-
Notifications
You must be signed in to change notification settings - Fork 1
136 lines (127 loc) · 6.11 KB
/
prod-server-deployer.yaml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
name: Production Server Deployer (CD)
on: workflow_dispatch
jobs:
deploy:
runs-on: ubuntu-latest
environment: prod
steps:
- name: Checkout repository
uses: actions/checkout@v4
- name: Send discord notification (production server deploy start)
uses: appleboy/discord-action@master
with:
webhook_id: ${{ secrets.SERVER_DEPLOY_DISCORD_WEBHOOK_ID }}
webhook_token: ${{ secrets.SERVER_DEPLOY_DISCORD_WEBHOOK_TOKEN }}
message: |
> **🌈 Server Deployment Start (Production)**
>
> 🛢️ Repository : ${{ github.repository }}
> 🎋 Branch : ${{ github.ref }}
> 🔁 Run Attempt : ${{ github.run_attempt }}
> 🤗 Actor : ${{ github.triggering_actor }}
- name: Get Github Actions IP Addresses
id: publicip
run: |
response=$(curl -s canhazip.com)
echo "ip=$response" >> "$GITHUB_OUTPUT"
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: 'ap-northeast-2'
- name: Add GitHub Actions IP
run: |
aws ec2 authorize-security-group-ingress \
--group-id ${{ secrets.SECURITY_GROUP_ID }} \
--protocol tcp \
--port 22 \
--cidr ${{ steps.publicip.outputs.ip }}/32
- name: SSH to Bastion and Install Docker if not present on Production server
uses: appleboy/[email protected]
with:
host: ${{ vars.BASTION_HOST }}
username: ${{ vars.BASTION_USERNAME }}
key: ${{ secrets.INSTANCE_PEM_KEY }}
script: |
if [ ! -f private_key.pem ]; then
echo "${{ secrets.INSTANCE_PEM_KEY }}" > private_key.pem
chmod 600 private_key.pem
fi
ssh -f -N -M -S my-cicd-socket -o StrictHostKeyChecking=no -i private_key.pem -L 2222:${{ vars.INSTANCE_HOST }}:22 ec2-user@${{ vars.BASTION_HOST }}
ssh -o StrictHostKeyChecking=no -i private_key.pem -p 2222 ubuntu@localhost << 'EOF'
echo "Connected to Private Subnet productionServer via SSH Tunneling"
if ! command -v docker >/dev/null 2>&1; then
echo "Installing Docker..."
sudo apt-get update
sudo apt-get install -y docker.io
else
echo "Docker already installed."
fi
if ! command -v docker-compose >/dev/null 2>&1; then
echo "Installing Docker Compose..."
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
else
echo "Docker Compose already installed."
fi
EOF
ssh -S my-cicd-socket -O exit ec2-user@${{ vars.BASTION_HOST }}
rm -f private_key.pem
- name: Configuration Env file
uses: appleboy/ssh-action@master
env:
VARS_CONTEXT: ${{ toJson(vars) }}
SECRETS_CONTEXT: ${{ toJson(secrets) }}
with:
host: ${{ vars.BASTION_HOST }}
username: ${{ vars.BASTION_USERNAME }}
key: ${{ secrets.INSTANCE_PEM_KEY }}
envs: VARS_CONTEXT,SECRETS_CONTEXT
script: |
if [ ! -f private_key.pem ]; then
echo "${{ secrets.INSTANCE_PEM_KEY }}" > private_key.pem
chmod 600 private_key.pem
fi
ssh -f -N -M -S my-cicd-socket -o StrictHostKeyChecking=no -i private_key.pem -L 2222:${{ vars.INSTANCE_HOST }}:22 ec2-user@${{ vars.BASTION_HOST }}
ssh -o StrictHostKeyChecking=no -i private_key.pem -p 2222 ubuntu@localhost << 'EOF'
echo "Connected to Private Subnet productionServer via SSH Tunneling"
cd ~/app/docker
jq -s '.[0] * .[1] | to_entries | map(select(.value != null)) | from_entries' <(echo "$VARS_CONTEXT") <(echo "$SECRETS_CONTEXT") \
| jq -r 'to_entries | map("\(.key)=\(.value)") | .[]' > .env
EOF
ssh -S my-cicd-socket -O exit ec2-user@${{ vars.BASTION_HOST }}
rm -f private_key.pem
- name: SSH to Bastion and deploy to Production server
uses: appleboy/ssh-action@master
with:
host: ${{ vars.BASTION_HOST }}
username: ${{ vars.BASTION_USERNAME }}
key: ${{ secrets.INSTANCE_PEM_KEY }}
script: |
if [ ! -f private_key.pem ]; then
echo "${{ secrets.INSTANCE_PEM_KEY }}" > private_key.pem
chmod 600 private_key.pem
fi
ssh -f -N -M -S my-cicd-socket -o StrictHostKeyChecking=no -i private_key.pem -L 2222:${{ vars.INSTANCE_HOST }}:22 ec2-user@${{ vars.BASTION_HOST }}
ssh -o StrictHostKeyChecking=no -i private_key.pem -p 2222 ubuntu@localhost << 'EOF'
echo "Connected to Private Subnet productionServer via SSH Tunneling"
sudo docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
sudo docker pull public.ecr.aws/e4z1s9l7/caremeet:latest
if [ $(sudo docker ps -q -f name=caremeet_server_prod) ]; then
sudo docker stop caremeet_server_prod
sudo docker rm caremeet_server_prod
fi
sudo docker run --name caremeet_server_prod --env-file ./app/docker/.env \
-e SPRING_PROFILES_ACTIVE=prod \
-d -p 8080:8080 public.ecr.aws/e4z1s9l7/caremeet:latest
EOF
ssh -S my-cicd-socket -O exit ec2-user@${{ vars.BASTION_HOST }}
rm -f private_key.pem
- name: Remove GitHub Actions IP
run: |
aws ec2 revoke-security-group-ingress \
--group-id ${{ secrets.SECURITY_GROUP_ID }} \
--protocol tcp \
--port 22 \
--cidr ${{ steps.publicip.outputs.ip }}/32