iam 계정을 이용해 보안 그룹에 추가 후 삭제 (#36) #60
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # .github/workflows/leafy-backend-build-and-push.yml | |
| # Leafy Backend Build and Push Workflow | |
| name: Backend Build and Push | |
| on: | |
| push: | |
| branches: | |
| - '08-cicd' | |
| paths: | |
| - 'leafy-backend/**' | |
| - '.github/workflows/leafy-backend-build-and-push.yml' | |
| jobs: | |
| # --- 1. 빌드 및 푸시 Job --- | |
| build: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| sha_tag: ${{ steps.get_sha.outputs.sha }} | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v4 | |
| - name: Get short commit sha | |
| id: get_sha | |
| run: echo "sha=$(echo ${{ github.sha }} | cut -c1-7)" >> $GITHUB_OUTPUT | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build Gradle Project (No Cache) | |
| working-directory: ./leafy-backend # Gradle 프로젝트가 있는 폴더로 이동 | |
| run: ./gradlew clean build --no-daemon --no-build-cache # <-- Gradle 캐시 비활성화 | |
| - name: Build and Push Docker Image (No Cache) | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: ./leafy-backend | |
| file: ./leafy-backend/Dockerfile | |
| push: true | |
| tags: ${{ secrets.DOCKERHUB_USERNAME }}/leafy-backend:${{ steps.get_sha.outputs.sha }},${{ secrets.DOCKERHUB_USERNAME }}/leafy-backend:latest | |
| platforms: linux/amd64 | |
| no-cache: true # [!!! Docker 빌드 캐시 비활성화 추가 !!!] | |
| # --- 2. 배포 Job --- | |
| deploy: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Get Public IP | |
| id: ip | |
| run: echo "ipv4=$(curl -s https://ipinfo.io/ip)" >> $GITHUB_OUTPUT | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Add SSH Rule (Open) | |
| run: | | |
| aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
| - name: Deploy to EC2 instance | |
| uses: appleboy/ssh-action@v1.0.3 | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ${{ secrets.EC2_USERNAME }} | |
| key: ${{ secrets.EC2_SSH_PRIVATE_KEY }} | |
| script: | | |
| echo "Setting new image tag in .env file..." | |
| # 'BACKEND_IMAGE_TAG='로 시작하는 줄을 찾아 새로운 태그로 교체합니다. | |
| sed -i "s|^BACKEND_IMAGE_TAG=.*|BACKEND_IMAGE_TAG=${{ secrets.DOCKERHUB_USERNAME }}/leafy-backend:${{ needs.build.outputs.sha_tag }}|" .env | |
| # 만약 .env 파일에 BACKEND_IMAGE_TAG 라인이 아예 없다면 추가해줍니다. | |
| if ! grep -q "BACKEND_IMAGE_TAG=" .env; then | |
| echo "BACKEND_IMAGE_TAG=${{ secrets.DOCKERHUB_USERNAME }}/leafy-backend:${{ needs.build.outputs.sha_tag }}" >> .env | |
| fi | |
| echo "Updated .env file with new backend image tag." | |
| # Docker 로그인 | |
| sudo docker login -u "${{ secrets.DOCKERHUB_USERNAME }}" -p "${{ secrets.DOCKERHUB_TOKEN }}" | |
| # 백엔드 서비스만 새로 pull 받고 재시작 | |
| sudo docker-compose pull leafy-backend | |
| # --no-deps: postgres, front는 건드리지 않음 | |
| sudo docker-compose up -d --no-deps --force-recreate leafy-backend | |
| sudo docker image prune -af | |
| - name: Remove SSH Rule (Close) | |
| if: always() # 실패해도 무조건 실행 | |
| run: | | |
| aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 |