ secrets.PAYSLIP_BATCH_SIZE }}" >> .env | |
| echo "NOTIFICATION_BATCH_SIZE=${{ secrets.NOTIFICATION_BATCH_SIZE }}" >> .env | |
| echo "AWS_S3_PRIVATE_BUCKET=${{ secrets.AWS_S3_PRIVATE_BUCKET }}" >> .env | |
| echo "AWS_ACCESS_KEY=${{ secrets.AWS_ACCESS_KEY }}" >> .env | |
| echo "AWS_SECRET_KEY=${{ secrets.AWS_SECRET_KEY }}" >> .env | |
| echo "AWS_KMS_KEY_ID=${{ secrets.AWS_KMS_KEY_ID }}" >> .env | |
| echo "NOTIFICATION_MAX_RETRY=${{ secrets.NOTIFICATION_MAX_RETRY }}" >> .env | |
| echo "TOSS_PAYMENT_SECRET_KEY=${{ secrets.TOSS_PAYMENT_SECRET_KEY }}" >> .env | |
| echo "SENTRY_DSN=${{ secrets.SENTRY_DSN }}" >> .env | |
| echo "SENTRY_AUTH_TOKEN=${{ secrets.SENTRY_AUTH_TOKEN }}" >> .env | |
| echo "${{ secrets.DOCKERHUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin | |
| docker compose down -v | |
| docker images -q ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.PROJECT_NAME }}-batch:latest | grep -q . && docker rmi ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.PROJECT_NAME }}-batch:latest | |
| docker compose up -d | |
| deploy-admin: | |
| needs: detect_changes | |
| if: | | |
| github.event_name == 'workflow_dispatch' && github.event.inputs.module == 'admin' || | |
| needs.detect_changes.outputs.admin_changed == 'true' || | |
| needs.detect_changes.outputs.storage_changed == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'corretto' | |
| - name: Cache Gradle packages | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| - name: Build admin module | |
| run: ./gradlew :admin:clean :admin:build | |
| env: | |
| DB_URL: ${{ secrets.MYSQL_URL }} | |
| DB_USERNAME: ${{ secrets.MYSQL_USERNAME }} | |
| DB_PASSWORD: ${{ secrets.MYSQL_PASSWORD }} | |
| JWT_SECRET: ${{ secrets.JWT_SECRET }} | |
| JWT_ACCESS_EXPIRATION: ${{ secrets.JWT_ACCESS_EXPIRATION }} | |
| JWT_REFRESH_EXPIRATION: ${{ secrets.JWT_REFRESH_EXPIRATION }} | |
| JWT_ISSUER: ${{ secrets.JWT_ISSUER }} | |
| KAKAO_CLIENT_ID: ${{ secrets.KAKAO_CLIENT_ID }} | |
| KAKAO_REDIRECT_URI: ${{ secrets.KAKAO_REDIRECT_URI }} | |
| - name: Build admin Docker image | |
| working-directory: ./admin | |
| run: docker build -t ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.PROJECT_NAME }}-admin:latest . | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| - name: Push admin Docker image | |
| run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.PROJECT_NAME }}-admin:latest | |
| - name: SSH and pull Docker image on EC2 | |
| uses: appleboy/ssh-action@v0.1.5 | |
| with: | |
| host: ${{ secrets.DEV_EC2_ADMIN_HOST }} | |
| username: ${{ secrets.DEV_EC2_ADMIN_USERNAME }} | |
| key: ${{ secrets.DEV_EC2_SSH_KEY }} | |
| port: 22 | |
| script: | | |
| cd /home/ubuntu/workspace | |
| rm .env | |
| touch .env | |
| echo "PROJECT_NAME=${{ secrets.PROJECT_NAME }}" >> .env | |
| echo "MYSQL_DATABASE=${{ secrets.PROJECT_NAME }}" >> .env | |
| echo "MYSQL_USER=${{ secrets.MYSQL_USERNAME }}" >> .env | |
| echo "MYSQL_PASSWORD=${{ secrets.MYSQL_PASSWORD }}" >> .env | |
| echo "SPRING_DATASOURCE_URL=${{ secrets.MYSQL_URL }}" >> .env | |
| echo "SPRING_DATASOURCE_USERNAME=${{ secrets.MYSQL_USERNAME }}" >> .env | |
| echo "SPRING_DATASOURCE_PASSWORD=${{ secrets.MYSQL_PASSWORD }}" >> .env | |
| echo "TEST_ENV_VAR=${{ secrets.TEST_ENV_VAR }}" >> .env | |
| echo "DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }}" >> .env | |
| echo "JWT_SECRET=${{ secrets.JWT_SECRET }}" >> .env | |
| echo "JWT_ACCESS_EXPIRATION=${{ secrets.JWT_ACCESS_EXPIRATION }}" >> .env | |
| echo "JWT_REFRESH_EXPIRATION=${{ secrets.JWT_REFRESH_EXPIRATION }}" >> .env | |
| echo "JWT_ISSUER=${{ secrets.JWT_ISSUER }}" >> .env | |
| echo "KAKAO_CLIENT_ID=${{ secrets.KAKAO_CLIENT_ID }}" >> .env | |
| echo "KAKAO_REDIRECT_URI=${{ secrets.KAKAO_REDIRECT_URI }}" >> .env | |
| echo "${{ secrets.DOCKERHUB_PASSWORD }}" | docker login -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin | |
| docker compose down -v | |
| docker images -q ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.PROJECT_NAME }}-admin:latest | grep -q . && docker rmi ${{ secrets.DOCKERHUB_USERNAME }}/${{ secrets.PROJECT_NAME }}-admin:latest | |
| docker compose up -d |