-
Notifications
You must be signed in to change notification settings - Fork 3
118 lines (107 loc) · 4.32 KB
/
Copy pathdeploy.yml
File metadata and controls
118 lines (107 loc) · 4.32 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
name: Deploy (auth-api)
# ---------------------------------------------------------------------------
# EC2 원격 경로 (아래 deploy job 의 env.PROJECT_ROOT 만 수정)
# PROJECT_ROOT … 배포 기준 루트.
# 환경변수 파일은 항상 {PROJECT_ROOT}/env/ 아래 (이름 고정: env)
# 배포는 EC2의 PROJECT_ROOT 에서 docker compose (서비스명: auth-api, V2 기준)
# ---------------------------------------------------------------------------
on:
push:
branches:
- main
- dev
# 문서·README만 변경된 경우 이미지 빌드/EC2 배포 불필요
paths-ignore:
- "README.md"
- "docs/**"
# 수동 실행을 가능하게 하는 설정
workflow_dispatch:
inputs:
environment:
description: '배포 환경 선택'
required: true
default: 'dev'
type: choice
options:
- dev
- prod
reason:
description: '배포 사유를 입력하세요'
required: false
type: string
jobs:
deploy:
runs-on: ubuntu-latest
environment: ${{ github.ref == 'refs/heads/main' && 'production' || 'alpha' }}
env:
PROJECT_ROOT: '~/apps'
SPRING_APP_NAME: 'auth-api'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Set image tag and Spring profile
run: |
if [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
echo "IMAGE_TAG=prod" >> $GITHUB_ENV
echo "SPRING_PROFILE=prod" >> $GITHUB_ENV
else
echo "IMAGE_TAG=alpha" >> $GITHUB_ENV
echo "SPRING_PROFILE=alpha" >> $GITHUB_ENV
fi
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_TOKEN }}
- name: Build and push
uses: docker/build-push-action@v6
with:
context: .
push: true
secrets: |
"GITHUB_TOKEN=${{ secrets.GIT_TOKEN }}"
build-args: |
GITHUB_ACTOR=${{ github.actor }}
tags: |
${{ secrets.DOCKERHUB_USERNAME }}/auth-server:${{ env.IMAGE_TAG }}
${{ secrets.DOCKERHUB_USERNAME }}/auth-server:${{ github.sha }}
- name: Setup SSH
run: |
set -euo pipefail
mkdir -p ~/.ssh
printf '%s' "${{ secrets.EC2_KEY }}" > /tmp/ec2_key_src
if [[ ! -s /tmp/ec2_key_src ]]; then
echo "::error::EC2_KEY secret is empty" >&2
exit 1
fi
if head -n 1 /tmp/ec2_key_src | grep -q '^[[:space:]]*-----BEGIN'; then
cp /tmp/ec2_key_src ~/.ssh/ec2_key.pem
else
tr -d '\n\r \t' < /tmp/ec2_key_src | base64 --decode > ~/.ssh/ec2_key.pem || {
echo "::error::EC2_KEY is not PEM and base64 decode failed" >&2
exit 1
}
fi
rm -f /tmp/ec2_key_src
chmod 600 ~/.ssh/ec2_key.pem
- name: Create env file and copy to EC2
run: |
printf '%s\n' "${{ secrets.AUTH_BE_ENV_FILE }}" > ${{ env.SPRING_APP_NAME }}.env
ssh -o StrictHostKeyChecking=no -i ~/.ssh/ec2_key.pem ${{ secrets.EC2_USER }}@${{ secrets.EC2_HOST }} 'mkdir -p ${{ env.PROJECT_ROOT }}/env'
scp -o StrictHostKeyChecking=no -i ~/.ssh/ec2_key.pem ${{ env.SPRING_APP_NAME }}.env ${{ secrets.EC2_USER }}@${{ secrets.EC2_HOST }}:${{ env.PROJECT_ROOT }}/env/${{ env.SPRING_APP_NAME }}.env
- name: Deploy to EC2
run: |
ssh -o StrictHostKeyChecking=no -i ~/.ssh/ec2_key.pem ${{ secrets.EC2_USER }}@${{ secrets.EC2_HOST }} '
set -e
export PATH="/usr/bin:/usr/local/bin:$PATH"
export DOCKERHUB_USERNAME="${{ secrets.DOCKERHUB_USERNAME }}"
export IMAGE_TAG="${{ env.IMAGE_TAG }}"
export SPRING_PROFILES_ACTIVE="${{ env.SPRING_PROFILE }}"
echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin
cd ${{ env.PROJECT_ROOT }}
docker compose stop ${{ env.SPRING_APP_NAME }} || true
docker compose rm -f ${{ env.SPRING_APP_NAME }} || true
docker compose pull ${{ env.SPRING_APP_NAME }}
docker compose up -d --no-deps --force-recreate ${{ env.SPRING_APP_NAME }}
docker logout
'