fix:backcicd.yaml 환경변수 수정2 #31
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Backend CI/CD Pipeline | |
| on: | |
| push: | |
| branches: | |
| - 48-Develop브랜치-푸시시-CI/CD-구현 | |
| jobs: | |
| build_and_deploy: | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| module: [auth, member, payment, resume] | |
| include: | |
| - module: auth | |
| instance_tags: | | |
| [ | |
| {"Name":"tag:Name","Values":["Gitfolio BE1"]}, | |
| {"Name":"tag:Environment","Values":["dev"]}, | |
| {"Name":"tag:Type","Values":["ec2"]} | |
| ] | |
| - module: member | |
| instance_tags: | | |
| [ | |
| {"Name":"tag:Name","Values":["Gitfolio BE1"]}, | |
| {"Name":"tag:Environment","Values":["dev"]}, | |
| {"Name":"tag:Type","Values":["ec2"]} | |
| ] | |
| - module: payment | |
| instance_tags: | | |
| [ | |
| {"Name":"tag:Name","Values":["Gitfolio BE2"]}, | |
| {"Name":"tag:Environment","Values":["dev"]}, | |
| {"Name":"tag:Type","Values":["ec2"]} | |
| ] | |
| - module: resume | |
| instance_tags: | | |
| [ | |
| {"Name":"tag:Name","Values":["Gitfolio BE2"]}, | |
| {"Name":"tag:Environment","Values":["dev"]}, | |
| {"Name":"tag:Type","Values":["ec2"]} | |
| ] | |
| steps: | |
| # 1단계: 코드 체크아웃 | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| # 2단계: AWS 자격 증명 구성 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ap-northeast-2 | |
| # 3단계: Docker Hub에 로그인 | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| # 4단계: Docker 이미지 빌드 | |
| - name: Build the Docker image | |
| run: | | |
| docker build \ | |
| --build-arg ACCESS_TOKEN_EXPIRY=${{ secrets.ACCESS_TOKEN_EXPIRY }} \ | |
| --build-arg REFRESH_TOKEN_EXPIRY=${{ secrets.REFRESH_TOKEN_EXPIRY }} \ | |
| --build-arg JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }} \ | |
| --build-arg GH_CLIENT_ID=${{ secrets.GH_CLIENT_ID }} \ | |
| --build-arg GH_CLIENT_SECRET=${{ secrets.GH_CLIENT_SECRET }} \ | |
| --build-arg GH_REDIRECT_URI=${{ secrets.GH_REDIRECT_URI }} \ | |
| --build-arg AUTH_REDIS_HOST=${{ secrets.AUTH_REDIS_HOST }} \ | |
| --build-arg AUTH_REDIS_PORT=${{ secrets.AUTH_REDIS_PORT }} \ | |
| --build-arg AUTH_SERVER_PORT=${{ secrets.AUTH_SERVER_PORT }} \ | |
| --build-arg MEMBER_SERVER_PORT=${{ secrets.MEMBER_SERVER_PORT }} \ | |
| --build-arg MEMBER_SERVER_URL=${{ secrets.MEMBER_SERVER_URL }} \ | |
| --build-arg PAYMENT_SERVER_PORT=${{ secrets.PAYMENT_SERVER_PORT }} \ | |
| --build-arg PAYMENT_SERVER_URL=${{ secrets.PAYMENT_SERVER_URL }} \ | |
| --build-arg RESUME_SERVER_PORT=${{ secrets.RESUME_SERVER_PORT }} \ | |
| --build-arg REDIRECT_MAIN_URL=${{ secrets.REDIRECT_MAIN_URL }} \ | |
| --build-arg REDIRECT_ONBOARDING_URL=${{ secrets.REDIRECT_ONBOARDING_URL }} \ | |
| -f ./gitfolio-${{ matrix.module }}/Dockerfile \ | |
| -t aida0/gitfolio_${{ matrix.module }}:test \ | |
| ./gitfolio-${{ matrix.module }} | |
| # 5단계: Docker 이미지 푸시 | |
| - name: Push the Docker image | |
| run: | | |
| docker push aida0/gitfolio_${{ matrix.module }}:test | |
| # 6단계: EC2 인스턴스 ID 가져오기 | |
| - name: Get EC2 Instance IDs | |
| id: get_instances | |
| run: | | |
| INSTANCE_IDS=$(aws ec2 describe-instances \ | |
| --region ap-northeast-2 \ | |
| --filters '${{ matrix.instance_tags }}' \ | |
| --query 'Reservations[].Instances[].InstanceId' \ | |
| --output text) | |
| echo "INSTANCE_IDS=$INSTANCE_IDS" | |
| echo "instance_ids=$INSTANCE_IDS" >> $GITHUB_OUTPUT | |
| # 7단계: AWS SSM을 통해 EC2 인스턴스에 배포 | |
| - name: Deploy to EC2 instances | |
| id: deploy | |
| run: | | |
| if [ -z "${{ steps.get_instances.outputs.instance_ids }}" ]; then | |
| echo "No instance IDs found for module ${{ matrix.module }}. Exiting." | |
| exit 1 | |
| fi | |
| # 환경 변수를 JSON 형식으로 준비 | |
| ENV_VARS=$(jq -n \ | |
| --arg ACCESS_TOKEN_EXPIRY "${{ secrets.ACCESS_TOKEN_EXPIRY }}" \ | |
| --arg REFRESH_TOKEN_EXPIRY "${{ secrets.REFRESH_TOKEN_EXPIRY }}" \ | |
| --arg JWT_SECRET_KEY "${{ secrets.JWT_SECRET_KEY }}" \ | |
| --arg GH_CLIENT_ID "${{ secrets.GH_CLIENT_ID }}" \ | |
| --arg GH_CLIENT_SECRET "${{ secrets.GH_CLIENT_SECRET }}" \ | |
| --arg GH_REDIRECT_URI "${{ secrets.GH_REDIRECT_URI }}" \ | |
| --arg AUTH_REDIS_HOST "${{ secrets.AUTH_REDIS_HOST }}" \ | |
| --arg AUTH_REDIS_PORT "${{ secrets.AUTH_REDIS_PORT }}" \ | |
| --arg AUTH_SERVER_PORT "${{ secrets.AUTH_SERVER_PORT }}" \ | |
| --arg MEMBER_SERVER_PORT "${{ secrets.MEMBER_SERVER_PORT }}" \ | |
| --arg MEMBER_SERVER_URL "${{ secrets.MEMBER_SERVER_URL }}" \ | |
| --arg PAYMENT_SERVER_PORT "${{ secrets.PAYMENT_SERVER_PORT }}" \ | |
| --arg PAYMENT_SERVER_URL "${{ secrets.PAYMENT_SERVER_URL }}" \ | |
| --arg RESUME_SERVER_PORT "${{ secrets.RESUME_SERVER_PORT }}" \ | |
| --arg REDIRECT_MAIN_URL "${{ secrets.REDIRECT_MAIN_URL }}" \ | |
| --arg REDIRECT_ONBOARDING_URL "${{ secrets.REDIRECT_ONBOARDING_URL }}" \ | |
| ' | |
| { | |
| ACCESS_TOKEN_EXPIRY: $ACCESS_TOKEN_EXPIRY, | |
| REFRESH_TOKEN_EXPIRY: $REFRESH_TOKEN_EXPIRY, | |
| JWT_SECRET_KEY: $JWT_SECRET_KEY, | |
| GH_CLIENT_ID: $GH_CLIENT_ID, | |
| GH_CLIENT_SECRET: $GH_CLIENT_SECRET, | |
| GH_REDIRECT_URI: $GH_REDIRECT_URI, | |
| AUTH_REDIS_HOST: $AUTH_REDIS_HOST, | |
| AUTH_REDIS_PORT: $AUTH_REDIS_PORT, | |
| AUTH_SERVER_PORT: $AUTH_SERVER_PORT, | |
| MEMBER_SERVER_PORT: $MEMBER_SERVER_PORT, | |
| MEMBER_SERVER_URL: $MEMBER_SERVER_URL, | |
| PAYMENT_SERVER_PORT: $PAYMENT_SERVER_PORT, | |
| PAYMENT_SERVER_URL: $PAYMENT_SERVER_URL, | |
| RESUME_SERVER_PORT: $RESUME_SERVER_PORT, | |
| REDIRECT_MAIN_URL: $REDIRECT_MAIN_URL, | |
| REDIRECT_ONBOARDING_URL: $REDIRECT_ONBOARDING_URL | |
| } | |
| ') | |
| # 환경 변수를 Base64로 인코딩 | |
| ENV_VARS_BASE64=$(echo "$ENV_VARS" | base64 -w 0) | |
| # AWS SSM 명령의 commands 파라미터를 JSON 문자열로 구성 | |
| COMMANDS_JSON='[ | |
| "sudo yum install -y jq", | |
| "echo \"$ENV_VARS_BASE64\" | base64 -d > /home/ec2-user/env_vars.json", | |
| "cd /home/ec2-user", | |
| "jq -r '\''to_entries|map(\\(.key)=\\(.value|tostring))|.[]'\'' env_vars.json > .env", | |
| "docker-compose down -v --rmi all", | |
| "docker-compose pull", | |
| "docker-compose up -d" | |
| ]' | |
| # AWS SSM 명령 실행 | |
| COMMAND_OUTPUT=$(aws ssm send-command \ | |
| --instance-ids "${{ steps.get_instances.outputs.instance_ids }}" \ | |
| --document-name "AWS-RunShellScript" \ | |
| --comment "Deploying ${{ matrix.module }} module" \ | |
| --parameters commands="$COMMANDS_JSON" \ | |
| --timeout-seconds 600 \ | |
| --region ap-northeast-2) | |
| echo "COMMAND_OUTPUT=$COMMAND_OUTPUT" | |
| COMMAND_ID=$(echo "$COMMAND_OUTPUT" | jq -r '.Command.CommandId') | |
| echo "COMMAND_ID=$COMMAND_ID" | |
| echo "command_id=$COMMAND_ID" >> $GITHUB_OUTPUT | |
| # 8단계: 명령 실행 완료 대기 | |
| - name: Wait for command to complete | |
| run: | | |
| aws ssm wait command-executed \ | |
| --command-id ${{ steps.deploy.outputs.command_id }} \ | |
| --instance-id ${{ steps.get_instances.outputs.instance_ids }} \ | |
| --region ap-northeast-2 | |
| # 9단계: 명령 결과 확인 (선택 사항) | |
| - name: Get command result | |
| run: | | |
| aws ssm get-command-invocation \ | |
| --command-id ${{ steps.deploy.outputs.command_id }} \ | |
| --instance-id ${{ steps.get_instances.outputs.instance_ids }} \ | |
| --region ap-northeast-2 |