Merge pull request #63 from Move-Log/develop #25
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Amazon EC2 with Docker | |
| on: | |
| push: | |
| branches: | |
| - main | |
| env: | |
| AWS_REGION: ap-northeast-2 | |
| ECR_REPOSITORY: movelog-server | |
| DOCKER_IMAGE_NAME: latest | |
| permissions: | |
| contents: read | |
| jobs: | |
| deploy: | |
| name: Docker Deploy | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| # 소스 코드 체크아웃 | |
| - name: Checkout source code | |
| uses: actions/checkout@v4 | |
| # JDK 17 설정 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: 'temurin' | |
| java-version: '17' | |
| # Gradle 캐싱 | |
| - name: Gradle Caching | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| # Gradle 빌드 (테스트 제외) | |
| - name: Build with Gradle | |
| run: ./gradlew clean build -x test | |
| # 설정 파일 생성 | |
| - name: Create configuration files | |
| run: | | |
| mkdir -p ./src/main/resources/chatgpt | |
| echo "${{ secrets.APPLICATION_CHATGPT_YML }}" | base64 --decode > ./src/main/resources/chatgpt/application-chatgpt.yml | |
| mkdir -p ./src/main/resources/database | |
| echo "${{ secrets.APPLICATION_DATABASE_YML }}" | base64 --decode > ./src/main/resources/database/application-database.yml | |
| mkdir -p ./src/main/resources/oauth2 | |
| echo "${{ secrets.APPLICATION_OAUTH2_YML }}" | base64 --decode > ./src/main/resources/oauth2/application-oauth2.yml | |
| mkdir -p ./src/main/resources/s3 | |
| echo "${{ secrets.APPLICATION_S3_YML }}" | base64 --decode > ./src/main/resources/s3/application-s3.yml | |
| mkdir -p ./src/main/resources/webclient | |
| echo "${{ secrets.APPLICATION_WEBCLIENT_YML }}" | base64 --decode > ./src/main/resources/webclient/application-webclient.yml | |
| # Docker 이미지 빌드 | |
| - name: Build Docker image | |
| run: | | |
| docker build -t ${{ env.DOCKER_IMAGE_NAME }} . | |
| # AWS 인증 (IAM 사용자 Access Key, Secret Key 활용) | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| # AWS ECR에 로그인 | |
| - name: Log in to Amazon ECR | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| # Docker 이미지를 ECR로 푸시 | |
| - name: Push Docker image to ECR | |
| run: | | |
| REPOSITORY_URI=$(aws ecr describe-repositories --repository-names ${{ env.ECR_REPOSITORY }} --query "repositories[0].repositoryUri" --output text) | |
| docker tag ${{ env.DOCKER_IMAGE_NAME }} $REPOSITORY_URI:${{ github.sha }} | |
| docker push $REPOSITORY_URI:${{ github.sha }} | |
| # SSH 키 추가 | |
| - name: Add SSH key | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "${{ secrets.EC2_PRIVATE_KEY }}" > ~/.ssh/id_rsa | |
| chmod 600 ~/.ssh/id_rsa | |
| ssh-keyscan -H ${{ secrets.EC2_PUBLIC_IP }} >> ~/.ssh/known_hosts | |
| # 디버깅: SSH 키 파일 확인 | |
| - name: Debug SSH key setup | |
| run: | | |
| ls -l ~/.ssh | |
| cat ~/.ssh/id_rsa | |
| # EC2에서 컨테이너 실행 | |
| - name: Deploy Docker container on EC2 | |
| run: | | |
| ssh -o StrictHostKeyChecking=no -T -i ~/.ssh/id_rsa ubuntu@${{ secrets.EC2_PUBLIC_IP }} << 'EOF' | |
| aws ecr get-login-password --region ${{ env.AWS_REGION }} | sudo docker login --username AWS --password-stdin $(aws ecr describe-repositories --repository-names ${{ env.ECR_REPOSITORY }} --query "repositories[0].repositoryUri" --output text) | |
| if sudo lsof -i:8080; then | |
| echo "Port 8080 is in use. Stopping process..." | |
| sudo kill -9 $(sudo lsof -t -i:8080) || true | |
| else | |
| echo "Port 8080 is free." | |
| fi | |
| sudo docker pull $(aws ecr describe-repositories --repository-names ${{ env.ECR_REPOSITORY }} --query "repositories[0].repositoryUri" --output text):${{ github.sha }} | |
| sudo docker stop ${{ env.DOCKER_IMAGE_NAME }} || true | |
| sudo docker rm ${{ env.DOCKER_IMAGE_NAME }} || true | |
| sudo docker run -d -p 8080:8080 --name ${{ env.DOCKER_IMAGE_NAME }} $(aws ecr describe-repositories --repository-names ${{ env.ECR_REPOSITORY }} --query "repositories[0].repositoryUri" --output text):${{ github.sha }} | |
| EOF | |