deck/.github/workflows/deploy-dev.yml at develop · chequer-io/deck · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
# Dev 환경 배포 — SSH를 통한 VM 원격 배포
# 기본: 롤링 배포 (DB 유지) / db_reset=true: DB 초기화 후 재시작
# workflow_dispatch(수동) + workflow_call(docker.yml 자동) 모두 지원
name: Deploy / Dev

on:
  workflow_dispatch:
    inputs:
      service:
        description: '배포할 서비스'
        required: true
        type: choice
        options:
          - app
          - meetpie
          - deskpie
      image_tag:
        description: '배포할 이미지 태그 (예: dev-latest, dev-abc1234)'
        required: false
        default: 'dev-latest'
      start_vm:
        description: 'VM이 꺼져 있으면 자동으로 시작'
        required: false
        type: boolean
        default: true
      db_reset:
        description: 'DB 초기화 (db-data 볼륨 제거 → Flyway V1 재실행)'
        required: false
        type: boolean
        default: false
  workflow_call:
    inputs:
      service:
        description: '배포할 서비스 (app | meetpie | deskpie)'
        type: string
        required: true
      image_tag:
        description: '배포할 이미지 태그'
        type: string
        required: false
        default: 'dev-latest'
      start_vm:
        description: 'VM이 꺼져 있으면 자동으로 시작'
        type: boolean
        required: false
        default: true
      db_reset:
        description: 'DB 초기화 (db-data 볼륨 제거 → Flyway V1 재실행)'
        type: boolean
        required: false
        default: false

permissions:
  contents: read

jobs:
  deploy:
    runs-on: ubuntu-latest
    steps:
      - name: Resolve service config
        id: cfg
        run: |
          case "${{ inputs.service }}" in
            app)
              echo "host=deck-app-dev.tpm.querypie.io"     >> "$GITHUB_OUTPUT"
              echo "instance_id=ins-90x6jnx5"               >> "$GITHUB_OUTPUT"
              echo "tag_env=APP_IMAGE_TAG"                  >> "$GITHUB_OUTPUT"
              ;;
            meetpie)
              echo "host=deck-meetpie-dev.tpm.querypie.io" >> "$GITHUB_OUTPUT"
              echo "instance_id=ins-6imdjii9"               >> "$GITHUB_OUTPUT"
              echo "tag_env=MEETPIE_IMAGE_TAG"              >> "$GITHUB_OUTPUT"
              ;;
            deskpie)
              echo "host=deck-deskpie-dev.tpm.querypie.io" >> "$GITHUB_OUTPUT"
              echo "instance_id=ins-5ag0g1h5"               >> "$GITHUB_OUTPUT"
              echo "tag_env=DESKPIE_IMAGE_TAG"              >> "$GITHUB_OUTPUT"
              ;;
            *)
              echo "::error::Unknown service: ${{ inputs.service }}"
              exit 1
              ;;
          esac

      # ── VM 자동 시작 ──────────────────────────────────────────────────
      - name: Install tccli
        if: inputs.start_vm
        run: pip install tccli --quiet

      - name: Check VM state
        if: inputs.start_vm
        id: vm
        env:
          TENCENTCLOUD_SECRET_ID: ${{ vars.TENCENTCLOUD_SECRET_ID }}
          TENCENTCLOUD_SECRET_KEY: ${{ secrets.TENCENTCLOUD_SECRET_KEY }}
          TENCENTCLOUD_REGION: ap-seoul
        run: |
          INSTANCE_ID="${{ steps.cfg.outputs.instance_id }}"
          STATE=$(tccli cvm DescribeInstancesStatus \
            --InstanceIds "[\"${INSTANCE_ID}\"]" \
            | jq -r '.InstanceStatusSet[0].InstanceState')
          echo "state=${STATE}" >> "$GITHUB_OUTPUT"
          echo "VM state: ${STATE}"

      - name: Start VM
        if: inputs.start_vm && steps.vm.outputs.state == 'STOPPED'
        env:
          TENCENTCLOUD_SECRET_ID: ${{ vars.TENCENTCLOUD_SECRET_ID }}
          TENCENTCLOUD_SECRET_KEY: ${{ secrets.TENCENTCLOUD_SECRET_KEY }}
          TENCENTCLOUD_REGION: ap-seoul
        run: |
          tccli cvm StartInstances \
            --InstanceIds "[\"${{ steps.cfg.outputs.instance_id }}\"]"

      - name: Wait for VM to be RUNNING
        if: inputs.start_vm && steps.vm.outputs.state == 'STOPPED'
        env:
          TENCENTCLOUD_SECRET_ID: ${{ vars.TENCENTCLOUD_SECRET_ID }}
          TENCENTCLOUD_SECRET_KEY: ${{ secrets.TENCENTCLOUD_SECRET_KEY }}
          TENCENTCLOUD_REGION: ap-seoul
        run: |
          INSTANCE_ID="${{ steps.cfg.outputs.instance_id }}"
          for i in $(seq 1 24); do
            STATE=$(tccli cvm DescribeInstancesStatus \
              --InstanceIds "[\"${INSTANCE_ID}\"]" \
              | jq -r '.InstanceStatusSet[0].InstanceState')
            echo "[${i}/24] VM state: ${STATE}"
            [ "${STATE}" = "RUNNING" ] && exit 0
            sleep 5
          done
          echo "::error::VM did not reach RUNNING state within 2 minutes"
          exit 1

      - name: Wait for SSH to be ready
        if: inputs.start_vm && steps.vm.outputs.state == 'STOPPED'
        run: |
          HOST="${{ steps.cfg.outputs.host }}"
          for i in $(seq 1 30); do
            nc -z -w 3 "${HOST}" 22 && echo "SSH is ready." && exit 0
            echo "[${i}/30] Waiting for SSH on ${HOST}:22 ..."
            sleep 5
          done
          echo "::error::SSH not available after 2.5 minutes"
          exit 1

      # ── SSH 배포 ──────────────────────────────────────────────────────
      - name: Setup SSH key
        run: |
          mkdir -p ~/.ssh
          echo "${{ secrets.DEV_DEPLOY_SSH_KEY }}" > ~/.ssh/dev_deploy
          chmod 600 ~/.ssh/dev_deploy
          ssh-keyscan -H "${{ steps.cfg.outputs.host }}" >> ~/.ssh/known_hosts

      - name: Deploy
        env:
          HOST: ${{ steps.cfg.outputs.host }}
          SERVICE: ${{ inputs.service }}
          GIT_BRANCH: ${{ github.ref_name }}
          TAG_ENV: ${{ steps.cfg.outputs.tag_env }}
          IMAGE_TAG: ${{ inputs.image_tag }}
          DB_RESET: ${{ inputs.db_reset }}
          DB_VOLUME: deck-dev_db-data
        run: |
          REMOTE_SERVICE=$(printf '%q' "${SERVICE}")
          REMOTE_GIT_BRANCH=$(printf '%q' "${GIT_BRANCH}")
          REMOTE_TAG_ENV=$(printf '%q' "${TAG_ENV}")
          REMOTE_IMAGE_TAG=$(printf '%q' "${IMAGE_TAG}")
          REMOTE_DB_RESET=$(printf '%q' "${DB_RESET}")
          REMOTE_DB_VOLUME=$(printf '%q' "${DB_VOLUME}")

          ssh -i ~/.ssh/dev_deploy ubuntu@"${HOST}" \
            "SERVICE=${REMOTE_SERVICE} GIT_BRANCH=${REMOTE_GIT_BRANCH} TAG_ENV=${REMOTE_TAG_ENV} IMAGE_TAG=${REMOTE_IMAGE_TAG} DB_RESET=${REMOTE_DB_RESET} DB_VOLUME=${REMOTE_DB_VOLUME} bash -se" <<'REMOTE'
          set -euo pipefail
          REPO_DIR=/home/ubuntu/deck

          cd "${REPO_DIR}"
          git fetch origin --prune
          git checkout -B "${GIT_BRANCH}" "origin/${GIT_BRANCH}"

          cd "${REPO_DIR}/deploy/dev/tencent/compose"

          echo "=== Updating image tag: ${TAG_ENV}=${IMAGE_TAG} ==="
          sed -i "s/^${TAG_ENV}=.*/${TAG_ENV}=${IMAGE_TAG}/" .env

          bash "${REPO_DIR}/deploy/scripts/compose-rollout.sh" "${SERVICE}" "${DB_RESET}" "${DB_VOLUME}"
          REMOTE

      - name: Summary
        if: always()
        run: |
          {
            echo "## Deploy / Dev"
            echo ""
            echo "| 항목 | 값 |"
            echo "|------|-----|"
            echo "| Service | \`${{ inputs.service }}\` |"
            echo "| Image tag | \`${{ inputs.image_tag }}\` |"
            echo "| DB reset | \`${{ inputs.db_reset }}\` |"
            echo "| Host | \`${{ steps.cfg.outputs.host }}\` |"
            echo "| Readiness gate | \`container healthcheck -> /actuator/health/readiness\` |"
          } >> "$GITHUB_STEP_SUMMARY"