# Template: Deploy on merge to develop# Copy to: .github/workflows/develop-deploy.yml## Triggers on push to develop branch (after PR merge)# Flow: build -> test -> artifact (ECR) -> deploy -> delete branch -> release PR# Image tag: commit SHA (7 chars)## Required secrets:# AWS / ECR:# - AWS_ACCESS_KEY_ID: AWS access key# - AWS_SECRET_ACCESS_KEY: AWS secret key# - AWS_REGION: AWS region (e.g., us-east-1)# - AWS_ECR_URL: ECR registry URL## EC2 (deploy_target: ec2 or ec2-vpn):# - AWS_EC2_HOST: Server IP or hostname# - AWS_EC2_USER: SSH username (e.g., ubuntu)# - AWS_EC2_SSH_KEY: SSH private key (PEM)# - AWS_APP_PORT: External port for the application## WireGuard (deploy_target: ec2-vpn only):# - WG_PRIVATE_KEY, WG_ADDRESS, WG_PEER_PUBLIC_KEY, WG_PEER_ALLOWED_IPS, WG_PEER_ENDPOINT# - WG_DNS (optional)## Notifications (notify_on_failure / notify_on_deploy / notify_on_release):# - SLACK_WEBHOOK_URL: Slack incoming webhook URL## Optional:# - SONAR_HOST_URL / SONAR_TOKEN: SonarQube# - NVD_API_KEY: OWASP Dependency Check
name: Deploy to Develop
on: push: branches: - develop
permissions: contents: write id-token: write checks: write pull-requests: write
jobs: pipeline: if: ${{ !contains(github.event.head_commit.message, '[skip ci]') }} uses: <org>/ci-templates/.github/workflows/java-main-pipeline.yml@v1 with: run_build: true # Validation already done upstream (feature branch + PR gate) — develop only builds + deploys. run_test: false run_coverage: false run_code_analysis: false run_owasp: false run_architecture: false run_artifact: true artifact_registry: 'ecr' run_deploy: true deploy_target: 'ec2-vpn' environment: 'develop' run_cleanup: true run_release: true release_target_branch: 'main' notify_on_failure: true notify_on_deploy: true notify_on_release: true # Mount TLS material/keystore from host into the container (read-only). # Place files at /opt/docker/<repo>/certs/ on the EC2 host before deploy. # Pair with container_env_vars (set in the pipeline) to point Spring Boot at them. # extra_volumes: | # - ./certs:/etc/ssl/app:ro secrets: inherit Java (Spring Boot)· Consumer template ·on: push
Java Develop Deploy
Template: Deploy on merge to develop Copy to: .github/workflows/develop-deploy.yml Triggers on push to develop branch (after PR merge) Flow: build -> test -> artifact (ECR) -> deploy -> delete branch
templates/java-develop-deploy.yml