fix: 배포 자동화 시 도커 이미지 Pull 실패 해결 (#prod) #51
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Deploy to PROD | |
on: | |
workflow_dispatch: | |
push: | |
branches: [ "prod" ] | |
jobs: | |
deploy: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Github Actions 호스트 IP 가져오기 | |
id: ip | |
uses: candidob/get-runner-ip@2e5406f1492227920ba96df909e648be5e8b8cb2 | |
- name: AWS 로그인 | |
uses: aws-actions/configure-aws-credentials@e3dd6a429d7300a6a4c196c26e071d42e0343502 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ${{ secrets.AWS_DEFAULT_REGION }} | |
- name: IP 허용 | |
run: | | |
aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SECURITY_GROUP_ID }} --protocol "tcp" --port "${{ secrets.EC2_PORT }}" --cidr "${{ steps.ip.outputs.ipv4 }}/32" | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} | |
- name: 저장소 Checkout | |
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 | |
- name: 자바 17 셋업 | |
uses: actions/setup-java@99b8673ff64fbf99d8d325f52d9a5bdedb8483e9 | |
with: | |
java-version: '17' | |
cache: 'gradle' | |
distribution: 'corretto' | |
- name: 설정 파일 추가 | |
run: | | |
cd ./src/main/resources/ | |
cat <<EOF > application-prod.yml | |
${{ secrets.APPLICATION_PROD_YML }} | |
EOF | |
cat <<EOF > application-oauth.yml | |
${{ secrets.APPLICATION_OAUTH_YML }} | |
EOF | |
cat <<EOF > application-storage.yml | |
${{ secrets.APPLICATION_STORAGE_YML }} | |
EOF | |
- name: 디렉터리 이동 | |
run: cd /home/runner/work/ListyWave-back/ListyWave-back/ | |
- name: Gradle 셋업, 빌드, 캐싱 | |
uses: burrunan/gradle-cache-action@3bf23b8dd95e7d2bacf2470132454fe893a178a1 | |
with: | |
arguments: bootJar | |
- name: 도커 이미지 빌드 | |
run: docker build -t ${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }} ./ | |
- name: 도커 허브에 로그인 | |
uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 | |
with: | |
username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
password: ${{ secrets.DOCKER_HUB_TOKEN }} | |
- name: 도커 허브에 Push | |
run: docker push ${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }} | |
- name: 인스턴스 접속 및 배포 스크립트 실행 | |
uses: appleboy/ssh-action@029f5b4aeeeb58fdfe1410a5d17f967dacf36262 | |
with: | |
host: ${{ secrets.PROD_EC2_HOST }} | |
username: ${{ secrets.EC2_USERNAME }} | |
key: ${{ secrets.PROD_EC2_PRIVATE_KEY }} | |
script: | | |
docker stop "${{ secrets.CONTAINER_NAME }}" | |
docker rm -f "${{ secrets.CONTAINER_NAME }}" | |
docker rmi "${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }}" | |
docker pull "${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }}" | |
docker run -d -p 8080:8080 -p ${{ secrets.METRIC_PORT }}:${{ secrets.METRIC_PORT }} --name "${{ secrets.CONTAINER_NAME }}" -e "SPRING_PROFILES_ACTIVE=prod,oauth,storage" "${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.IMAGE_NAME }}:${{ secrets.PROD_TAG }}" | |
- name: IP 제거 | |
if: ${{ always() }} | |
run: | | |
aws ec2 revoke-security-group-ingress --group-id "${{ secrets.AWS_SECURITY_GROUP_ID }}" --protocol "tcp" --port "${{ secrets.EC2_PORT }}" --cidr "${{ steps.ip.outputs.ipv4 }}/32" | |
env: | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
AWS_DEFAULT_REGION: ${{ secrets.AWS_DEFAULT_REGION }} |