ci: workflow 수정 #36
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| paths-ignore: | |
| - 'README.md' | |
| - 'src/test/**' | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout sources | |
| uses: actions/checkout@v6.0.1 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v5.2.0 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| cache: 'gradle' | |
| - name: Setup Gradle | |
| uses: gradle/gradle-build-action@v3.5.0 | |
| - name: Grant execute permission for gradlew | |
| run: chmod +x gradlew | |
| - name: Build with Gradle | |
| run: ./gradlew clean build -x test | |
| - name: Get GitHub Actions IP | |
| id: ip | |
| run: echo "ip=$(curl -s https://checkip.amazonaws.com)" >> $GITHUB_OUTPUT | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v5.1.1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} | |
| aws-region: ap-northeast-2 | |
| - name: Add GitHub IP to Security Group | |
| run: | | |
| aws ec2 authorize-security-group-ingress \ | |
| --group-id ${{ secrets.AWS_SG_ID }} \ | |
| --protocol tcp \ | |
| --port 22 \ | |
| --cidr ${{ steps.ip.outputs.ip }}/32 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3.7.0 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3.12.0 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3.7.0 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build and Push Docker Image | |
| uses: docker/build-push-action@v6.18.0 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ secrets.DOCKERHUB_USERNAME }}/inchelin:latest | |
| platforms: linux/arm64 | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Copy Docker Compose to EC2 | |
| uses: appleboy/scp-action@v1.0.0 | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ${{ secrets.EC2_USERNAME }} | |
| key: ${{ secrets.EC2_SSH_KEY }} | |
| source: docker-compose.yml | |
| target: ${{ secrets.EC2_DEPLOY_PATH }} | |
| - name: Deploy to EC2 | |
| uses: appleboy/ssh-action@v1.2.5 | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ${{ secrets.EC2_USERNAME }} | |
| key: ${{ secrets.EC2_SSH_KEY }} | |
| script: | | |
| cd ${{ secrets.EC2_DEPLOY_PATH }} | |
| cat <<EOF > .env | |
| MARIADB_ROOT_PASSWORD='${{ secrets.MARIADB_ROOT_PASSWORD }}' | |
| MARIADB_DATABASE='${{ secrets.MARIADB_DATABASE }}' | |
| DB_URL='${{ secrets.DB_URL }}' | |
| DB_USERNAME='${{ secrets.DB_USERNAME }}' | |
| DB_PASSWORD='${{ secrets.DB_PASSWORD }}' | |
| AWS_ACCESS_KEY='${{ secrets.AWS_ACCESS_KEY }}' | |
| AWS_SECRET_KEY='${{ secrets.AWS_SECRET_KEY }}' | |
| S3_BUCKET_NAME='${{ secrets.S3_BUCKET_NAME }}' | |
| CONTEXT_PATH='${{ secrets.CONTEXT_PATH }}' | |
| DOCKERHUB_USERNAME='${{ secrets.DOCKERHUB_USERNAME }}' | |
| EOF | |
| docker-compose pull | |
| docker-compose up -d | |
| docker exec nginx nginx -s reload || true | |
| echo "Starting health check on /actuator/health..." | |
| sleep 10 | |
| MAX_RETRIES=5 | |
| COUNT=0 | |
| SUCCESS=false | |
| while [ $COUNT -lt $MAX_RETRIES ]; do | |
| COUNT=$((COUNT+1)) | |
| STATUS_CODE=$(curl -s -k -o /dev/null -w "%{http_code}" https://localhost${{ secrets.CONTEXT_PATH }}/actuator/health) | |
| if [ "$STATUS_CODE" -eq 200 ]; then | |
| echo "Health check successful!" | |
| SUCCESS=true | |
| break | |
| fi | |
| echo "Health check failed (Status: $STATUS_CODE). Retrying in 10 seconds... ($COUNT/$MAX_RETRIES)" | |
| sleep 10 | |
| done | |
| if [ "$SUCCESS" = false ]; then | |
| echo "Health check failed after $MAX_RETRIES attempts." | |
| exit 1 | |
| fi | |
| docker image prune -f | |
| - name: Remove GitHub IP from Security Group | |
| if: always() # 배포가 실패하더라도 IP는 반드시 제거해야 하므로 always() 사용 | |
| run: | | |
| aws ec2 revoke-security-group-ingress \ | |
| --group-id ${{ secrets.AWS_SG_ID }} \ | |
| --protocol tcp \ | |
| --port 22 \ | |
| --cidr ${{ steps.ip.outputs.ip }}/32 |