chore: nginx 도입에 따른 CI/CD 워크플로우 수정 (#396)

* chore: nginx 컨테이너 세팅 Co-Authored-By: 도모 <[email protected]> Co-Authored-By: yb__char <[email protected]> * chore: 빌드 및 배포 잡 통합 Co-Authored-By: 도모 <[email protected]> Co-Authored-By: yb__char <[email protected]> * chore: 도커허브 로그인으로 변경 Co-Authored-By: 도모 <[email protected]> Co-Authored-By: yb__char <[email protected]> * chore: 메타데이터 액션을 사용하도록 변경 Co-Authored-By: 도모 <[email protected]> Co-Authored-By: yb__char <[email protected]> * chore: 배포 스크립트 관련 설정 수정 Co-Authored-By: 도모 <[email protected]> Co-Authored-By: yb__char <[email protected]> * chore: docker-compose 전송 설정 변경 Co-Authored-By: 도모 <[email protected]> Co-Authored-By: yb__char <[email protected]> * chore: 이미지 태그 직접 추출하는 스텝 제거 Co-Authored-By: 도모 <[email protected]> Co-Authored-By: yb__char <[email protected]> * chore: 상용 워크플로 컴포즈 파일 전송 설정 변경 Co-Authored-By: 도모 <[email protected]> Co-Authored-By: yb__char <[email protected]> * fix: 오타 수정 Co-Authored-By: 도모 <[email protected]> Co-Authored-By: yb__char <[email protected]> * fix: 도커허브 유저네임 오타 수정 Co-Authored-By: 도모 <[email protected]> Co-Authored-By: yb__char <[email protected]> * chore: nginx 리로드 커맨드 추가 Co-Authored-By: 도모 <[email protected]> Co-Authored-By: yb__char <[email protected]> * chore: 수동 배포 워크플로 수정 Co-Authored-By: 도모 <[email protected]> Co-Authored-By: yb__char <[email protected]> * chore: default.conf 전송 스텝 추가 Co-Authored-By: 도모 <[email protected]> Co-Authored-By: yb__char <[email protected]> * chore: 테스트 트리거 활성화 * chore: 절대경로로 수정 * chore: ssh-action 버전 변경 * chore: 파일 전송 스텝 임시 비활성화 * chore: ssh debug 활성화 * chore: docker-compose backend image 환경변수 변경 * style: rsync 주석 해제 * chore: rsync version downgrade * chore: docker-compose.yaml에 DOCKERHUB_IMAGE_NAME 환경변수 추가 * chore: rsync version update test * chore: production에도 변경 된 내용 적용 * chore: 트리거 제거 --------- Co-authored-by: 도모 <[email protected]> Co-authored-by: yb__char <[email protected]> Co-authored-by: kdomo <[email protected]>
depromeet · May 16, 2024 · c98de04 · c98de04
1 parent fd3649a
commit c98de04
Show file tree

Hide file tree

Showing 6 changed files with 163 additions and 111 deletions.
diff --git a/.github/workflows/develop_build_deploy.yml b/.github/workflows/develop_build_deploy.yml
@@ -4,17 +4,19 @@ on:
   push:
     branches: [ "develop" ]
 
+env:
+  DOCKERHUB_USERNAME: tenminutes
+  DOCKERHUB_IMAGE_NAME: 10mm-server
+
 jobs:
-  build:
+  build-deploy:
     runs-on: ubuntu-latest
     environment: DEV
     strategy:
       matrix:
         java-version: [ 17 ]
         distribution: [ 'temurin' ]
-    outputs:
-      # IMAGE_TAG 환경 변수를 다른 Job에서 사용하기 위해 설정
-      image-tag: ${{ steps.image-tag.outputs.value }}
+
     steps:
       # 기본 체크아웃
       - name: Checkout
@@ -27,11 +29,6 @@ jobs:
           java-version: ${{ matrix.java-version }}
           distribution: ${{ matrix.distribution }}
 
-      # 이미지 태그 설정
-      - name: Set up image-tag by GITHUB_SHA
-        id: image-tag
-        run: echo "value=$(echo ${GITHUB_SHA::7})" >> $GITHUB_OUTPUT
-
       # test 돌릴때 레디스 필요
       - name: Start containers
         run: docker-compose -f ./docker-compose-test.yaml up -d
@@ -50,33 +47,52 @@ jobs:
             --scan
           cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/develop' }}
 
-      # NCP Container Registry 로그인
-      - name: Login to NCP Container Registry
+      # Dockerhub 로그인
+      - name: Login to Dockerhub
         uses: docker/login-action@v3
         with:
-          registry: ${{ secrets.NCP_CONTAINER_REGISTRY }}
-          username: ${{ secrets.NCP_ACCESS_KEY }}
-          password: ${{ secrets.NCP_SECRET_KEY }}
+          username: ${{ env.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
+
+      # Docker 메타데이터 추출
+      - name: Extract Docker metadata
+        id: metadata
+        uses: docker/[email protected]
+        env:
+          DOCKERHUB_IMAGE_FULL_NAME: ${{ env.DOCKERHUB_USERNAME }}/${{ env.DOCKERHUB_IMAGE_NAME }}
+        with:
+          images: ${{ env.DOCKERHUB_IMAGE_FULL_NAME }}
+          tags: |
+            type=sha,prefix=
 
-      # Docker 이미지 빌드 및 푸시
+      # Docker 이미지 빌드 및 도커허브로 푸시
       - name: Docker Build and Push
         uses: docker/build-push-action@v5
         with:
           context: .
           push: true
-          tags: ${{ secrets.NCP_CONTAINER_REGISTRY }}/server-spring:${{ steps.image-tag.outputs.value }}
+          tags: ${{ steps.metadata.outputs.tags }}
 
       # 서버로 docker-compose 파일 전송
-      - name: copy source via ssh key
-        uses: burnett01/rsync-deployments@4.1
+      - name: Copy docker-compose file to EC2
+        uses: burnett01/rsync-deployments@7.0.1
         with:
           switches: -avzr --delete
-          remote_host: ${{ secrets.NCP_HOST }}
-          remote_user: ${{ secrets.NCP_USERNAME }}
-          remote_port: ${{ secrets.NCP_PORT }}
-          remote_key: ${{ secrets.NCP_PRIVATE_KEY }}
+          remote_host: ${{ secrets.EC2_HOST }}
+          remote_user: ${{ secrets.EC2_USERNAME }}
+          remote_key: ${{ secrets.EC2_PRIVATE_KEY }}
           path: docker-compose.yaml
-          remote_path: /home/tenminute/
+          remote_path: /home/ec2-user/
+
+      - name: Copy default.conf to EC2
+        uses: burnett01/[email protected]
+        with:
+          switches: -avzr --delete
+          remote_host: ${{ secrets.EC2_HOST }}
+          remote_user: ${{ secrets.EC2_USERNAME }}
+          remote_key: ${{ secrets.EC2_PRIVATE_KEY }}
+          path: ./nginx
+          remote_path: /home/ec2-user/
 
       # 슬랙으로 빌드 스캔 결과 전송
       - name: Send to slack
@@ -89,26 +105,20 @@ jobs:
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
 
-  deploy:
-    runs-on: ubuntu-latest
-    environment: DEV
-    needs: build
-    steps:
-      - name: Deploy to NCP Server
-        uses: appleboy/ssh-action@master
+      # EC2로 배포
+      - name: Deploy to EC2 Server
+        uses: appleboy/[email protected]
         env:
-          NCP_CONTAINER_REGISTRY: ${{ secrets.NCP_CONTAINER_REGISTRY }}
-          NCP_IMAGE_TAG: ${{ needs.build.outputs.image-tag }}
+          IMAGE_FULL_URL: ${{ steps.metadata.outputs.tags }}
+          DOCKERHUB_IMAGE_NAME: ${{ env.DOCKERHUB_IMAGE_NAME }}
         with:
-          host: ${{ secrets.NCP_HOST }}
-          username: ${{ secrets.NCP_USERNAME }}
-          key: ${{ secrets.NCP_PRIVATE_KEY }}
-          port: ${{ secrets.NCP_PORT }}
-          envs: NCP_CONTAINER_REGISTRY,NCP_IMAGE_TAG  # docker-compose.yml 에서 사용할 환경 변수
+          host: ${{ secrets.EC2_HOST }}
+          username: ${{ secrets.EC2_USERNAME }}
+          key: ${{ secrets.EC2_PRIVATE_KEY }}
+          envs: IMAGE_FULL_URL, DOCKERHUB_IMAGE_NAME # docker-compose.yml 에서 사용할 환경 변수
+          debug: true
           script: |
-            echo "${{ secrets.NCP_SECRET_KEY }}" | docker login -u "${{ secrets.NCP_ACCESS_KEY }}" --password-stdin "${{ secrets.NCP_CONTAINER_REGISTRY }}"
-            docker pull ${{ secrets.NCP_CONTAINER_REGISTRY }}/server-spring:${{ env.NCP_IMAGE_TAG }}
-            SWAGGER_VERSION=${{ env.NCP_IMAGE_TAG }}
-            sed -i "s/SWAGGER_VERSION=.*/SWAGGER_VERSION=$SWAGGER_VERSION/" .env
-            docker compose -f /home/tenminute/docker-compose.yaml up -d
+            echo "${{ secrets.DOCKERHUB_ACCESS_TOKEN }}" | docker login -u "${{ env.DOCKERHUB_USERNAME }}" --password-stdin
+            docker compose up -d
+            docker exec -d nginx nginx -s reload
             docker image prune -a -f
diff --git a/.github/workflows/develop_deploy.yml b/.github/workflows/develop_deploy.yml
@@ -7,26 +7,28 @@ on:
         description: 'commit_hash'
         required: true
 
+env:
+  DOCKERHUB_USERNAME: tenminutes
+  DOCKERHUB_IMAGE_NAME: 10mm-server
+
 jobs:
   deploy:
     runs-on: ubuntu-latest
     environment: DEV
     steps:
-      - name: Deploy to NCP Server
+      # EC2로 배포
+      - name: Deploy to EC2 Server
         uses: appleboy/ssh-action@master
         env:
-          NCP_CONTAINER_REGISTRY: ${{ secrets.NCP_CONTAINER_REGISTRY }}
-          NCP_IMAGE_TAG: ${{ github.event.inputs.commit_hash }}
+          IMAGE_FULL_URL: ${{ steps.metadata.outputs.tags }}
+          DOCKERHUB_IMAGE_NAME: ${{ env.DOCKERHUB_IMAGE_NAME }}
         with:
-          host: ${{ secrets.NCP_HOST }}
-          username: tenminute
-          key: ${{ secrets.NCP_PRIVATE_KEY }}
-          port: ${{ secrets.NCP_PORT }}
-          envs: NCP_CONTAINER_REGISTRY,NCP_IMAGE_TAG  # docker-compose.yml 에서 사용할 환경 변수
+          host: ${{ secrets.EC2_HOST }}
+          username: ${{ secrets.EC2_USERNAME }}
+          key: ${{ secrets.EC2_PRIVATE_KEY }}
+          envs: IMAGE_FULL_URL, DOCKERHUB_IMAGE_NAME # docker-compose.yml 에서 사용할 환경 변수
           script: |
-            echo "${{ secrets.NCP_SECRET_KEY }}" | docker login -u "${{ secrets.NCP_ACCESS_KEY }}" --password-stdin "${{ secrets.NCP_CONTAINER_REGISTRY }}"
-            docker pull ${{ secrets.NCP_CONTAINER_REGISTRY }}/server-spring:${{ github.event.inputs.commit_hash }}
-            SWAGGER_VERSION=${{ env.NCP_IMAGE_TAG }}
-            sed -i "s/SWAGGER_VERSION=.*/SWAGGER_VERSION=$SWAGGER_VERSION/" .env
-            docker compose -f /home/tenminute/docker-compose.yaml up -d
+            echo "${{ secrets.DOCKERHUB_ACCESS_TOKEN }}" | docker login -u "${{ env.DOCKERHUB_USERNAME }}" --password-stdin
+            docker compose up -d
+            docker exec -d nginx nginx -s reload
             docker image prune -a -f
diff --git a/.github/workflows/production_build_deploy.yml b/.github/workflows/production_build_deploy.yml
@@ -5,17 +5,19 @@ on:
     tags:
       - v*.*.*
 
+env:
+  DOCKERHUB_USERNAME: tenminutes
+  DOCKERHUB_IMAGE_NAME: 10mm-server
+
 jobs:
-  build:
+  build-deploy:
     runs-on: ubuntu-latest
     environment: PROD
     strategy:
       matrix:
         java-version: [ 17 ]
         distribution: [ 'temurin' ]
-    outputs:
-      # IMAGE_TAG 환경 변수를 다른 Job에서 사용하기 위해 설정
-      image-tag: ${{ steps.image-tag.outputs.value }}
+
     steps:
       # 기본 체크아웃
       - name: Checkout
@@ -28,11 +30,6 @@ jobs:
           java-version: ${{ matrix.java-version }}
           distribution: ${{ matrix.distribution }}
 
-      # 이미지 태그 설정
-      - name: Set up image-tag by Releases Tag
-        id: image-tag
-        run: echo "value=$(cut -d'v' -f2 <<< ${GITHUB_REF#refs/*/})" >> $GITHUB_OUTPUT
-
       # test 돌릴때 레디스 필요
       - name: Start containers
         run: docker-compose -f ./docker-compose-test.yaml up -d
@@ -51,33 +48,62 @@ jobs:
             --scan
           cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/develop' }}
 
-      # NCP Container Registry 로그인
-      - name: Login to NCP Container Registry
+      # Dockerhub 로그인
+      - name: Login to Dockerhub
         uses: docker/login-action@v3
         with:
-          registry: ${{ secrets.NCP_CONTAINER_REGISTRY }}
-          username: ${{ secrets.NCP_ACCESS_KEY }}
-          password: ${{ secrets.NCP_SECRET_KEY }}
+          username: ${{ env.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }}
+
+      # Docker 메타데이터 추출
+      - name: Extract Docker metadata
+        id: metadata
+        uses: docker/[email protected]
+        env:
+          DOCKERHUB_IMAGE_FULL_NAME: ${{ env.DOCKERHUB_USERNAME }}/${{ env.DOCKERHUB_IMAGE_NAME }}
+        with:
+          images: ${{ env.DOCKERHUB_IMAGE_FULL_NAME }}
+          tags: |
+            type=semver,pattern={{version}}
+          flavor: |
+            latest=false
+
+      # 멀티 아키텍처 지원을 위한 QEMU 설정
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v3
 
-      # Docker 이미지 빌드 및 푸시
+      # 도커 확장 빌드를 위한 Buildx 설정
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      # Docker 이미지 빌드 및 도커허브로 푸시
       - name: Docker Build and Push
         uses: docker/build-push-action@v5
         with:
           context: .
           push: true
-          tags: ${{ secrets.NCP_CONTAINER_REGISTRY }}/server-spring:${{ steps.image-tag.outputs.value }}
+          tags: ${{ steps.metadata.outputs.tags }}
 
       # 서버로 docker-compose 파일 전송
-      - name: copy source via ssh key
-        uses: burnett01/rsync-deployments@4.1
+      - name: Copy docker-compose file to EC2
+        uses: burnett01/rsync-deployments@7.0.1
         with:
           switches: -avzr --delete
-          remote_host: ${{ secrets.NCP_HOST }}
-          remote_user: ${{ secrets.NCP_USERNAME }}
-          remote_port: ${{ secrets.NCP_PORT }}
-          remote_key: ${{ secrets.NCP_PRIVATE_KEY }}
+          remote_host: ${{ secrets.EC2_HOST }}
+          remote_user: ${{ secrets.EC2_USERNAME }}
+          remote_key: ${{ secrets.EC2_PRIVATE_KEY }}
           path: docker-compose.yaml
-          remote_path: /home/tenminute/
+          remote_path: /
+
+      - name: Copy default.conf to EC2
+        uses: burnett01/[email protected]
+        with:
+          switches: -avzr --delete
+          remote_host: ${{ secrets.EC2_HOST }}
+          remote_user: ${{ secrets.EC2_USERNAME }}
+          remote_key: ${{ secrets.EC2_PRIVATE_KEY }}
+          path: ./nginx
+          remote_path: /
 
       # 슬랙으로 빌드 스캔 결과 전송
       - name: Send to slack
@@ -90,26 +116,18 @@ jobs:
         env:
           SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }}
 
-  deploy:
-    runs-on: ubuntu-latest
-    environment: PROD
-    needs: build
-    steps:
-      - name: Deploy to NCP Server
+      # EC2로 배포
+      - name: Deploy to EC2 Server
         uses: appleboy/ssh-action@master
         env:
-          NCP_CONTAINER_REGISTRY: ${{ secrets.NCP_CONTAINER_REGISTRY }}
-          NCP_IMAGE_TAG: ${{ needs.build.outputs.image-tag }}
+          IMAGE_FULL_URL: ${{ steps.metadata.outputs.tags }}
         with:
-          host: ${{ secrets.NCP_HOST }}
-          username: ${{ secrets.NCP_USERNAME }}
-          key: ${{ secrets.NCP_PRIVATE_KEY }}
-          port: ${{ secrets.NCP_PORT }}
-          envs: NCP_CONTAINER_REGISTRY,NCP_IMAGE_TAG  # docker-compose.yml 에서 사용할 환경 변수
+          host: ${{ secrets.EC2_HOST }}
+          username: ${{ secrets.EC2_USERNAME }}
+          key: ${{ secrets.EC2_PRIVATE_KEY }}
+          envs: IMAGE_FULL_URL, DOCKERHUB_IMAGE_NAME # docker-compose.yml 에서 사용할 환경 변수
           script: |
-            echo "${{ secrets.NCP_SECRET_KEY }}" | docker login -u "${{ secrets.NCP_ACCESS_KEY }}" --password-stdin "${{ secrets.NCP_CONTAINER_REGISTRY }}"
-            docker pull ${{ secrets.NCP_CONTAINER_REGISTRY }}/server-spring:${{ env.NCP_IMAGE_TAG }}
-            SWAGGER_VERSION=${{ env.NCP_IMAGE_TAG }}
-            sed -i "s/SWAGGER_VERSION=.*/SWAGGER_VERSION=$SWAGGER_VERSION/" .env
-            docker compose -f /home/tenminute/docker-compose.yaml up -d
+            echo "${{ secrets.DOCKERHUB_ACCESS_TOKEN }}" | docker login -u "${{ env.DOCKERHUB_USERNAME }}" --password-stdin
+            docker compose up -d
+            docker exec -d nginx nginx -s reload
             docker image prune -a -f
diff --git a/.github/workflows/production_deploy.yml b/.github/workflows/production_deploy.yml
@@ -7,26 +7,28 @@ on:
         description: 'version'
         required: true
 
+env:
+  DOCKERHUB_USERNAME: tenminutes
+  DOCKERHUB_IMAGE_NAME: 10mm-server
+
 jobs:
   deploy:
     runs-on: ubuntu-latest
     environment: PROD
     steps:
-      - name: Deploy to NCP Server
+      # EC2로 배포
+      - name: Deploy to EC2 Server
         uses: appleboy/ssh-action@master
         env:
-          NCP_CONTAINER_REGISTRY: ${{ secrets.NCP_CONTAINER_REGISTRY }}
-          NCP_IMAGE_TAG: ${{ github.event.inputs.version }}
+          IMAGE_FULL_URL: ${{ steps.metadata.outputs.tags }}
+          DOCKERHUB_IMAGE_NAME: ${{ env.DOCKERHUB_IMAGE_NAME }}
         with:
-          host: ${{ secrets.NCP_HOST }}
-          username: tenminute
-          key: ${{ secrets.NCP_PRIVATE_KEY }}
-          port: ${{ secrets.NCP_PORT }}
-          envs: NCP_CONTAINER_REGISTRY,NCP_IMAGE_TAG  # docker-compose.yml 에서 사용할 환경 변수
+          host: ${{ secrets.EC2_HOST }}
+          username: ${{ secrets.EC2_USERNAME }}
+          key: ${{ secrets.EC2_PRIVATE_KEY }}
+          envs: IMAGE_FULL_URL, DOCKERHUB_IMAGE_NAME # docker-compose.yml 에서 사용할 환경 변수
           script: |
-            echo "${{ secrets.NCP_SECRET_KEY }}" | docker login -u "${{ secrets.NCP_ACCESS_KEY }}" --password-stdin "${{ secrets.NCP_CONTAINER_REGISTRY }}"
-            docker pull ${{ secrets.NCP_CONTAINER_REGISTRY }}/server-spring:${{ github.event.inputs.version }}
-            SWAGGER_VERSION=${{ env.NCP_IMAGE_TAG }}
-            sed -i "s/SWAGGER_VERSION=.*/SWAGGER_VERSION=$SWAGGER_VERSION/" .env
-            docker compose -f /home/tenminute/docker-compose.yaml up -d
+            echo "${{ secrets.DOCKERHUB_ACCESS_TOKEN }}" | docker login -u "${{ env.DOCKERHUB_USERNAME }}" --password-stdin
+            docker compose up -d
+            docker exec -d nginx nginx -s reload
             docker image prune -a -f
diff --git a/docker-compose.yaml b/docker-compose.yaml
@@ -2,8 +2,8 @@ version: "3.8"
 
 services:
   backend:
-    image: ${NCP_CONTAINER_REGISTRY}/server-spring:${NCP_IMAGE_TAG}
-    container_name: server-spring
+    image: ${IMAGE_FULL_URL}
+    container_name: ${DOCKERHUB_IMAGE_NAME}
     restart: always
     environment:
       - TZ=Asia/Seoul
@@ -18,3 +18,11 @@ services:
     environment:
       - TZ=Asia/Seoul
     network_mode: "host"
+  nginx:
+    image: "nginx:alpine"
+    container_name: nginx
+    environment:
+      - TZ=Asia/Seoul
+    network_mode: host
+    volumes:
+      - ./nginx/default.conf:/etc/nginx/conf.d/default.conf