cd.yml (DEPRECATED - ECS) #62
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: cd.yml | |
| on: | |
| workflow_dispatch: | |
| inputs: | |
| image_tag: | |
| description: 'ECR image tag to deploy (e.g. latest or a commit SHA)' | |
| required: false | |
| default: latest | |
| workflow_run: | |
| workflows: ["ci.yml"] # ci.yml의 name과 동일해야 함 | |
| types: [completed] | |
| jobs: | |
| # 2. ECS 서비스 업데이트 (무중단 배포) | |
| deploy: | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/develop' | |
| steps: | |
| - name: Decode and export env vars | |
| run: | | |
| echo "${{ secrets.APP_ENV_B64 }}" | base64 --decode | tr -d '\r'> .env | |
| # 모든 환경변수를 GitHub Actions 환경변수로 export | |
| sed '/^[[:space:]]*#/d; s/[[:space:]]*#.*$//; /^[[:space:]]*$/d' .env \ | |
| | while IFS='=' read -r key value; do | |
| if [[ -n "$key" ]]; then | |
| echo "$key=$value" >> "$GITHUB_ENV" | |
| fi | |
| done | |
| - name: Create ECS env json | |
| run: | | |
| # ① 공백 + # 로 시작하는 줄 삭제, ② 라인 끝 주석 삭제, ③ 빈줄 삭제 | |
| CLEAN=$(sed '/^[[:space:]]*#/d; s/[[:space:]]*#.*$//; /^[[:space:]]*$/d' .env) | |
| # ④ KEY=VALUE 에서 VALUE 안에 '=' 가 있어도 안전하게 처리 | |
| ENV_VARS=$(printf "%s\n" "$CLEAN" | jq -Rn ' | |
| def kv: (split("=")) | {name: .[0], value: (.[1:] | join("="))}; | |
| [inputs | kv] | |
| ') | |
| echo "$ENV_VARS" > env.json | |
| cat env.json | |
| - name: Set IMAGE_TAG by trigger type | |
| run: | | |
| if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then | |
| echo "IMAGE_TAG=latest" >> $GITHUB_ENV | |
| echo "activate tag: latest" | |
| else | |
| echo "IMAGE_TAG=${{ github.sha }}" >> $GITHUB_ENV | |
| echo "activate tag: ${{ github.sha }}" | |
| fi | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Update ECS Service | |
| env: | |
| CLUSTER: ${{ env.ECS_CLUSTER }} | |
| SERVICE: ${{ env.ECS_SERVICE }} | |
| TASK_FAMILY: ${{ env.ECS_TASK_FAMILY }} | |
| ECR_REGISTRY: ${{ env.ECR_REGISTRY }} | |
| ECR_REPOSITORY: ${{ env.ECR_REPOSITORY }} | |
| IMAGE_TAG: ${{ env.IMAGE_TAG }} | |
| run: | | |
| # 1) 현재 TaskDefinition (taskDefinition 객체만) | |
| TASK_DEF=$(aws ecs describe-task-definition \ | |
| --task-definition "$TASK_FAMILY" \ | |
| --query 'taskDefinition' --output json) | |
| # 2) env.json 읽기 | |
| ENV_JSON=$(cat env.json) | |
| # 3) 이미지/환경변수 패치 + 불필요/NULL 필드 제거 | |
| IMAGE_URI="$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" | |
| NEW_TASK_DEF=$( | |
| echo "$TASK_DEF" | jq \ | |
| --arg IMAGE "$IMAGE_URI" \ | |
| --argjson ENV_ARG "$ENV_JSON" ' | |
| .containerDefinitions |= map( | |
| if .name == "econoeasy-be" then | |
| .image = $IMAGE | |
| | .environment = $ENV_ARG | |
| | .cpu = 682 | |
| | .memory = 1024 | |
| | .memoryReservation = 256 | |
| | .logConfiguration = { | |
| logDriver: "awslogs", | |
| options: { | |
| "awslogs-group": "/ecs/econoeasy", | |
| "awslogs-region": "ap-northeast-2", | |
| "awslogs-stream-prefix": "ecs" | |
| } | |
| } | |
| else . end | |
| ) | |
| # register-task-definition에 불필요/문제 대상 키 제거 | |
| | del( | |
| .status, .revision, .taskDefinitionArn, .requiresAttributes, | |
| .compatibilities, .registeredAt, .registeredBy, | |
| .deregisteredAt, .deregisteredBy, .proxyConfiguration, | |
| .inferenceAccelerators, .pidMode, .ipcMode, .tags, | |
| .ephemeralStorage # <- null로 오면 실패하니 삭제 | |
| ) | |
| # null 전부 제거(taskRoleArn=null 등) | |
| | with_entries(select(.value != null)) | |
| ' | |
| ) | |
| echo "$NEW_TASK_DEF" | jq '.' > new-task-def.json | |
| echo "!!!!! $NEW_TASK_DEF !!!!!" | |
| # (디버그) environment 타입 확인 | |
| echo "env type:" && jq -r '.containerDefinitions[0].environment | type' new-task-def.json | |
| # 4) 새 revision 등록 | |
| REG_OUT=$(aws ecs register-task-definition --cli-input-json file://new-task-def.json) | |
| NEW_TD_ARN=$(echo "$REG_OUT" | jq -r '.taskDefinition.taskDefinitionArn') | |
| # 5) 서비스 업데이트 | |
| aws ecs update-service --cluster "$CLUSTER" --service "$SERVICE" --task-definition "$NEW_TD_ARN" | |