Skip to content

✨ [FEAT] 인프라 변경 및 cicd bastion host 거치도록 설정#264 #16

✨ [FEAT] 인프라 변경 및 cicd bastion host 거치도록 설정#264

✨ [FEAT] 인프라 변경 및 cicd bastion host 거치도록 설정#264 #16

Workflow file for this run

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle
name: CICD Pipeline
on:
push:
branches: [ "master" ]
env:
AWS_REGION: ap-northeast-2
ECR_REPOSITORY: morandi-backend
ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }}
EC2_BASTION_HOST: ${{ secrets.EC2_BASTION_HOST }}
EC2_BACKEND_HOST: ${{ secrets.EC2_BACKEND_HOST }} # EC2 인스턴스의 Private IP
GITHUB_SHA: ${{ github.sha }}
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v3
# Gradle 빌드를 추가합니다.
- name: Set up JDK 11
uses: actions/setup-java@v2
with:
distribution: 'adopt'
java-version: '11'
# GitHub Secret에서 application-prod.yml 내용을 불러와 파일로 저장
- name: Create application-prod.yml from GitHub Secret
run: echo "${{ secrets.APPLICATION_YML }}" > src/main/resources/application.yml
- name: Build with Gradle
run: ./gradlew clean bootJar -x test
- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ${{ env.AWS_REGION }}
mask-aws-account-id: true # AWS 계정 ID를 마스킹하여 보안 강화
- name: Login to Public ECR
run: aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/s7z8j0e6
- name: Build Docker Image
run: docker build -t morandi-backend .
- name: Tag Docker Image
run: docker tag morandi-backend:latest ${{ env.ECR_REGISTRY }}:latest
- name: Push Docker Image to ECR
run: docker push ${{ env.ECR_REGISTRY }}:latest
- name: appleboy SSH and Deploy to EC2
uses: appleboy/ssh-action@master # ssh 접속하는 오픈소스
with:

Check failure on line 70 in .github/workflows/cicd.yml

View workflow run for this annotation

GitHub Actions / .github/workflows/cicd.yml

Invalid workflow file

You have an error in your yaml syntax on line 70
host: ${{ env.EC2_BASTION_HOST }}
debug: true
username: ubuntu
key: ${{ secrets.SSH_SECRET_ACCESS_KEY }}
port: 22
envs: EC2_BACKEND_HOST,GITHUB_SHA,ECR_REGISTRY
script: |
# export EC2_BACKEND_HOST=${{env.EC2_BACKEND_HOST}} # EC2 인스턴스의 Private IP
# export TAG=${{env.GITHUB_SHA}}
# export ECR_REGISTRY=${{env.ECR_REGISTRY}}
# 첫 번째 SSH 접속으로 터널을 생성
ssh -i ~/.ssh/swm-nm-morandi.pem -f -N -L 8080:$EC2_BACKEND_HOST:22 ubuntu@$EC2_BACKEND_HOST
# SSH 터널이 완전히 열릴 시간을 주기 위해 대기
sleep 5
# 원격 서버에서 도커 관련 작업 수행
ssh -p 8080 -i ~/.ssh/swm-nm-morandi.pem ubuntu@localhost << ENDSSH
cd /home/ubuntu/morandi-backend
docker-compose down
docker pull $ECR_REGISTRY:latest
docker-compose up -d
ENDSSH
# SSH 터널을 종료
kill $(lsof -t -i:8080)
# export EC2_BACKEND_HOST=${{env.EC2_BACKEND_HOST}} # EC2 인스턴스의 Private IP
#
# ssh -i ~/.ssh/swm-nm-morandi.pem ubuntu@$EC2_BACKEND_HOST & SSH_TUNNEL_PID=$!
# if [ -z "$SSH_TUNNEL_PID" ]; then
# echo "SSH Tunnel failed to start. Exiting."
# exit 1
# fi
#
#
#
# echo "SSH Tunnel PID: $SSH_TUNNEL_PID"
# # SSH 터널이 완전히 열릴 시간을 주기 위해 5초 대기
# sleep 5
#
# export TAG=${{env.GITHUB_SHA}}
# export ECR_REGISTRY=${{env.ECR_REGISTRY}}
# cd /home/ubuntu/morandi-backend
#
# docker-compose down
#
# # ECR에서 이미지 가져오기
#
# docker pull $ECR_REGISTRY:latest
#
# docker-compose up -d
#
# if [ -e /proc/$SSH_TUNNEL_PID ]; then
# kill $SSH_TUNNEL_PID
# else
# echo "SSH Tunnel process does not exist. Something went wrong."
# exit 1
# fi