Merge pull request #152 from jooyong-boo/develop #77
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Amazon ECR | |
| on: | |
| push: | |
| branches: ['main'] | |
| env: | |
| ECR_REPOSITORY: devlog | |
| IMAGE_TAG: ${{ github.sha }} | |
| URL: ${{ secrets.URL }} | |
| OAUTH_GITHUB_ID: ${{ secrets.OAUTH_GITHUB_ID }} | |
| OAUTH_GITHUB_SECRET: ${{ secrets.OAUTH_GITHUB_SECRET }} | |
| GOOGLE_ID: ${{ secrets.GOOGLE_ID }} | |
| GOOGLE_SECRET: ${{ secrets.GOOGLE_SECRET }} | |
| AUTH_SECRET: ${{ secrets.AUTH_SECRET }} | |
| AUTH_URL: ${{ secrets.AUTH_URL }} | |
| DATABASE_URL: ${{ secrets.DATABASE_URL }} | |
| AWS_REGION: ${{ secrets.AWS_REGION }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }} | |
| jobs: | |
| deploy: | |
| name: Deploy | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Get GitHub Actions IP | |
| id: ip | |
| uses: haythem/[email protected] | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Clean up old images | |
| run: | | |
| # 최신 5개 이미지 태그를 제외한 모든 이미지 목록 가져오기 | |
| IMAGES_TO_DELETE=$(aws ecr list-images --repository-name $ECR_REPOSITORY --query 'imageIds[?type(imageTag)!=`null`]' --output json | jq -r '[.[] | select(.imageTag != "${{ github.sha }}")][:(-5)] | map({imageTag: .imageTag}) | tostring') | |
| # 삭제할 이미지가 있다면 삭제 실행 | |
| if [ "$IMAGES_TO_DELETE" != "[]" ]; then | |
| echo "Deleting old images: $IMAGES_TO_DELETE" | |
| aws ecr batch-delete-image --repository-name $ECR_REPOSITORY --image-ids "$IMAGES_TO_DELETE" || echo "Failed to delete some images" | |
| else | |
| echo "No old images to delete" | |
| fi | |
| - name: Build, tag, and push image to Amazon ECR | |
| id: build-image | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| run: | | |
| docker build \ | |
| --build-arg URL="${{ secrets.URL }}" \ | |
| --build-arg OAUTH_GITHUB_ID="${{ secrets.OAUTH_GITHUB_ID }}" \ | |
| --build-arg OAUTH_GITHUB_SECRET="${{ secrets.OAUTH_GITHUB_SECRET }}" \ | |
| --build-arg GOOGLE_ID="${{ secrets.GOOGLE_ID }}" \ | |
| --build-arg GOOGLE_SECRET="${{ secrets.GOOGLE_SECRET }}" \ | |
| --build-arg AUTH_SECRET="${{ secrets.AUTH_SECRET }}" \ | |
| --build-arg AUTH_URL="${{ secrets.AUTH_URL }}" \ | |
| --build-arg DATABASE_URL="${{ secrets.DATABASE_URL }}" \ | |
| --build-arg AWS_S3_BUCKET="${{ secrets.AWS_S3_BUCKET }}" \ | |
| --build-arg AWS_REGION="${{ secrets.AWS_REGION }}" \ | |
| --build-arg AWS_ACCESS_KEY_ID="${{ secrets.AWS_ACCESS_KEY_ID }}" \ | |
| --build-arg AWS_SECRET_ACCESS_KEY="${{ secrets.AWS_SECRET_ACCESS_KEY }}" \ | |
| -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| echo "image=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT | |
| - name: Get GitHub Actions IP ranges | |
| id: ip_ranges | |
| run: | | |
| ACTIONS_RANGES=$(curl -s https://api.github.com/meta | jq -r '.actions | join(",")') | |
| echo "ranges=$ACTIONS_RANGES" >> $GITHUB_OUTPUT | |
| - name: Update EC2 security group | |
| run: | | |
| aws ec2 authorize-security-group-ingress \ | |
| --group-id ${{ secrets.EC2_SECURITY_GROUP_ID }} \ | |
| --protocol tcp \ | |
| --port 22 \ | |
| --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
| - name: Setup SSH key | |
| env: | |
| PRIVATE_KEY: ${{ secrets.EC2_SSH_PRIVATE_KEY }} | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "$PRIVATE_KEY" > ~/.ssh/id_rsa | |
| chmod 600 ~/.ssh/id_rsa | |
| ssh-keyscan -H ${{ secrets.EC2_HOST }} >> ~/.ssh/known_hosts | |
| - name: Deploy to EC2 | |
| env: | |
| HOST: ${{ secrets.EC2_HOST }} | |
| USER: ubuntu | |
| run: | | |
| ssh -o StrictHostKeyChecking=no -i ~/.ssh/id_rsa ${USER}@${HOST} << EOF | |
| sudo aws ecr get-login-password --region ${{ env.AWS_REGION }} | sudo docker login --username AWS --password-stdin ${{ steps.login-ecr.outputs.registry }} | |
| # 시스템 정리 | |
| sudo docker system prune -af --volumes | |
| sudo apt-get autoremove --purge -y | |
| sudo docker pull ${{ steps.build-image.outputs.image }} | |
| sudo docker stop devlog || true | |
| sudo docker rm devlog || true | |
| # 애플리케이션 컨테이너 실행 | |
| sudo docker run -d --name devlog -p 3000:3000 ${{ steps.build-image.outputs.image }} | |
| # Nginx 설정이 올바른지 확인 | |
| sudo nginx -t | |
| # Nginx 설정이 올바르다면 Nginx 재시작 | |
| if [ $? -eq 0 ]; then | |
| sudo systemctl restart nginx | |
| else | |
| echo "Nginx configuration test failed. Please check your Nginx configuration." | |
| exit 1 | |
| fi | |
| EOF |