Production Server Deployer (CD) #82
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Production Server Deployer (CD) | |
| on: workflow_dispatch | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| environment: prod | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Send discord notification (production server deploy start) | |
| uses: appleboy/discord-action@master | |
| with: | |
| webhook_id: ${{ secrets.SERVER_DEPLOY_DISCORD_WEBHOOK_ID }} | |
| webhook_token: ${{ secrets.SERVER_DEPLOY_DISCORD_WEBHOOK_TOKEN }} | |
| message: | | |
| > **🌈 Server Deployment Start (Production)** | |
| > | |
| > 🛢️ Repository : ${{ github.repository }} | |
| > 🎋 Branch : ${{ github.ref }} | |
| > 🔁 Run Attempt : ${{ github.run_attempt }} | |
| > 🤗 Actor : ${{ github.triggering_actor }} | |
| - name: Get Github Actions IP Addresses | |
| id: publicip | |
| run: | | |
| response=$(curl -s canhazip.com) | |
| echo "ip=$response" >> "$GITHUB_OUTPUT" | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: 'ap-northeast-2' | |
| - name: Add GitHub Actions IP | |
| run: | | |
| aws ec2 authorize-security-group-ingress \ | |
| --group-id ${{ secrets.SECURITY_GROUP_ID }} \ | |
| --protocol tcp \ | |
| --port 22 \ | |
| --cidr ${{ steps.publicip.outputs.ip }}/32 | |
| - name: SSH to Bastion and Install Docker if not present on Production server | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ vars.BASTION_HOST }} | |
| username: ${{ vars.BASTION_USERNAME }} | |
| key: ${{ secrets.INSTANCE_PEM_KEY }} | |
| script: | | |
| if [ ! -f private_key.pem ]; then | |
| echo "${{ secrets.INSTANCE_PEM_KEY }}" > private_key.pem | |
| chmod 600 private_key.pem | |
| fi | |
| ssh -f -N -M -S my-cicd-socket -o StrictHostKeyChecking=no -i private_key.pem -L 2222:${{ vars.INSTANCE_HOST }}:22 ec2-user@${{ vars.BASTION_HOST }} | |
| ssh -o StrictHostKeyChecking=no -i private_key.pem -p 2222 ubuntu@localhost << 'EOF' | |
| echo "Connected to Private Subnet productionServer via SSH Tunneling" | |
| if ! command -v docker >/dev/null 2>&1; then | |
| echo "Installing Docker..." | |
| sudo apt-get update | |
| sudo apt-get install -y docker.io | |
| else | |
| echo "Docker already installed." | |
| fi | |
| if ! command -v docker-compose >/dev/null 2>&1; then | |
| echo "Installing Docker Compose..." | |
| sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | |
| sudo chmod +x /usr/local/bin/docker-compose | |
| else | |
| echo "Docker Compose already installed." | |
| fi | |
| EOF | |
| ssh -S my-cicd-socket -O exit ec2-user@${{ vars.BASTION_HOST }} | |
| rm -f private_key.pem | |
| - name: Configuration Env file | |
| uses: appleboy/ssh-action@master | |
| env: | |
| VARS_CONTEXT: ${{ toJson(vars) }} | |
| SECRETS_CONTEXT: ${{ toJson(secrets) }} | |
| with: | |
| host: ${{ vars.BASTION_HOST }} | |
| username: ${{ vars.BASTION_USERNAME }} | |
| key: ${{ secrets.INSTANCE_PEM_KEY }} | |
| envs: VARS_CONTEXT,SECRETS_CONTEXT | |
| script: | | |
| if [ ! -f private_key.pem ]; then | |
| echo "${{ secrets.INSTANCE_PEM_KEY }}" > private_key.pem | |
| chmod 600 private_key.pem | |
| fi | |
| ssh -f -N -M -S my-cicd-socket -o StrictHostKeyChecking=no -i private_key.pem -L 2222:${{ vars.INSTANCE_HOST }}:22 ec2-user@${{ vars.BASTION_HOST }} | |
| ssh -o StrictHostKeyChecking=no -i private_key.pem -p 2222 ubuntu@localhost << 'EOF' | |
| echo "Connected to Private Subnet productionServer via SSH Tunneling" | |
| cd ~/app/docker | |
| jq -s 'map(select(type != "null")) | add' <(echo "$VARS_CONTEXT") <(echo "$SECRETS_CONTEXT") \ | |
| | jq -r 'to_entries | map("\(.key)=\(.value)") | .[]' > .env | |
| EOF | |
| ssh -S my-cicd-socket -O exit ec2-user@${{ vars.BASTION_HOST }} | |
| rm -f private_key.pem | |
| - name: SSH to Bastion and deploy to Production server | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ vars.BASTION_HOST }} | |
| username: ${{ vars.BASTION_USERNAME }} | |
| key: ${{ secrets.INSTANCE_PEM_KEY }} | |
| script: | | |
| if [ ! -f private_key.pem ]; then | |
| echo "${{ secrets.INSTANCE_PEM_KEY }}" > private_key.pem | |
| chmod 600 private_key.pem | |
| fi | |
| ssh -f -N -M -S my-cicd-socket -o StrictHostKeyChecking=no -i private_key.pem -L 2222:${{ vars.INSTANCE_HOST }}:22 ec2-user@${{ vars.BASTION_HOST }} | |
| ssh -o StrictHostKeyChecking=no -i private_key.pem -p 2222 ubuntu@localhost << 'EOF' | |
| echo "Connected to Private Subnet productionServer via SSH Tunneling" | |
| sudo docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} | |
| sudo docker pull public.ecr.aws/e4z1s9l7/caremeet:latest | |
| if [ $(sudo docker ps -q -f name=caremeet_server_prod) ]; then | |
| sudo docker stop caremeet_server_prod | |
| sudo docker rm caremeet_server_prod | |
| fi | |
| sudo docker run --name caremeet_server_prod --env-file ./app/docker/.env \ | |
| -e SPRING_PROFILES_ACTIVE=prod \ | |
| -d -p 8080:8080 public.ecr.aws/e4z1s9l7/caremeet:latest | |
| EOF | |
| ssh -S my-cicd-socket -O exit ec2-user@${{ vars.BASTION_HOST }} | |
| rm -f private_key.pem | |
| - name: Remove GitHub Actions IP | |
| run: | | |
| aws ec2 revoke-security-group-ingress \ | |
| --group-id ${{ secrets.SECURITY_GROUP_ID }} \ | |
| --protocol tcp \ | |
| --port 22 \ | |
| --cidr ${{ steps.publicip.outputs.ip }}/32 |