Merge remote-tracking branch 'upstream/develop' #21
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: main-deploy | |
on: | |
push: | |
branches: | |
- main | |
workflow_dispatch: | |
jobs: | |
deploy: | |
runs-on: ubuntu-latest | |
steps: | |
# 깃허브 액션 러너의 아이피를 얻어온다. | |
- name: Get Github action IP | |
id: ip | |
uses: haythem/[email protected] | |
# AWS 설정 | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v1 | |
with: | |
# 아이엠 키 설정 | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: ap-northeast-2 | |
# 깃허브 액션의 아이피를 인바운드 룰에 임시 등록 | |
- name: Add Github Actions IP to Security group | |
run: | | |
aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
- name: Checkout code | |
uses: actions/checkout@v2 | |
- name: Setup SSH key | |
run: | | |
echo "$SSH_KEY" > key.pem | |
chmod 600 key.pem | |
# Debugging: Verify the key file is correctly created and permissions are set | |
echo "SSH key file content:" | |
cat key.pem | |
echo "SSH key file permissions:" | |
ls -l key.pem | |
- name: Connect and run script on remote host | |
run: | | |
ssh -v -i key.pem -o StrictHostKeyChecking=no ${USER}@${HOST} "bash git-action.sh" | |
env: | |
USER: ${{ secrets.USER }} | |
HOST: ${{ secrets.HOST }} | |
SSH_KEY: ${{ secrets.SSH_KEY }} | |
AWS_DEFAULT_REGION: ap-northeast-2 | |
AWS_REGION: ap-northeast-2 | |
AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
NODE_ENV: ${{ secrets.NODE_ENV }} | |
JWT_SECRET: ${{ secrets.JWT_SECRET }} | |
ACCESS_TOKEN_EXPIRATION: ${{ secrets.ACCESS_TOKEN_EXPIRATION }} | |
REFRESH_TOKEN_EXPIRATION: ${{ secrets.REFRESH_TOKEN_EXPIRATION }} | |
AWS_DYNAMODB_TABLE_NAME: ${{ secrets.AWS_DYNAMODB_TABLE_NAME }} | |
AWS_DYNAMODB_EMAIL_VERIFICATION_TABLE_NAME: ${{ secrets.AWS_DYNAMODB_EMAIL_VERIFICATION_TABLE_NAME }} | |
AWS_SES_EMAIL: ${{ secrets.AWS_SES_EMAIL }} | |
KAKAO_CLIENT_ID: ${{ secrets.KAKAO_CLIENT_ID }} | |
KAKAO_CLIENT_SECRET: ${{ secrets.KAKAO_CLIENT_SECRET }} | |
KAKAO_CALLBACK_URL: ${{ secrets.KAKAO_CALLBACK_URL }} | |
GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }} | |
GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }} | |
GOOGLE_CALLBACK_URL: ${{ secrets.GOOGLE_CALLBACK_URL }} | |
GOOGLE_API_KEY: ${{ secrets.GOOGLE_API_KEY }} | |
- name: Remove Github Actions IP From Security Group | |
run: | | |
aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 |