search

1. Create Github Actions workflow file

hashtag
Create .github/workflows/deploy.yml file

This is the final workflow file.

Save this to .github/workflows/deploy-mac.yml.

name: Our Company Lunch Auth Build & Deploy - Home server (Mac Mini)

on:
  workflow_dispatch:
  push:
    branches:
      - main
    paths-ignore:
      - 'README.md'
      - '.github/**'
      - 'doc/**'

env:
  APPLICATION_YML: ./src/main/resources/application.yml
  SPRING_PROFILE: mac

jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      id-token: write

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Setup Java JDK
        uses: actions/setup-java@v4
        with:
          distribution: 'corretto'
          java-version: '21'
          architecture: x64
          cache: 'gradle'

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-region: ap-northeast-2
          role-to-assume: ${{ secrets.AWS_ASSUME_ROLE_ARN }}
          role-duration-seconds: 1800

      - name: Download configuration files from S3
        run: |
          mkdir -p ./config
          aws s3 cp --region ap-northeast-2 s3://${{ vars.S3_BUCKET_NAME }}/application-${{ env.SPRING_PROFILE }}.yml ./src/main/resources/
          aws s3 cp --region ap-northeast-2 s3://${{ vars.S3_BUCKET_NAME }}/docker-compose.mac.yml ./docker-compose.mac.yml

      - name: Change spring profile to ${{ env.SPRING_PROFILE }}
        uses: microsoft/variable-substitution@v1
        with:
          files: ${{ env.APPLICATION_YML }}
        env:
          spring.profiles.active: ${{ env.SPRING_PROFILE }}

      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@v4
        with:
          cache-disabled: true # Use setup-java caching

      - name: Build with Gradle
        run: ./gradlew build

      - name: Archive to a zip file
        run: |
          pwd
          zip -r ./$GITHUB_SHA build/ scripts/ config/ metrics/ nginx/ ./docker-compose.mac.yml
        shell: bash

      - name: Upload to S3
        run: aws s3 cp --region ap-northeast-2 ./$GITHUB_SHA.zip s3://${{ vars.S3_BUCKET_NAME }}/$GITHUB_SHA.zip

      - name: Connect SSH and run jar
        uses: appleboy/[email protected]
        env:
          FILENAME: ${{ github.sha }}
        with:
          host: ${{ secrets.MAC_HOST }}
          username: ${{ secrets.MAC_USERNAME }}
          key: ${{ secrets.SSH_KEY }}
          port: ${{ secrets.SSH_PORT }}
          envs: FILENAME
          script: |
            export PATH="/usr/local/bin/:$PATH" # aws command path
            pwd 
            aws s3 cp --profile marcel-ourcompanylunch --region ap-northeast-2 s3://${{ vars.S3_BUCKET_NAME }}/$FILENAME.zip ./$FILENAME.zip
            unzip -o -q $FILENAME.zip -d ~/web/ourcompanylunchauth/
            cd ~/web/ourcompanylunchauth
            scripts/startup_in_mac.sh

certbot is for SSL(TLS) certificate. To get the SSL certificate, own domain name is necessary.

Home server Port forwarding should be configurable.

hashtag
When workflow applies

After push to main, I can see workflows in Github website Actions tab.

hashtag
Workflow overview

This workflow is used at my toy project. https://github.com/marcel1315/our-company-lunch-auth-server/arrow-up-right

This final workflow file explains most part of CI/CD flow.

  1. Triggered by manual button or push.

  2. In github provided builder(ubuntu-latest), setup java, gradle and aws credentials.

  3. Download project config files from S3.

  4. Build jar in ubuntu machine.

  5. Archive a build file and config and script files into an artifact.

  6. Upload the artifact to S3.

  7. Connect to home server using SSH.

  8. Home server download the artifact from S3 and unzip.

  9. The startup script will launch jar file.

PreviousCICD on Mac home server with Github Actions and certbot (SSL)Next2. Prepare S3 bucket

Last updated