.github/workflows/cicd.yml

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle

name: CICD Pipeline

on:
  push:
    branches: [ "master" ]

env:
  AWS_REGION: ap-northeast-2
  ECR_REPOSITORY: morandi-backend
  ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }}
  EC2_BASTION_HOST: ${{ secrets.EC2_BASTION_HOST }}
  EC2_BACKEND_HOST: ${{ secrets.EC2_BACKEND_HOST }} # EC2 인스턴스의 Private IP
  GITHUB_SHA: ${{ github.sha }}

permissions:
  contents: read

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v3

      # Gradle 빌드를 추가합니다.
      - name: Set up JDK 11
        uses: actions/setup-java@v2
        with:
          distribution: 'adopt'
          java-version: '11'

      # GitHub Secret에서 application-prod.yml 내용을 불러와 파일로 저장
      - name: Create application-prod.yml from GitHub Secret
        run: echo "${{ secrets.APPLICATION_YML }}" > src/main/resources/application.yml


      - name: Build with Gradle
        run: ./gradlew clean bootJar -x test

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ env.AWS_REGION }}
          mask-aws-account-id: true # AWS 계정 ID를 마스킹하여 보안 강화

      - name: Login to Public ECR
        run: aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/s7z8j0e6

      - name: Build Docker Image
        run: docker build -t morandi-backend .

      - name: Tag Docker Image
        run: docker tag morandi-backend:latest ${{ env.ECR_REGISTRY }}:latest

      - name: Push Docker Image to ECR
        run: docker push ${{ env.ECR_REGISTRY }}:latest

      - name: appleboy SSH and Deploy to EC2
        uses: appleboy/ssh-action@master # ssh 접속하는 오픈소스
        with:
          host: ${{ env.EC2_BASTION_HOST }}
          debug: true
          username: ubuntu
          key: ${{ secrets.SSH_SECRET_ACCESS_KEY }}
          port: 22
          envs: EC2_BACKEND_HOST,GITHUB_SHA,ECR_REGISTRY
          script: |
#            export EC2_BACKEND_HOST=${{env.EC2_BACKEND_HOST}} # EC2 인스턴스의 Private IP
#            export TAG=${{env.GITHUB_SHA}}
#            export ECR_REGISTRY=${{env.ECR_REGISTRY}}
            
            # 첫 번째 SSH 접속으로 터널을 생성
            ssh -i ~/.ssh/swm-nm-morandi.pem -f -N -L 8080:$EC2_BACKEND_HOST:22 ubuntu@$EC2_BACKEND_HOST
            
            # SSH 터널이 완전히 열릴 시간을 주기 위해 대기
            sleep 5
            
            # 원격 서버에서 도커 관련 작업 수행
            ssh -p 8080 -i ~/.ssh/swm-nm-morandi.pem ubuntu@localhost << ENDSSH
              
              cd /home/ubuntu/morandi-backend
              docker-compose down
              docker pull $ECR_REGISTRY:latest
              docker-compose up -d
            ENDSSH
            
            # SSH 터널을 종료
            kill $(lsof -t -i:8080)


#            export EC2_BACKEND_HOST=${{env.EC2_BACKEND_HOST}} # EC2 인스턴스의 Private IP
#
#            ssh -i ~/.ssh/swm-nm-morandi.pem ubuntu@$EC2_BACKEND_HOST & SSH_TUNNEL_PID=$!
#            if [ -z "$SSH_TUNNEL_PID" ]; then
#              echo "SSH Tunnel failed to start. Exiting."
#              exit 1
#            fi
#
#
#
#            echo "SSH Tunnel PID: $SSH_TUNNEL_PID"
#            # SSH 터널이 완전히 열릴 시간을 주기 위해 5초 대기
#            sleep 5
#
#            export TAG=${{env.GITHUB_SHA}}
#            export ECR_REGISTRY=${{env.ECR_REGISTRY}}
#            cd /home/ubuntu/morandi-backend
#
#            docker-compose down
#
#            # ECR에서 이미지 가져오기
#
#            docker pull $ECR_REGISTRY:latest
#
#            docker-compose up -d
#
#            if [ -e /proc/$SSH_TUNNEL_PID ]; then
#              kill $SSH_TUNNEL_PID
#            else
#              echo "SSH Tunnel process does not exist. Something went wrong."
#              exit 1
#            fi