[Chore] 토큰 기한 원상복구 #73
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD | |
| on: | |
| push: | |
| branches: [ main ] | |
| jobs: | |
| deploy: | |
| name: Deploy | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| # JDK 17 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: "17" | |
| - name: Build with Gradle | |
| run: | | |
| cd devicelife-api | |
| chmod +x gradlew | |
| ./gradlew clean build -x test | |
| # AWS 인증 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ap-northeast-2 | |
| # ECR 로그인 (registry output 얻기) | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| - name: Build, tag, and push image to ECR (commit tag only) | |
| id: build-image | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| ECR_REPOSITORY: ${{ secrets.REPO_NAME }} | |
| run: | | |
| set -e | |
| cd devicelife-api | |
| IMAGE_TAG="${GITHUB_SHA::7}" | |
| IMAGE_URI="${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG}" | |
| echo "Building image: ${IMAGE_URI}" | |
| docker build -t "${IMAGE_URI}" . | |
| docker push "${IMAGE_URI}" | |
| echo "image_uri=${IMAGE_URI}" >> $GITHUB_OUTPUT | |
| echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT | |
| # EC2 배포 | |
| - name: Deploy to EC2 | |
| uses: appleboy/ssh-action@v1.0.3 | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ec2-user | |
| key: ${{ secrets.EC2_KEY }} | |
| script: | | |
| set -e | |
| cd /home/ec2-user/Backend/devicelife-api | |
| # ✅ 이번 배포 커밋 태그 | |
| IMAGE_TAG="${{ steps.build-image.outputs.image_tag }}" | |
| echo "Deploying IMAGE_TAG=${IMAGE_TAG}" | |
| # ✅ ECR 로그인 (계정 레지스트리) | |
| aws ecr get-login-password --region ap-northeast-2 \ | |
| | docker login --username AWS --password-stdin \ | |
| ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.ap-northeast-2.amazonaws.com | |
| # ✅ compose에 IMAGE_TAG 강제 주입 (export 이슈 방지) | |
| IMAGE_TAG="$IMAGE_TAG" docker compose pull | |
| IMAGE_TAG="$IMAGE_TAG" docker compose up -d --force-recreate | |
| # ✅ 배포 확인(로그에 남김) | |
| docker ps --format "table {{.Names}}\t{{.Image}}\t{{.RunningFor}}" | |
| # ✅ nginx.conf 반영 + reload | |
| sudo cp ./nginx/devicelife.conf /etc/nginx/conf.d/devicelife.conf | |
| sudo nginx -t | |
| sudo systemctl reload nginx |