Saltar al contenido
mypipelines
Pipelines Actions Gradle Buscar
Java (Spring Boot)· Consumer template ·on: push

Java Develop Deploy

Template: Deploy on merge to develop Copy to: .github/workflows/develop-deploy.yml Triggers on push to develop branch (after PR merge) Flow: build -> test -> artifact (ECR) -> deploy -> delete branch

templates/java-develop-deploy.yml

templates/java-develop-deploy.yml
# Template: Deploy on merge to develop
# Copy to: .github/workflows/develop-deploy.yml
#
# Triggers on push to develop branch (after PR merge)
# Flow: build -> test -> artifact (ECR) -> deploy -> delete branch -> release PR
# Image tag: commit SHA (7 chars)
#
# Required secrets:
# AWS / ECR:
# - AWS_ACCESS_KEY_ID: AWS access key
# - AWS_SECRET_ACCESS_KEY: AWS secret key
# - AWS_REGION: AWS region (e.g., us-east-1)
# - AWS_ECR_URL: ECR registry URL
#
# EC2 (deploy_target: ec2 or ec2-vpn):
# - AWS_EC2_HOST: Server IP or hostname
# - AWS_EC2_USER: SSH username (e.g., ubuntu)
# - AWS_EC2_SSH_KEY: SSH private key (PEM)
# - AWS_APP_PORT: External port for the application
#
# WireGuard (deploy_target: ec2-vpn only):
# - WG_PRIVATE_KEY, WG_ADDRESS, WG_PEER_PUBLIC_KEY, WG_PEER_ALLOWED_IPS, WG_PEER_ENDPOINT
# - WG_DNS (optional)
#
# Notifications (notify_on_failure / notify_on_deploy / notify_on_release):
# - SLACK_WEBHOOK_URL: Slack incoming webhook URL
#
# Optional:
# - SONAR_HOST_URL / SONAR_TOKEN: SonarQube
# - NVD_API_KEY: OWASP Dependency Check
name: Deploy to Develop
on:
push:
branches:
- develop
permissions:
contents: write
id-token: write
checks: write
pull-requests: write
jobs:
pipeline:
if: ${{ !contains(github.event.head_commit.message, '[skip ci]') }}
uses: <org>/ci-templates/.github/workflows/java-main-pipeline.yml@v1
with:
run_build: true
# Validation already done upstream (feature branch + PR gate) — develop only builds + deploys.
run_test: false
run_coverage: false
run_code_analysis: false
run_owasp: false
run_architecture: false
run_artifact: true
artifact_registry: 'ecr'
run_deploy: true
deploy_target: 'ec2-vpn'
environment: 'develop'
run_cleanup: true
run_release: true
release_target_branch: 'main'
notify_on_failure: true
notify_on_deploy: true
notify_on_release: true
# Mount TLS material/keystore from host into the container (read-only).
# Place files at /opt/docker/<repo>/certs/ on the EC2 host before deploy.
# Pair with container_env_vars (set in the pipeline) to point Spring Boot at them.
# extra_volumes: |
# - ./certs:/etc/ssl/app:ro
secrets: inherit