[IDLE-518] private_key.pem 파일을 통해 접근하도록 수정

3IDLES · Jan 18, 2025 · 008d8f5 · 008d8f5
1 parent a112a29
commit 008d8f5
Showing 1 changed file with 18 additions and 3 deletions.
diff --git a/.github/workflows/prod-server-deployer.yaml b/.github/workflows/prod-server-deployer.yaml
@@ -50,7 +50,11 @@ jobs:
           username: ${{ vars.BASTION_USERNAME }}
           key: ${{ secrets.INSTANCE_PEM_KEY }}
           script: |
-            ssh -o "ProxyJump=${{ vars.BASTION_HOST }}" -i ${{ secrets.INSTANCE_PEM_KEY }} ${{ vars.INSTANCE_USERNAME }}@${{ vars.INSTANCE_HOST }} << 'EOF'
+            if [ ! -f private_key.pem ]; then
+              echo "${{ secrets.INSTANCE_PEM_KEY }}" > private_key.pem
+              chmod 600 private_key.pem
+            fi
+            ssh -o "ProxyJump=${{ vars.BASTION_HOST }}" -i private_key.pem ${{ vars.INSTANCE_USERNAME }}@${{ vars.INSTANCE_HOST }} << 'EOF'
               if ! command -v docker >/dev/null 2>&1; then
                 echo "Installing Docker..."
                 sudo apt-get update
@@ -66,6 +70,7 @@ jobs:
                 echo "Docker Compose already installed."
               fi
             EOF
+            rm -f private_key.pem
 
       - name: Configuration Env file
         uses: appleboy/ssh-action@master
@@ -78,11 +83,16 @@ jobs:
           key: ${{ secrets.INSTANCE_PEM_KEY }}
           envs: VARS_CONTEXT,SECRETS_CONTEXT
           script: |
-            ssh -o "ProxyJump=${{ vars.BASTION_HOST }}" -i ${{ secrets.INSTANCE_PEM_KEY }} ${{ vars.INSTANCE_USERNAME }}@${{ vars.INSTANCE_HOST }} << 'EOF'
+            if [ ! -f private_key.pem ]; then
+              echo "${{ secrets.INSTANCE_PEM_KEY }}" > private_key.pem
+              chmod 600 private_key.pem
+            fi
+            ssh -o "ProxyJump=${{ vars.BASTION_HOST }}" -i private_key.pem ${{ vars.INSTANCE_USERNAME }}@${{ vars.INSTANCE_HOST }} << 'EOF'
             cd ~/app/docker
             jq -s '.[0] * .[1] | del(.INSTANCE_PEM_KEY)' <(echo "$VARS_CONTEXT") <(echo "$SECRETS_CONTEXT") \
               | jq -r 'to_entries | map("\(.key)=\(.value)") | .[]' > .env
             EOF
+            rm -f private_key.pem
 
       - name: SSH to Bastion and deploy to Production server
         uses: appleboy/ssh-action@master
@@ -91,7 +101,11 @@ jobs:
           username: ${{ vars.BASTION_USERNAME }}
           key: ${{ secrets.INSTANCE_PEM_KEY }}
           script: |
-            ssh -o "ProxyJump=${{ vars.BASTION_HOST }}" -i ${{ secrets.INSTANCE_PEM_KEY }} ${{ vars.INSTANCE_USERNAME }}@${{ vars.INSTANCE_HOST }} << 'EOF'
+            if [ ! -f private_key.pem ]; then
+              echo "${{ secrets.INSTANCE_PEM_KEY }}" > private_key.pem
+              chmod 600 private_key.pem
+            fi
+            ssh -o "ProxyJump=${{ vars.BASTION_HOST }}" -i private_key.pem ${{ vars.INSTANCE_USERNAME }}@${{ vars.INSTANCE_HOST }} << 'EOF'
             sudo docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
             sudo docker pull public.ecr.aws/e4z1s9l7/caremeet:latest
             if [ $(sudo docker ps -q -f name=caremeet_server_prod) ]; then
@@ -102,6 +116,7 @@ jobs:
             -e SPRING_PROFILES_ACTIVE=prod \
             -d -p 8080:8080 public.ecr.aws/e4z1s9l7/caremeet:latest
             EOF
+            rm -f private_key.pem
 
       - name: Remove GitHub Actions IP
         run: |