-
Notifications
You must be signed in to change notification settings - Fork 1
193 lines (179 loc) · 8.28 KB
/
backcicd.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
name: Backend CI/CD Pipeline
on:
push:
branches:
- 48-Develop브랜치-푸시시-CI/CD-구현
jobs:
build_and_deploy:
runs-on: ubuntu-latest
strategy:
matrix:
module: [auth, member, payment, resume]
include:
- module: auth
instance_tags: |
[
{"Name":"tag:Name","Values":["Gitfolio BE1"]},
{"Name":"tag:Environment","Values":["dev"]},
{"Name":"tag:Type","Values":["ec2"]}
]
- module: member
instance_tags: |
[
{"Name":"tag:Name","Values":["Gitfolio BE1"]},
{"Name":"tag:Environment","Values":["dev"]},
{"Name":"tag:Type","Values":["ec2"]}
]
- module: payment
instance_tags: |
[
{"Name":"tag:Name","Values":["Gitfolio BE2"]},
{"Name":"tag:Environment","Values":["dev"]},
{"Name":"tag:Type","Values":["ec2"]}
]
- module: resume
instance_tags: |
[
{"Name":"tag:Name","Values":["Gitfolio BE2"]},
{"Name":"tag:Environment","Values":["dev"]},
{"Name":"tag:Type","Values":["ec2"]}
]
steps:
# 1단계: 코드 체크아웃
- name: Checkout code
uses: actions/checkout@v3
# 2단계: AWS 자격 증명 구성
- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v2
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2
# 3단계: Docker Hub에 로그인
- name: Log in to Docker Hub
uses: docker/login-action@v2
with:
username: ${{ secrets.DOCKERHUB_USERNAME }}
password: ${{ secrets.DOCKERHUB_PASSWORD }}
# 4단계: Docker 이미지 빌드
- name: Build the Docker image
run: |
docker build \
--build-arg ACCESS_TOKEN_EXPIRY=${{ secrets.ACCESS_TOKEN_EXPIRY }} \
--build-arg REFRESH_TOKEN_EXPIRY=${{ secrets.REFRESH_TOKEN_EXPIRY }} \
--build-arg JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }} \
--build-arg GH_CLIENT_ID=${{ secrets.GH_CLIENT_ID }} \
--build-arg GH_CLIENT_SECRET=${{ secrets.GH_CLIENT_SECRET }} \
--build-arg GH_REDIRECT_URI=${{ secrets.GH_REDIRECT_URI }} \
--build-arg AUTH_REDIS_HOST=${{ secrets.AUTH_REDIS_HOST }} \
--build-arg AUTH_REDIS_PORT=${{ secrets.AUTH_REDIS_PORT }} \
--build-arg AUTH_SERVER_PORT=${{ secrets.AUTH_SERVER_PORT }} \
--build-arg MEMBER_SERVER_PORT=${{ secrets.MEMBER_SERVER_PORT }} \
--build-arg MEMBER_SERVER_URL=${{ secrets.MEMBER_SERVER_URL }} \
--build-arg PAYMENT_SERVER_PORT=${{ secrets.PAYMENT_SERVER_PORT }} \
--build-arg PAYMENT_SERVER_URL=${{ secrets.PAYMENT_SERVER_URL }} \
--build-arg RESUME_SERVER_PORT=${{ secrets.RESUME_SERVER_PORT }} \
--build-arg REDIRECT_MAIN_URL=${{ secrets.REDIRECT_MAIN_URL }} \
--build-arg REDIRECT_ONBOARDING_URL=${{ secrets.REDIRECT_ONBOARDING_URL }} \
-f ./gitfolio-${{ matrix.module }}/Dockerfile \
-t aida0/gitfolio_${{ matrix.module }}:test \
./gitfolio-${{ matrix.module }}
# 5단계: Docker 이미지 푸시
- name: Push the Docker image
run: |
docker push aida0/gitfolio_${{ matrix.module }}:test
# 6단계: EC2 인스턴스 ID 가져오기
- name: Get EC2 Instance IDs
id: get_instances
run: |
INSTANCE_IDS=$(aws ec2 describe-instances \
--region ap-northeast-2 \
--filters '${{ matrix.instance_tags }}' \
--query 'Reservations[].Instances[].InstanceId' \
--output text)
echo "INSTANCE_IDS=$INSTANCE_IDS"
echo "instance_ids=$INSTANCE_IDS" >> $GITHUB_OUTPUT
# 7단계: AWS SSM을 통해 EC2 인스턴스에 배포
- name: Deploy to EC2 instances
id: deploy
run: |
if [ -z "${{ steps.get_instances.outputs.instance_ids }}" ]; then
echo "No instance IDs found for module ${{ matrix.module }}. Exiting."
exit 1
fi
# 환경 변수를 JSON 형식으로 준비
ENV_VARS=$(jq -n \
--arg ACCESS_TOKEN_EXPIRY "${{ secrets.ACCESS_TOKEN_EXPIRY }}" \
--arg REFRESH_TOKEN_EXPIRY "${{ secrets.REFRESH_TOKEN_EXPIRY }}" \
--arg JWT_SECRET_KEY "${{ secrets.JWT_SECRET_KEY }}" \
--arg GH_CLIENT_ID "${{ secrets.GH_CLIENT_ID }}" \
--arg GH_CLIENT_SECRET "${{ secrets.GH_CLIENT_SECRET }}" \
--arg GH_REDIRECT_URI "${{ secrets.GH_REDIRECT_URI }}" \
--arg AUTH_REDIS_HOST "${{ secrets.AUTH_REDIS_HOST }}" \
--arg AUTH_REDIS_PORT "${{ secrets.AUTH_REDIS_PORT }}" \
--arg AUTH_SERVER_PORT "${{ secrets.AUTH_SERVER_PORT }}" \
--arg MEMBER_SERVER_PORT "${{ secrets.MEMBER_SERVER_PORT }}" \
--arg MEMBER_SERVER_URL "${{ secrets.MEMBER_SERVER_URL }}" \
--arg PAYMENT_SERVER_PORT "${{ secrets.PAYMENT_SERVER_PORT }}" \
--arg PAYMENT_SERVER_URL "${{ secrets.PAYMENT_SERVER_URL }}" \
--arg RESUME_SERVER_PORT "${{ secrets.RESUME_SERVER_PORT }}" \
--arg REDIRECT_MAIN_URL "${{ secrets.REDIRECT_MAIN_URL }}" \
--arg REDIRECT_ONBOARDING_URL "${{ secrets.REDIRECT_ONBOARDING_URL }}" \
'
{
ACCESS_TOKEN_EXPIRY: $ACCESS_TOKEN_EXPIRY,
REFRESH_TOKEN_EXPIRY: $REFRESH_TOKEN_EXPIRY,
JWT_SECRET_KEY: $JWT_SECRET_KEY,
GH_CLIENT_ID: $GH_CLIENT_ID,
GH_CLIENT_SECRET: $GH_CLIENT_SECRET,
GH_REDIRECT_URI: $GH_REDIRECT_URI,
AUTH_REDIS_HOST: $AUTH_REDIS_HOST,
AUTH_REDIS_PORT: $AUTH_REDIS_PORT,
AUTH_SERVER_PORT: $AUTH_SERVER_PORT,
MEMBER_SERVER_PORT: $MEMBER_SERVER_PORT,
MEMBER_SERVER_URL: $MEMBER_SERVER_URL,
PAYMENT_SERVER_PORT: $PAYMENT_SERVER_PORT,
PAYMENT_SERVER_URL: $PAYMENT_SERVER_URL,
RESUME_SERVER_PORT: $RESUME_SERVER_PORT,
REDIRECT_MAIN_URL: $REDIRECT_MAIN_URL,
REDIRECT_ONBOARDING_URL: $REDIRECT_ONBOARDING_URL
}
')
# 환경 변수를 Base64로 인코딩
ENV_VARS_BASE64=$(echo "$ENV_VARS" | base64 -w 0)
# AWS SSM 명령의 commands 파라미터를 JSON 문자열로 구성
COMMANDS_JSON='[
"sudo yum install -y jq",
"echo \"$ENV_VARS_BASE64\" | base64 -d > /home/ec2-user/env_vars.json",
"cd /home/ec2-user",
"jq -r '\''to_entries|map(\\(.key)=\\(.value|tostring))|.[]'\'' env_vars.json > .env",
"docker-compose down -v --rmi all",
"docker-compose pull",
"docker-compose up -d"
]'
# AWS SSM 명령 실행
COMMAND_OUTPUT=$(aws ssm send-command \
--instance-ids "${{ steps.get_instances.outputs.instance_ids }}" \
--document-name "AWS-RunShellScript" \
--comment "Deploying ${{ matrix.module }} module" \
--parameters commands="$COMMANDS_JSON" \
--timeout-seconds 600 \
--region ap-northeast-2)
echo "COMMAND_OUTPUT=$COMMAND_OUTPUT"
COMMAND_ID=$(echo "$COMMAND_OUTPUT" | jq -r '.Command.CommandId')
echo "COMMAND_ID=$COMMAND_ID"
echo "command_id=$COMMAND_ID" >> $GITHUB_OUTPUT
# 8단계: 명령 실행 완료 대기
- name: Wait for command to complete
run: |
aws ssm wait command-executed \
--command-id ${{ steps.deploy.outputs.command_id }} \
--instance-id ${{ steps.get_instances.outputs.instance_ids }} \
--region ap-northeast-2
# 9단계: 명령 결과 확인 (선택 사항)
- name: Get command result
run: |
aws ssm get-command-invocation \
--command-id ${{ steps.deploy.outputs.command_id }} \
--instance-id ${{ steps.get_instances.outputs.instance_ids }} \
--region ap-northeast-2