✨ [FEAT] 인프라 변경 및 cicd bastion host 거치도록 설정#264 #16
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow uses actions that are not certified by GitHub. | ||
# They are provided by a third-party and are governed by | ||
# separate terms of service, privacy policy, and support | ||
# documentation. | ||
# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time | ||
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle | ||
name: CICD Pipeline | ||
on: | ||
push: | ||
branches: [ "master" ] | ||
env: | ||
AWS_REGION: ap-northeast-2 | ||
ECR_REPOSITORY: morandi-backend | ||
ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }} | ||
EC2_BASTION_HOST: ${{ secrets.EC2_BASTION_HOST }} | ||
EC2_BACKEND_HOST: ${{ secrets.EC2_BACKEND_HOST }} # EC2 인스턴스의 Private IP | ||
GITHUB_SHA: ${{ github.sha }} | ||
permissions: | ||
contents: read | ||
jobs: | ||
build: | ||
runs-on: ubuntu-latest | ||
steps: | ||
- name: Checkout | ||
uses: actions/checkout@v3 | ||
# Gradle 빌드를 추가합니다. | ||
- name: Set up JDK 11 | ||
uses: actions/setup-java@v2 | ||
with: | ||
distribution: 'adopt' | ||
java-version: '11' | ||
# GitHub Secret에서 application-prod.yml 내용을 불러와 파일로 저장 | ||
- name: Create application-prod.yml from GitHub Secret | ||
run: echo "${{ secrets.APPLICATION_YML }}" > src/main/resources/application.yml | ||
- name: Build with Gradle | ||
run: ./gradlew clean bootJar -x test | ||
- name: Configure AWS Credentials | ||
uses: aws-actions/configure-aws-credentials@v1 | ||
with: | ||
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | ||
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | ||
aws-region: ${{ env.AWS_REGION }} | ||
mask-aws-account-id: true # AWS 계정 ID를 마스킹하여 보안 강화 | ||
- name: Login to Public ECR | ||
run: aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/s7z8j0e6 | ||
- name: Build Docker Image | ||
run: docker build -t morandi-backend . | ||
- name: Tag Docker Image | ||
run: docker tag morandi-backend:latest ${{ env.ECR_REGISTRY }}:latest | ||
- name: Push Docker Image to ECR | ||
run: docker push ${{ env.ECR_REGISTRY }}:latest | ||
- name: appleboy SSH and Deploy to EC2 | ||
uses: appleboy/ssh-action@master # ssh 접속하는 오픈소스 | ||
with: | ||
host: ${{ env.EC2_BASTION_HOST }} | ||
debug: true | ||
username: ubuntu | ||
key: ${{ secrets.SSH_SECRET_ACCESS_KEY }} | ||
port: 22 | ||
envs: EC2_BACKEND_HOST,GITHUB_SHA,ECR_REGISTRY | ||
script: | | ||
# export EC2_BACKEND_HOST=${{env.EC2_BACKEND_HOST}} # EC2 인스턴스의 Private IP | ||
# export TAG=${{env.GITHUB_SHA}} | ||
# export ECR_REGISTRY=${{env.ECR_REGISTRY}} | ||
# 첫 번째 SSH 접속으로 터널을 생성 | ||
ssh -i ~/.ssh/swm-nm-morandi.pem -f -N -L 8080:$EC2_BACKEND_HOST:22 ubuntu@$EC2_BACKEND_HOST | ||
# SSH 터널이 완전히 열릴 시간을 주기 위해 대기 | ||
sleep 5 | ||
# 원격 서버에서 도커 관련 작업 수행 | ||
ssh -p 8080 -i ~/.ssh/swm-nm-morandi.pem ubuntu@localhost << ENDSSH | ||
cd /home/ubuntu/morandi-backend | ||
docker-compose down | ||
docker pull $ECR_REGISTRY:latest | ||
docker-compose up -d | ||
ENDSSH | ||
# SSH 터널을 종료 | ||
kill $(lsof -t -i:8080) | ||
# export EC2_BACKEND_HOST=${{env.EC2_BACKEND_HOST}} # EC2 인스턴스의 Private IP | ||
# | ||
# ssh -i ~/.ssh/swm-nm-morandi.pem ubuntu@$EC2_BACKEND_HOST & SSH_TUNNEL_PID=$! | ||
# if [ -z "$SSH_TUNNEL_PID" ]; then | ||
# echo "SSH Tunnel failed to start. Exiting." | ||
# exit 1 | ||
# fi | ||
# | ||
# | ||
# | ||
# echo "SSH Tunnel PID: $SSH_TUNNEL_PID" | ||
# # SSH 터널이 완전히 열릴 시간을 주기 위해 5초 대기 | ||
# sleep 5 | ||
# | ||
# export TAG=${{env.GITHUB_SHA}} | ||
# export ECR_REGISTRY=${{env.ECR_REGISTRY}} | ||
# cd /home/ubuntu/morandi-backend | ||
# | ||
# docker-compose down | ||
# | ||
# # ECR에서 이미지 가져오기 | ||
# | ||
# docker pull $ECR_REGISTRY:latest | ||
# | ||
# docker-compose up -d | ||
# | ||
# if [ -e /proc/$SSH_TUNNEL_PID ]; then | ||
# kill $SSH_TUNNEL_PID | ||
# else | ||
# echo "SSH Tunnel process does not exist. Something went wrong." | ||
# exit 1 | ||
# fi |