#96 CodeGuru 호출 부분 추가

AWS-Cloud-School-6 · Nov 11, 2024 · 739ad5e · 739ad5e
1 parent e51361e
commit 739ad5e
Showing 1 changed file with 32 additions and 124 deletions.
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
@@ -3,8 +3,8 @@ name: Build and Push Docker Image to Docker Hub
 
 on:
   push:
-#    paths-ignore:
-#      - ".github/workflows/**"
+    #    paths-ignore:
+    #      - ".github/workflows/**"
 
     branches:
       - main
@@ -32,51 +32,47 @@ jobs:
       - name: Grant execute permission for gradlew
         run: chmod +x gradlew
 
-      # 4. Gradle로 빌드
+      # 4. AWS 자격 증명 구성 (도쿄 리전) - CodeGuru
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.INFRA_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.INFRA_SECRET_ACCESS_KEY }}
+          aws-region: ap-northeast-1
+
+      # 5. CodeGuru 보안 분석 실행
+      - name: Run CodeGuru Security
+        uses: aws-actions/codeguru-security@v1
+        with:
+          source_path: .
+          aws_region: ap-northeast-1
+
+      # 6. AWS 자격 증명 재구성 (서울 리전) - ECR
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.INFRA_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.INFRA_SECRET_ACCESS_KEY }}
+          aws-region: ap-northeast-2
+
+      # 7. Gradle로 빌드
       - name: Build with Gradle
         env:
           AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
           AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
         run: ./gradlew clean bootJar
 
-      # # x. Docker image version 관리
-      # - name: Get latest version
-      #   id: get_version
-      #   run: |
-      #     LATEST_TAG=$(curl -s https://hub.docker.com/v2/repositories/${{ secrets.DOCKERHUB_USERNAME }}/aiwa_spring/tags/?page_size=1000 | jq -r '.results[].name' | grep -E '^v[0-9]+$' | sort -V | tail -n1)
-      #     if [ -z "$LATEST_TAG" ]; then
-      #       echo "::set-output name=version::v1"
-      #     else
-      #       NEW_VERSION=$((${LATEST_TAG#v} + 1))
-      #       echo "::set-output name=version::v$NEW_VERSION"
-      #     fi
-
-      # 5. 이미지 태그 생성 (날짜-시간 형식으로 변경)
+      # 8. 이미지 태그 생성 (날짜-시간 형식으로 변경)
       - name: Generate image tag
         id: get_version
         run: echo "::set-output name=version::$(date +'%Y%m%d-%H%M%S')"
 
-      # 6. AWS 자격 증명 구성
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v1
-        with:
-          aws-access-key-id: ${{ secrets.INFRA_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.INFRA_SECRET_ACCESS_KEY }}
-          aws-region: ap-northeast-2
-
-      # 7. AWS ECR login
+      # 9. AWS ECR login
       - name: Login to Amazon ECR
         id: login-ecr
         uses: aws-actions/amazon-ecr-login@v1
 
-      # # x. Docker Hub에 로그인 (공식 로그인 액션 사용)
-      # - name: Log in to Docker Hub
-      #   uses: docker/login-action@v3
-      #   with:
-      #     username: ${{ secrets.DOCKERHUB_USERNAME }}
-      #     password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      # 8. Docker 이미지를 빌드
+      # 10. Docker 이미지를 빌드
       - name: Build the Docker image
         env:
           ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
@@ -92,13 +88,7 @@ jobs:
             -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG \
             -t $ECR_REGISTRY/$ECR_REPOSITORY:latest .
 
-      # # x. Docker Hub에 푸시
-      # - name: Push Docker image to Docker Hub
-      #   run: |
-      #     docker push "${{ secrets.DOCKERHUB_USERNAME }}/aiwa_spring:${{ steps.get_version.outputs.version }}"
-      #     docker push "${{ secrets.DOCKERHUB_USERNAME }}/aiwa_spring:latest"
-
-      # 9. AWS ECR에 푸시
+      # 11. AWS ECR에 푸시
       - name: Push Docker image to Amazon ECR
         env:
           ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
@@ -108,15 +98,15 @@ jobs:
           docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
           docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest
 
-      # 10. Helm 차트 저장소 체크아웃
+      # 12. Helm 차트 저장소 체크아웃
       - name: Checkout Helm chart repository
         uses: actions/checkout@v4
         with:
           repository: AWS-Cloud-School-6/AIWA-MCP-Helm # Helm 차트 저장소 URL로 변경하세요
           path: AIWA-MCP-Helm
           token: ${{ secrets.PAT_AIWA_APP_TOKEN }} # 개인 액세스 토큰이 필요할 수 있습니다
 
-      # 11. Helm 차트 업데이트
+      # 13. Helm 차트 업데이트
       - name: Update Helm chart
         run: |
           cd AIWA-MCP-Helm/aiwa-app
@@ -136,85 +126,3 @@ jobs:
           fi
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-
-  # cd-deploy:
-  #   runs-on: ubuntu-latest
-  #   needs: ci-build
-
-  #   steps:
-  #     # 9-1. AWS CLI 구성
-  #     - name: Configure AWS credentials
-  #       uses: aws-actions/configure-aws-credentials@v1
-  #       with:
-  #         aws-access-key-id: ${{ secrets.INFRA_ACCESS_KEY_ID }}
-  #         aws-secret-access-key: ${{ secrets.INFRA_SECRET_ACCESS_KEY }}
-  #         aws-region: ap-northeast-2
-
-  #     # 9-2. AWS CLI 구성 확인
-  #     - name: Verify AWS CLI configuration
-  #       run: aws sts get-caller-identity
-
-  #     # 10-1. kubeconfig 업데이트
-  #     - name: Update kubeconfig
-  #       run: aws eks update-kubeconfig --name my-cluster --region ap-northeast-2
-
-  #     # 10-2. AWS CLI 구성 확인
-  #     - name: Verify kubcectl configuration
-  #       run: kubectl get node
-
-  #     # 11. Helm 차트 저장소 체크아웃
-  #     - name: Checkout Helm chart repository
-  #       uses: actions/checkout@v4
-  #       with:
-  #         repository: AWS-Cloud-School-6/AIWA-MCP-Helm # Helm 차트 저장소 URL로 변경하세요
-  #         path: AIWA-MCP-Helm
-  #         token: ${{ secrets.PAT_AIWA_APP_TOKEN }} # 개인 액세스 토큰이 필요할 수 있습니다
-
-  #     # # 13. Helm 차트 업데이트
-  #     # - name: Update Helm chart
-  #     #   run: |
-  #     #     cd helm-chart/aiwa-app
-  #     #     sed -i 's|tag: .*|tag: "${{ steps.get_version.outputs.version }}"|' values.yaml
-  #     #     git config user.name github-actions
-  #     #     git config user.email [email protected]
-  #     #     git add .
-  #     #     git commit -m "Update image tag to ${{ steps.get_version.outputs.version }}"
-  #     #     git push
-  #     # 12. Helm 차트 업데이트
-  #     - name: Update Helm chart
-  #       run: |
-  #         cd AIWA-MCP-Helm/aiwa-app
-  #         if [ ! -f values.yaml ]; then
-  #           echo "Error: values.yaml not found in $(pwd)"
-  #           exit 1
-  #         fi
-  #         sed -i 's|tag: .*|tag: "${{ needs.ci-build.outputs.image_tag }}"|' values.yaml
-  #         git config user.name "github-actions[bot]"
-  #         git config user.email "41898282+github-actions[bot]@users.noreply.github.com"
-  #         git add values.yaml
-  #         if git diff --staged --quiet; then
-  #           echo "No changes to commit in values.yaml"
-  #         else
-  #           git commit -m "Update image tag to ${{ needs.ci-build.outputs.image_tag }}"
-  #           git push || { echo "Failed to push changes"; exit 1; }
-  #         fi
-  #       env:
-  #         GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
-  #       # continue-on-error: true
-
-  #     # # 13. Helm을 사용하여 EKS에 배포
-  #     # - name: Deploy to EKS using Helm
-  #     #   run: |
-  #     #     helm upgrade --install aiwa-app ./helm-repo/aiwa-app \
-  #     #       --namespace aiwa-app \
-  #     #       --create-namespace \
-  #     #       --set image.tag=${{ needs.ci-build.outputs.image_tag }}
-
-  #     # 13. Helm을 사용하여 EKS에 배포
-  #     - name: Deploy to EKS using Helm
-  #       run: |
-  #         helm upgrade --install aiwa-app ./AIWA-MCP-Helm/aiwa-app \
-  # a
-  #           --namespace default \
-  #           --create-namespace \
-  #           --set image.tag=${{ needs.ci-build.outputs.image_tag }}