Merge pull request #164 from SSambee/chore/casl #99
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to EC2 with Blue-Green | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - dev | |
| workflow_dispatch: | |
| env: | |
| REGISTRY: ghcr.io | |
| IMAGE_NAME: ${{ github.repository }} | |
| jobs: | |
| build-and-push: | |
| name: Build and Push Docker Image | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Log in to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Extract metadata for Docker | |
| id: meta | |
| uses: docker/metadata-action@v5 | |
| with: | |
| images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} | |
| tags: | | |
| type=raw,value=latest | |
| type=sha | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: true | |
| tags: ${{ steps.meta.outputs.tags }} | |
| labels: ${{ steps.meta.outputs.labels }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| platforms: linux/amd64 | |
| deploy: | |
| name: Deploy to EC2 | |
| needs: build-and-push | |
| runs-on: [self-hosted, Linux, X64] # EC2에 설치된 self-hosted runner 가 이 작업을 잡게 | |
| env: | |
| NODE_ENV: ${{ secrets.NODE_ENV }} | |
| PORT: ${{ secrets.PORT }} | |
| DATABASE_URL: ${{ secrets.DATABASE_URL }} | |
| MIGRATION_DATABASE_URL: ${{ secrets.MIGRATION_DATABASE_URL }} | |
| FRONT_URL: ${{ secrets.FRONT_URL }} | |
| BETTER_AUTH_SECRET: ${{ secrets.BETTER_AUTH_SECRET }} | |
| BETTER_AUTH_URL: ${{ secrets.BETTER_AUTH_URL }} | |
| SENTRY_DSN: ${{ secrets.SENTRY_DSN }} | |
| AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| AWS_REGION: ${{ secrets.AWS_REGION }} | |
| AWS_S3_BUCKET_DOCUMENTS: ${{ secrets.AWS_S3_BUCKET_DOCUMENTS }} | |
| AWS_S3_BUCKET_REPORTS: ${{ secrets.AWS_S3_BUCKET_REPORTS }} | |
| AWS_CLOUDFRONT_URL_DOCUMENTS: ${{ secrets.AWS_CLOUDFRONT_URL_DOCUMENTS }} | |
| AWS_CLOUDFRONT_URL_REPORTS: ${{ secrets.AWS_CLOUDFRONT_URL_REPORTS }} | |
| AWS_CLOUDFRONT_KEY_PAIR_ID: ${{ secrets.AWS_CLOUDFRONT_KEY_PAIR_ID }} | |
| AWS_CLOUDFRONT_PRIVATE_KEY: ${{ secrets.AWS_CLOUDFRONT_PRIVATE_KEY }} | |
| REDIS_URL: ${{ secrets.REDIS_URL }} | |
| ALARM_LAMBDA_URL: ${{ secrets.ALARM_LAMBDA_URL }} | |
| MONITOR_LAMBDA_URL: ${{ secrets.MONITOR_LAMBDA_URL }} | |
| DISCORD_WEBHOOK_URL: ${{ secrets.DISCORD_WEBHOOK_URL }} | |
| INTERNAL_INGEST_SECRET: ${{ secrets.INTERNAL_INGEST_SECRET }} | |
| SMTP_HOST: ${{ secrets.SMTP_HOST }} | |
| SMTP_PORT: ${{ secrets.SMTP_PORT }} | |
| SMTP_USER: ${{ secrets.SMTP_USER }} | |
| SMTP_PASS: ${{ secrets.SMTP_PASS }} | |
| SMTP_FROM: ${{ secrets.SMTP_FROM }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Create .env file | |
| run: | | |
| # 환경 변수 파일 생성 | |
| cat <<EOF > .env | |
| NODE_ENV=$NODE_ENV | |
| PORT=$PORT | |
| DATABASE_URL=$DATABASE_URL | |
| MIGRATION_DATABASE_URL=$MIGRATION_DATABASE_URL | |
| FRONT_URL=$FRONT_URL | |
| BETTER_AUTH_SECRET=$BETTER_AUTH_SECRET | |
| BETTER_AUTH_URL=$BETTER_AUTH_URL | |
| SENTRY_DSN=$SENTRY_DSN | |
| AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID | |
| AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY | |
| AWS_REGION=$AWS_REGION | |
| AWS_S3_BUCKET_DOCUMENTS=$AWS_S3_BUCKET_DOCUMENTS | |
| AWS_S3_BUCKET_REPORTS=$AWS_S3_BUCKET_REPORTS | |
| AWS_CLOUDFRONT_URL_DOCUMENTS=$AWS_CLOUDFRONT_URL_DOCUMENTS | |
| AWS_CLOUDFRONT_URL_REPORTS=$AWS_CLOUDFRONT_URL_REPORTS | |
| AWS_CLOUDFRONT_KEY_PAIR_ID=$AWS_CLOUDFRONT_KEY_PAIR_ID | |
| REDIS_URL=$REDIS_URL | |
| ALARM_LAMBDA_URL=$ALARM_LAMBDA_URL | |
| MONITOR_LAMBDA_URL=$MONITOR_LAMBDA_URL | |
| DISCORD_WEBHOOK_URL=$DISCORD_WEBHOOK_URL | |
| INTERNAL_INGEST_SECRET=$INTERNAL_INGEST_SECRET | |
| SMTP_HOST=$SMTP_HOST | |
| SMTP_PORT=$SMTP_PORT | |
| SMTP_USER=$SMTP_USER | |
| SMTP_PASS=$SMTP_PASS | |
| SMTP_FROM=$SMTP_FROM | |
| AWS_CLOUDFRONT_PRIVATE_KEY="$AWS_CLOUDFRONT_PRIVATE_KEY" | |
| EOF | |
| # 리포지토리 이름을 소문자로 변환 | |
| RAW_IMAGE_NAME="${{ github.repository }}" | |
| echo "GITHUB_REPOSITORY=${RAW_IMAGE_NAME,,}" >> .env | |
| chmod 600 .env | |
| # 생성된 .env와 필요한 소스들을(Sparse Checkout한것) 실행 위치로 복사한다. | |
| - name: Sync files to app directory | |
| run: | | |
| # 기존 app 폴더가 있다면 소유권을 먼저 확보 | |
| sudo chown -R ec2-user:ec2-user /home/ec2-user/app || true | |
| # 러너 워크스페이스의 내용을 /home/ec2-user/app으로 동기화 | |
| cp -r ./* /home/ec2-user/app/ | |
| # 복사 후 다시 한번 전체 소유권을 ec2-user로 강제하기! | |
| sudo chown -R ec2-user:ec2-user /home/ec2-user/app/ | |
| cp .env /home/ec2-user/app/ | |
| - name: Log in to GHCR | |
| run: | | |
| echo "${{ secrets.GHCR_PAT }}" | docker login ghcr.io -u ${{ secrets.GHCR_USERNAME }} --password-stdin | |
| - name: Execute Blue-Green Deployment | |
| run: | | |
| # 러너의 workspace 폴더에서 직접 실행 | |
| cd /home/ec2-user/app | |
| chmod +x deploy.sh | |
| ./deploy.sh | |
| - name: Clean up unused images | |
| if: always() | |
| run: docker image prune -af | |
| notify: | |
| name: Notify Deployment Status | |
| needs: [build-and-push, deploy] | |
| runs-on: ubuntu-latest | |
| if: always() | |
| steps: | |
| - name: Send notification | |
| run: | | |
| if [ "${{ needs.deploy.result }}" == "success" ]; then | |
| echo "배포 성공!" | |
| else | |
| echo "배포 실패!" | |
| fi |