Skip to content

Commit

Permalink
chore: prod workflow 작성 (#108)
Browse files Browse the repository at this point in the history
  • Loading branch information
@char-yb
char-yb authored Aug 11, 2024
1 parent 373c891 commit 7d63db6
Show file tree
Hide file tree
Showing 2 changed files with 82 additions and 99 deletions.
21 changes: 9 additions & 12 deletions .github/workflows/develop-build-deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -107,17 +107,14 @@ jobs:
docker exec -d nginx nginx -s reload
docker image prune -a -f
# Slack 알림
- name: Send Deploy Result to Slack
uses: rtCamp/action-slack-notify@v2
## Slack
- name: Slack Alarm
uses: 8398a7/action-slack@v3
with:
status: ${{ job.status }}
author_name: GitHub-Actions CI/CD
fields: repo,message,commit,author,ref,job,took
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_USERNAME: 왈왈봇
SLACK_COLOR: ${{ job.status == 'success' && 'good' || 'danger' }}
SLACK_TITLE: "Deploy Summary - Develop"
SLACK_MESSAGE: |
- image tag: `${{ steps.metadata.outputs.tags }}`
- build scan report: ${{ steps.gradle.outputs.build-scan-url }}
- deploy status: ${{ job.status }}
- deploy time: ${{ steps.current-time.outputs.time }}
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} # required
if: always() # Pick up events even if the job fails or is canceled.

160 changes: 73 additions & 87 deletions .github/workflows/production-build-deploy.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -5,9 +5,12 @@ on:
tags:
- v*.*.*

permissions:
id-token: write
contents: read

env:
DOCKERHUB_IMAGE_NAME: walwal-server
DOCKERHUB_IMAGE_FULL_NAME: ${{ secrets.DOCKERHUB_USERNAME }}/walwal-server

jobs:
build-deploy:
Expand All @@ -18,34 +21,44 @@ jobs:
java-version: [ 17 ]
distribution: [ 'temurin' ]
steps:
# 기본 체크아웃
# 체크아웃
- name: Checkout
uses: actions/checkout@v3
uses: actions/checkout@v4

# Docker 이미지 태그 세팅
- name: Set up image-tag by GITHUB_SHA
id: image-tag
run: echo "value=$(cut -d'v' -f2 <<< ${GITHUB_REF#refs/*/})" >> $GITHUB_OUTPUT

# JDK를 17 버전으로 세팅
# JDK 17 버전으로 세팅
- name: Set up JDK 17
uses: actions/setup-java@v3
uses: actions/setup-java@v4
with:
java-version: ${{ matrix.java-version }}
distribution: ${{ matrix.distribution }}

# test 활용 목적의 container 실행
- name: Start test docker container
run: docker compose -f ./docker-compose-test.yaml up -d

# Gradlew 실행 허용
- name: Run chmod to make gradlew executable
run: chmod +x ./gradlew

# Redis 컨테이너 실행
- name: Start containers
run: docker-compose -f ./docker-compose-test.yaml up -d

# Gradle 빌드
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v3
with:
cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/develop' }} # feature 브랜치는 캐시를 읽기 전용으로 설정
cache-encryption-key: ${{ secrets.GRADLE_CACHE_ENCRYPTION_KEY }}
add-job-summary-as-pr-comment: always
build-scan-publish: true
build-scan-terms-of-use-url: "https://gradle.com/help/legal-terms-of-use"
build-scan-terms-of-use-agree: "yes"

- name: Build with Gradle
id: gradle
uses: gradle/gradle-build-action@v2
with:
arguments: |
build
--scan
cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/develop' }}
run: ./gradlew build --configuration-cache

# Dockerhub 로그인
- name: Login to Dockerhub
Expand All @@ -58,6 +71,8 @@ jobs:
- name: Extract Docker metadata
id: metadata
uses: docker/[email protected]
env:
DOCKERHUB_IMAGE_FULL_NAME: ${{ secrets.DOCKERHUB_USERNAME }}/${{ env.DOCKERHUB_IMAGE_NAME }}
with:
images: ${{ env.DOCKERHUB_IMAGE_FULL_NAME }}
tags: |
Expand All @@ -73,86 +88,57 @@ jobs:
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

# Docker 이미지 빌드 및 도커허브로 푸시
# 이미지 빌드 및 Dockerhub에 푸시
- name: Docker Build and Push
uses: docker/build-push-action@v5
with:
context: .
platforms: linux/arm64
push: true
tags: ${{ steps.metadata.outputs.tags }}

# SSH 키 파일 생성
- name: Create SSH key file
run: echo "${{ secrets.EC2_PRIVATE_KEY }}" > private_key.pem

# SSH 키 파일 권한 변경
- name: Set SSH key permissions
run: chmod 600 private_key.pem

# Ensure the .ssh directory exists
- name: Ensure .ssh directory exists
run: mkdir -p ~/.ssh

# Add EC2 host key to known_hosts
- name: Add EC2 host key to known_hosts
run: ssh-keyscan -H ${{ secrets.EC2_HOST }} >> ~/.ssh/known_hosts

# 서버로 docker-compose 파일 전송
- name: Copy docker-compose file to EC2
run: |
rsync -avzr --delete -e "ssh -i private_key.pem" docker-compose.yaml ${{ secrets.EC2_USERNAME }}@${{ secrets.EC2_HOST }}:/home/ec2-user/
ssh -i private_key.pem ${{ secrets.EC2_USERNAME }}@${{ secrets.EC2_HOST }} "sudo mv /home/ec2-user/docker-compose.yaml /root/"
- name: Copy default.conf to EC2
run: |
rsync -avzr --delete -e "ssh -i private_key.pem" ./nginx ${{ secrets.EC2_USERNAME }}@${{ secrets.EC2_HOST }}:/home/ec2-user/
ssh -i private_key.pem ${{ secrets.EC2_USERNAME }}@${{ secrets.EC2_HOST }} "sudo mv /home/ec2-user/nginx /root/"
- name: Current Time
uses: gerred/[email protected]
id: current-time

- name: Replace string
uses: frabert/[email protected]
id: format-time
tags: ${{ secrets.DOCKERHUB_USERNAME }}/walwal-server:${{ steps.image-tag.outputs.value }}

# AWS 로그인
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
pattern: '[:\.]+'
string: "${{ steps.current-time.outputs.time }}"
replace-with: '-'
flags: 'g'
role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
aws-region: ap-northeast-2
output-config: true

# 복사 경로 환경변수 설정
- name: Set up S3 copy path
env:
S3_DEPLOY_BUCKET_NAME: ${{ secrets.S3_DEPLOY_BUCKET_NAME }}
run: echo "S3_COPY_PATH=$(echo s3://${S3_DEPLOY_BUCKET_NAME}/walwal-prod/docker-compose.yaml)" >> $GITHUB_ENV

- name: Prepare deployment package
run: |
zip -r deployment-package.zip docker-compose.yaml nginx/default.conf
# S3로 docker-compose 파일 전송
- name: Copy docker-compose file to S3
run: aws s3 cp docker-compose.yaml ${{ env.S3_COPY_PATH }}

- name: Beanstalk Deploy
uses: einaregilsson/beanstalk-deploy@v22
- name: Deploy to EC2 Server
uses: appleboy/ssh-action@master
env:
DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }}
IMAGE_FULL_URL: ${{ steps.metadata.outputs.tags }}
with:
host: ${{ secrets.EC2_HOST }}
username: ${{ secrets.EC2_USERNAME }}
key: ${{ secrets.EC2_PRIVATE_KEY }}
envs: IMAGE_FULL_URL # docker-compose.yaml 에서 사용할 환경 변수
script: |
aws s3 cp ${{ env.S3_COPY_PATH }} docker-compose.yaml
echo "${{ secrets.DOCKERHUB_TOKEN }}" | docker login -u "${{ secrets.DOCKERHUB_USERNAME }}" --password-stdin
docker pull ${{ env.IMAGE_FULL_URL }}
docker compose up -d
docker image prune -a -f
## Slack
- name: Slack Alarm
uses: 8398a7/action-slack@v3
with:
aws_access_key: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws_secret_key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
existing_bucket_name: "walwal-server-prod-deployment"
application_name: "walwal-prod"
environment_name: "Walwal-prod-env"
version_label: "walwal-prod-${{ github.run_id }}-${{ steps.format-time.outputs.replaced }}"
region: ap-northeast-2
deployment_package: deployment-package.zip
wait_for_environment_recovery: 180

# Slack 알림
- name: Send Deploy Result to Slack
uses: rtCamp/action-slack-notify@v2
status: ${{ job.status }}
author_name: GitHub-Actions CI/CD
fields: repo,message,commit,author,ref,job,took
env:
SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK_URL }}
SLACK_USERNAME: 왈왈봇
SLACK_COLOR: ${{ job.status == 'success' && 'good' || 'danger' }}
SLACK_TITLE: "Deploy Summary - Production"
SLACK_MESSAGE: |
- image tag: `${{ steps.metadata.outputs.tags }}`
- build scan report: ${{ steps.gradle.outputs.build-scan-url }}
- deploy status: ${{ job.status }}
- deploy time: ${{ steps.current-time.outputs.time }}
# SSH 키 파일 삭제
- name: Delete SSH key file
run: rm private_key.pem
SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} # required
if: always() # Pick up events even if the job fails or is canceled.

0 comments on commit 7d63db6

Please sign in to comment.