Merge pull request #265 from SWM-NM/feat/#264

✨ [FEAT] 인프라 변경 및 cicd bastion host 거치도록 설정#264
SWM-Morandi · Sep 13, 2023 · 0e3d316 · 0e3d316
2 parents d643a3d + f2edf91
commit 0e3d316
Show file tree

Hide file tree

Showing 2 changed files with 55 additions and 9 deletions.
diff --git a/.docker-compose.yml.swp b/.docker-compose.yml.swp
diff --git a/.github/workflows/cicd.yml b/.github/workflows/cicd.yml
@@ -15,7 +15,8 @@ env:
   AWS_REGION: ap-northeast-2
   ECR_REPOSITORY: morandi-backend
   ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }}
-  EC2_HOST: ${{ secrets.EC2_HOST }}
+  EC2_BASTION_HOST: ${{ secrets.EC2_BASTION_HOST }}
+  EC2_BACKEND_HOST: ${{ secrets.EC2_BACKEND_HOST }} # EC2 인스턴스의 Private IP
   GITHUB_SHA: ${{ github.sha }}
 
 permissions:
@@ -67,20 +68,65 @@ jobs:
       - name: appleboy SSH and Deploy to EC2
         uses: appleboy/ssh-action@master # ssh 접속하는 오픈소스
         with:
-          host: ${{ env.EC2_HOST }}
+          host: ${{ env.EC2_BASTION_HOST }}
           debug: true
           username: ubuntu
           key: ${{ secrets.SSH_SECRET_ACCESS_KEY }}
           port: 22
+          envs: EC2_BACKEND_HOST,GITHUB_SHA,ECR_REGISTRY
           script: |
-            export TAG=${{env.GITHUB_SHA}}
-            export ECR_REGISTRY=${{env.ECR_REGISTRY}}
-            cd /home/ubuntu/morandi-backend
+#            export EC2_BACKEND_HOST=${{env.EC2_BACKEND_HOST}} # EC2 인스턴스의 Private IP
+#            export TAG=${{env.GITHUB_SHA}}
+#            export ECR_REGISTRY=${{env.ECR_REGISTRY}}
 
-            docker-compose down
+            # 첫 번째 SSH 접속으로 터널을 생성
+            ssh -i ~/.ssh/swm-nm-morandi.pem -f -N -L 8080:$EC2_BACKEND_HOST:22 ubuntu@$EC2_BACKEND_HOST
 
-            # ECR에서 이미지 가져오기
+            # SSH 터널이 완전히 열릴 시간을 주기 위해 대기
+            sleep 5
 
-            docker pull $ECR_REGISTRY:latest
+            # 원격 서버에서 도커 관련 작업 수행
+            ssh -p 8080 -i ~/.ssh/swm-nm-morandi.pem ubuntu@localhost << ENDSSH
+
+              cd /home/ubuntu/morandi-backend
+              docker-compose down
+              docker pull $ECR_REGISTRY:latest
+              docker-compose up -d
+            ENDSSH
 
-            docker-compose up -d
+            # SSH 터널을 종료
+            kill $(lsof -t -i:8080)
+
+
+#            export EC2_BACKEND_HOST=${{env.EC2_BACKEND_HOST}} # EC2 인스턴스의 Private IP
+#
+#            ssh -i ~/.ssh/swm-nm-morandi.pem ubuntu@$EC2_BACKEND_HOST & SSH_TUNNEL_PID=$!
+#            if [ -z "$SSH_TUNNEL_PID" ]; then
+#              echo "SSH Tunnel failed to start. Exiting."
+#              exit 1
+#            fi
+#
+#
+#
+#            echo "SSH Tunnel PID: $SSH_TUNNEL_PID"
+#            # SSH 터널이 완전히 열릴 시간을 주기 위해 5초 대기
+#            sleep 5
+#
+#            export TAG=${{env.GITHUB_SHA}}
+#            export ECR_REGISTRY=${{env.ECR_REGISTRY}}
+#            cd /home/ubuntu/morandi-backend
+#
+#            docker-compose down
+#
+#            # ECR에서 이미지 가져오기
+#
+#            docker pull $ECR_REGISTRY:latest
+#
+#            docker-compose up -d
+#
+#            if [ -e /proc/$SSH_TUNNEL_PID ]; then
+#              kill $SSH_TUNNEL_PID
+#            else
+#              echo "SSH Tunnel process does not exist. Something went wrong."
+#              exit 1
+#            fi