-
Notifications
You must be signed in to change notification settings - Fork 1
184 lines (148 loc) · 5.69 KB
/
deploy.yml
File metadata and controls
184 lines (148 loc) · 5.69 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
name: Deploy
on:
push:
branches:
- main
- dev
env:
AWS_REGION: ap-northeast-2
ECR_REPOSITORY: ifu-server
jobs:
# ===========================================
# Staging: EC2에서 직접 빌드
# ===========================================
deploy-staging:
if: github.ref == 'refs/heads/dev'
runs-on: ubuntu-latest
steps:
- name: Setup SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.EC2_SSH_KEY }}" > ~/.ssh/ifu-keypair.pem
chmod 600 ~/.ssh/ifu-keypair.pem
- name: Build and Deploy on EC2
run: |
ssh -o StrictHostKeyChecking=no -i ~/.ssh/ifu-keypair.pem ec2-user@${{ secrets.STAGING_EC2_HOST }} << 'EOF'
set -e
cd /home/ec2-user
# SSM Parameter Store에서 GitHub PAT 가져오기
GH_PAT=$(aws ssm get-parameter --name "/ifu/github-pat" --with-decryption --query "Parameter.Value" --output text)
# Git clone 또는 pull
if [ ! -d "If-U-SERVER" ]; then
echo "Cloning repository..."
git clone "https://${GH_PAT}@github.com/If-U-Lab/If-U-SERVER.git"
cd If-U-SERVER
# URL에서 PAT 제거 (보안)
git remote set-url origin https://github.com/If-U-Lab/If-U-SERVER.git
else
cd If-U-SERVER
# pull 시에만 임시로 PAT 사용
git remote set-url origin "https://${GH_PAT}@github.com/If-U-Lab/If-U-SERVER.git"
fi
git fetch origin
git checkout dev
git reset --hard origin/dev
# PAT 제거 (보안)
git remote set-url origin https://github.com/If-U-Lab/If-U-SERVER.git
# 기존 컨테이너 강제 삭제 (stop + rm)
echo "Removing existing container..."
docker rm -f ifu-server 2>/dev/null || true
# Docker 이미지 빌드 (ARM64 네이티브)
echo "Building Docker image..."
docker build -t ifu-server:staging .
# 새 컨테이너 실행 (CloudWatch Logs 연동)
echo "Starting new container..."
docker run -d \
--name ifu-server \
--restart unless-stopped \
--log-driver=awslogs \
--log-opt awslogs-region=ap-northeast-2 \
--log-opt awslogs-group=/ifu/staging/application \
--log-opt awslogs-stream=ifu-server-staging-$(date +%Y%m%d-%H%M) \
-p 8080:8080 \
-e ENVIRONMENT=staging \
-e TZ=Asia/Seoul \
ifu-server:staging
# 이전 이미지 정리
docker image prune -f
echo "Deployment completed successfully!"
EOF
- name: Health check
run: |
echo "Waiting for application to start..."
sleep 30
HEALTH_URL="https://staging-api.if-u.site/actuator/health"
for i in {1..5}; do
response=$(curl -s -o /dev/null -w "%{http_code}" $HEALTH_URL || echo "000")
if [[ "$response" == "200" ]]; then
echo "Health check passed!"
exit 0
fi
echo "Attempt $i: Health check returned $response, retrying in 10s..."
sleep 10
done
echo "Health check failed after 5 attempts"
exit 1
# ===========================================
# Production: EC2 직접 빌드 (SCP 전송 방식)
# ===========================================
deploy-production:
if: github.ref == 'refs/heads/main'
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Setup SSH key
run: |
mkdir -p ~/.ssh
echo "${{ secrets.EC2_SSH_KEY }}" > ~/.ssh/ifu-keypair.pem
chmod 600 ~/.ssh/ifu-keypair.pem
- name: Package and transfer code
run: |
# 코드 압축 (.git 제외)
tar --exclude='.git' -czf /tmp/app.tar.gz .
# EC2로 전송
scp -o StrictHostKeyChecking=no -i ~/.ssh/ifu-keypair.pem \
/tmp/app.tar.gz ec2-user@${{ secrets.PROD_EC2_HOST }}:/home/ec2-user/
- name: Build and Deploy on EC2
run: |
ssh -o StrictHostKeyChecking=no -i ~/.ssh/ifu-keypair.pem ec2-user@${{ secrets.PROD_EC2_HOST }} << 'EOF'
set -e
cd /home/ec2-user
# 압축 해제
rm -rf app && mkdir -p app
tar -xzf app.tar.gz -C app
rm app.tar.gz
# 기존 컨테이너 강제 삭제
docker rm -f ifu-server 2>/dev/null || true
# Docker 이미지 빌드
cd app
docker build -t ifu-server:prod .
# 새 컨테이너 실행
docker run -d \
--name ifu-server \
--restart unless-stopped \
-p 8080:8080 \
-e ENVIRONMENT=prod \
-e TZ=Asia/Seoul \
ifu-server:prod
# 이전 이미지 정리
docker image prune -f
echo "Deployment completed successfully!"
EOF
- name: Health check
run: |
echo "Waiting for application to start..."
sleep 30
HEALTH_URL="https://api.if-u.site/actuator/health"
for i in {1..5}; do
response=$(curl -s -o /dev/null -w "%{http_code}" $HEALTH_URL || echo "000")
if [[ "$response" == "200" ]]; then
echo "Health check passed!"
exit 0
fi
echo "Attempt $i: Health check returned $response, retrying in 10s..."
sleep 10
done
echo "Health check failed after 5 attempts"
exit 1