pinback-server/.github/workflows/dev.yml at main · Pinback-Team/pinback-server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
name: CI/CD Pipeline
on:
  push:
    branches: [ "dev", "main" ]
  pull_request:
    branches: [ "dev", "main" ]

env:
  DOCKER_IMAGE_NAME: pinback

jobs:
  build:
    runs-on: ubuntu-latest
    strategy:
      matrix:
        java-version: [ '21' ]
      fail-fast: false
    services:
      redis:
        image: redis:7
        ports:
          - 6379:6379
        options: >-
          --health-cmd "redis-cli ping"
          --health-interval 10s
          --health-timeout 5s
          --health-retries 5
    permissions:
      contents: read
      checks: write
      id-token: write
    steps:
      - uses: actions/checkout@v4
      - name: Set up JDK 21
        uses: actions/setup-java@v4
        with:
          java-version: '21'
          distribution: 'temurin'
      # gradle caching
      - name: Gradle Caching
        uses: actions/cache@v3
        with:
          path: |
            ~/.gradle/caches
            ~/.gradle/wrapper
          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*gradle*','**/gradle-wrapper.properties') }}
          restore-keys: |
            ${{ runner.os }}-gradle-
      - name: Build with Gradle Wrapper
        run: ./gradlew clean build --no-daemon --build-cache --parallel --max-workers=4

      - name: Publish Test Report
        uses: mikepenz/action-junit-report@v5
        if: success() || failure()
        with:
          report_paths: '**/build/test-results/test/TEST-*.xml'

      - name: Upload build artifacts
        uses: actions/upload-artifact@v4
        with:
          name: build-artifact
          path: api/build/libs/*.jar

  docker-build-and-push:
    needs: build
    runs-on: ubuntu-latest
    if: success() && github.event_name == 'push'
    steps:
      - uses: actions/checkout@v4

      - name: Download build artifact
        uses: actions/download-artifact@v4
        with:
          name: build-artifact
          path: api/build/libs/

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Login Docker Hub
        uses: docker/login-action@v3
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_PASSWORD }}

      - name: Set Image Tag
        id: set-tag
        run: |
          if [[ "${{ github.ref }}" == "refs/heads/dev" ]]; then
            echo "TAG=dev" >> $GITHUB_ENV
            echo "IMAGE_TAG=${{ secrets.DOCKER_USERNAME }}/${{ env.DOCKER_IMAGE_NAME }}:dev" >> $GITHUB_ENV
          elif [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
            echo "TAG=prod" >> $GITHUB_ENV
            echo "IMAGE_TAG=${{ secrets.DOCKER_USERNAME }}/${{ env.DOCKER_IMAGE_NAME }}:prod" >> $GITHUB_ENV
          fi

      - name: Docker Build & push
        uses: docker/build-push-action@v5
        with:
          context: .
          file: ./Dockerfile
          push: true
          tags: ${{ env.IMAGE_TAG }}
          cache-from: type=gha
          cache-to: type=gha,mode=max

  deploy:
    needs: docker-build-and-push
    runs-on: ubuntu-latest
    if: success() && github.event_name == 'push'
    steps:
      # 1. 리포지토리 체크아웃
      - name: Checkout repository
        uses: actions/checkout@v4

      # 2. SSH 접속에 필요한 환경 변수 설정
      - name: Set Environment Variables
        id: set-env-vars
        shell: bash
        run: |
          if [[ "${{ github.ref }}" == "refs/heads/dev" ]]; then
            echo "HOST=${{ secrets.DEV_EC2_SSH_HOST }}" >> $GITHUB_ENV
            echo "USERNAME=${{ secrets.DEV_EC2_SSH_USERNAME }}" >> $GITHUB_ENV
            echo "DEPLOY_DIR=/home/ubuntu/pinback-dev" >> $GITHUB_ENV
            echo "ENV_SECRET_NAME=DEV_ENV_CONTENT" >> $GITHUB_ENV
          elif [[ "${{ github.ref }}" == "refs/heads/main" ]]; then
            echo "HOST=${{ secrets.EC2_SSH_HOST }}" >> $GITHUB_ENV
            echo "USERNAME=${{ secrets.EC2_SSH_USERNAME }}" >> $GITHUB_ENV
            echo "DEPLOY_DIR=/home/ubuntu/pinback" >> $GITHUB_ENV
            echo "ENV_SECRET_NAME=PROD_ENV_CONTENT" >> $GITHUB_ENV
          fi

      # 3. known_hosts 등록
      - name: Add host to known_hosts
        run: |
          mkdir -p ~/.ssh
          ssh-keyscan -p 22 ${{ env.HOST }} >> ~/.ssh/known_hosts

      # 4. 원격 서버 초기화
      - name: Initialize remote server (Force Init)
        uses: appleboy/ssh-action@master
        with:
          host: ${{ env.HOST }}
          username: ${{ env.USERNAME }}
          key: ${{ github.ref == 'refs/heads/dev' && secrets.DEV_EC2_SSH_KEY || secrets.EC2_SSH_KEY }}
          debug: true
          script: |
            # 1. 배포 디렉토리 생성
            mkdir -p ${{ env.DEPLOY_DIR }}

            # 2. 디렉토리 소유권 및 권한 강제 변경
            sudo chown -R ${{ env.USERNAME }}:${{ env.USERNAME }} ${{ env.DEPLOY_DIR }}

            # 3. 기존 파일 강제 삭제
            sudo rm -f ${{ env.DEPLOY_DIR }}/docker-compose.yml || true
            sudo rm -f ${{ env.DEPLOY_DIR }}/pinback.env || true

      # 5. docker-compose.yml 파일 복사
      - name: Copy docker-compose.yml to EC2
        uses: appleboy/scp-action@master
        with:
          host: ${{ env.HOST }}
          username: ${{ env.USERNAME }}
          key: ${{ github.ref == 'refs/heads/dev' && secrets.DEV_EC2_SSH_KEY || secrets.EC2_SSH_KEY }}
          source: "docker-compose.yml"
          target: ${{ env.DEPLOY_DIR }}
          debug: true
          overwrite: true

      # 6. pinback.env 파일을 Runner에 임시 생성 후 복사
      - name: Create & Copy pinback.env to EC2
        run: |
          # 환경 변수 이름으로 Secret 값을 가져와 파일 생성

          if [[ "${{ env.ENV_SECRET_NAME }}" == "DEV_ENV_CONTENT" ]]; then
              echo "${{ secrets.DEV_ENV_CONTENT }}" > pinback.env
          elif [[ "${{ env.ENV_SECRET_NAME }}" == "PROD_ENV_CONTENT" ]]; then
              echo "${{ secrets.PROD_ENV_CONTENT }}" > pinback.env
          fi

      # 6 - 1
      - name: Copy pinback.env file
        uses: appleboy/scp-action@master
        with:
          host: ${{ env.HOST }}
          username: ${{ env.USERNAME }}
          key: ${{ github.ref == 'refs/heads/dev' && secrets.DEV_EC2_SSH_KEY || secrets.EC2_SSH_KEY }}
          source: "pinback.env"
          target: ${{ env.DEPLOY_DIR }}
          debug: true
          overwrite: true

      # 7. 배포 (docker composee(v2))
      - name: Deploy with Docker Compose to EC2
        uses: appleboy/ssh-action@master
        with:
          host: ${{ env.HOST }}
          username: ${{ env.USERNAME }}
          key: ${{ github.ref == 'refs/heads/dev' && secrets.DEV_EC2_SSH_KEY || secrets.EC2_SSH_KEY }}
          debug: true
          script: |
            # DEPLOY_DIR 변수를 사용하기 위해 Bash 변수로 재선언
            DEPLOY_DIR=${{ env.DEPLOY_DIR }}

            # 1) 배포 디렉터리로 이동
            cd "$DEPLOY_DIR"

            # 2) EC2에 미리 만들어둔 pinback.env 파일의 환경 변수 로드
            if [ ! -f "$DEPLOY_DIR/pinback.env" ]; then
                echo "ERROR: .env file not found at $DEPLOY_DIR/pinback.env"
                exit 1
            fi
            while IFS='=' read -r name value; do
              # 주석 및 빈 줄 무시
              if [[ "$name" =~ ^# ]] || [ -z "$name" ]; then
                continue
              fi
              # 공백 제거 및 export
              export "$name"="$(echo "$value" | xargs)"
            done < "$DEPLOY_DIR/pinback.env"

            # 3) 기존 Docker Compose 스택 중지 및 삭제
            docker-compose --file "$DEPLOY_DIR/docker-compose.yml" down || true && \

            # Docker Hub에서 최신 이미지 pull
            docker-compose --file "$DEPLOY_DIR/docker-compose.yml" pull && \

            # 5) Docker Compose로 서비스 시작
            docker-compose --file "$DEPLOY_DIR/docker-compose.yml" up -d --remove-orphans && \

            # 6) 사용하지 않는 Docker 이미지 정리
            docker image prune -f