memory/.github/workflows/deploy-dev.yml at develop · YuSunjo/memory · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
name: Deploy to Development Server

on:
  workflow_run:
    workflows: ["Build and Push to GHCR"]
    types:
      - completed
    branches: [ develop ]

jobs:
  deploy:
    runs-on: ubuntu-latest
    if: ${{ github.event.workflow_run.conclusion == 'success' }}

    steps:
    - name: Deploy to development server
      uses: appleboy/ssh-action@master
      with:
        host: 144.24.78.166
        username: ubuntu
        key: ${{ secrets.DEV_SERVER_PRIVATE_KEY }}
        script: |
          # GitHub Container Registry 로그인
          echo ${{ secrets.PAT_TOKEN }} | docker login ghcr.io -u ${{ github.actor }} --password-stdin

          # 프로젝트 디렉토리 생성 및 이동
          mkdir -p ~/memory/memory-backend
          cd ~/memory/memory-backend

          # 기존 저장소가 없다면 클론, 있다면 풀
          if [ ! -d ".git" ]; then
            git clone -b develop https://github.com/${{ github.repository }}.git .
          else
            git fetch origin develop
            git reset --hard origin/develop
          fi

          # docker compose 실행
          cd memory-infra/docker/dev

          # .env 파일 생성
          cat > .env << EOF
          POSTGRES_DB=${{ secrets.POSTGRES_DB }}
          POSTGRES_USER=${{ secrets.POSTGRES_USER }}
          POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}
          JWT_TOKEN_SECRET=${{ secrets.JWT_TOKEN_SECRET }}
          ELASTIC_PASSWORD=${{ secrets.ELASTIC_PASSWORD }}
          KIBANA_PASSWORD=${{ secrets.KIBANA_PASSWORD }}
          [email protected]
          EOF

          # 기존 컨테이너 중지 및 제거
          docker compose down

          # 기존 이미지 제거 (추가)
          docker compose pull

          # Elasticsearch 디렉토리 권한 설정
          sudo mkdir -p data/elasticsearch-data
          sudo chown -R ubuntu:ubuntu data/elasticsearch-data
          sudo chmod -R 777 data/elasticsearch-data

          # filebeat, logstash 디렉토리 권한 설정
          sudo mkdir -p data/filebeat-data
          sudo mkdir -p data/logstash-data
          sudo chmod -R 777 data/filebeat-data
          sudo chmod -R 777 data/logstash-data
          sudo chown root:root filebeat/filebeat.yml
          sudo chmod 600 filebeat/filebeat.yml

          # 컨테이너 빌드 및 시작
          docker compose up -d --build

          # kibana_system 사용자 비밀번호 설정
          docker exec memory-elasticsearch-dev curl -X POST "localhost:9200/_security/user/kibana_system/_password" \
            -H "Content-Type: application/json" \
            -u elastic:${{ secrets.ELASTIC_PASSWORD }} \
            -d "{\"password\": \"${{ secrets.KIBANA_PASSWORD }}\"}"

          # Kibana 재시작
          docker compose restart kibana

          # 사용하지 않는 이미지 정리
          docker image prune -f