From c98de04d3ebbcbffe38e4fd89a0c1bc4b3fcbabf Mon Sep 17 00:00:00 2001 From: Jaehyun Ahn <91878695+uwoobeat@users.noreply.github.com> Date: Thu, 16 May 2024 23:25:37 +0900 Subject: [PATCH] =?UTF-8?q?chore:=20nginx=20=EB=8F=84=EC=9E=85=EC=97=90=20?= =?UTF-8?q?=EB=94=B0=EB=A5=B8=20CI/CD=20=EC=9B=8C=ED=81=AC=ED=94=8C?= =?UTF-8?q?=EB=A1=9C=EC=9A=B0=20=EC=88=98=EC=A0=95=20(#396)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * chore: nginx 컨테이너 세팅 Co-Authored-By: 도모 Co-Authored-By: yb__char <68099546+uiurihappy@users.noreply.github.com> * chore: 빌드 및 배포 잡 통합 Co-Authored-By: 도모 Co-Authored-By: yb__char <68099546+uiurihappy@users.noreply.github.com> * chore: 도커허브 로그인으로 변경 Co-Authored-By: 도모 Co-Authored-By: yb__char <68099546+uiurihappy@users.noreply.github.com> * chore: 메타데이터 액션을 사용하도록 변경 Co-Authored-By: 도모 Co-Authored-By: yb__char <68099546+uiurihappy@users.noreply.github.com> * chore: 배포 스크립트 관련 설정 수정 Co-Authored-By: 도모 Co-Authored-By: yb__char <68099546+uiurihappy@users.noreply.github.com> * chore: docker-compose 전송 설정 변경 Co-Authored-By: 도모 Co-Authored-By: yb__char <68099546+uiurihappy@users.noreply.github.com> * chore: 이미지 태그 직접 추출하는 스텝 제거 Co-Authored-By: 도모 Co-Authored-By: yb__char <68099546+uiurihappy@users.noreply.github.com> * chore: 상용 워크플로 컴포즈 파일 전송 설정 변경 Co-Authored-By: 도모 Co-Authored-By: yb__char <68099546+uiurihappy@users.noreply.github.com> * fix: 오타 수정 Co-Authored-By: 도모 Co-Authored-By: yb__char <68099546+uiurihappy@users.noreply.github.com> * fix: 도커허브 유저네임 오타 수정 Co-Authored-By: 도모 Co-Authored-By: yb__char <68099546+uiurihappy@users.noreply.github.com> * chore: nginx 리로드 커맨드 추가 Co-Authored-By: 도모 Co-Authored-By: yb__char <68099546+uiurihappy@users.noreply.github.com> * chore: 수동 배포 워크플로 수정 Co-Authored-By: 도모 Co-Authored-By: yb__char <68099546+uiurihappy@users.noreply.github.com> * chore: default.conf 전송 스텝 추가 Co-Authored-By: 도모 Co-Authored-By: yb__char <68099546+uiurihappy@users.noreply.github.com> * chore: 테스트 트리거 활성화 * chore: 절대경로로 수정 * chore: ssh-action 버전 변경 * chore: 파일 전송 스텝 임시 비활성화 * chore: ssh debug 활성화 * chore: docker-compose backend image 환경변수 변경 * style: rsync 주석 해제 * chore: rsync version downgrade * chore: docker-compose.yaml에 DOCKERHUB_IMAGE_NAME 환경변수 추가 * chore: rsync version update test * chore: production에도 변경 된 내용 적용 * chore: 트리거 제거 --------- Co-authored-by: 도모 Co-authored-by: yb__char <68099546+uiurihappy@users.noreply.github.com> Co-authored-by: kdomo --- .github/workflows/develop_build_deploy.yml | 94 ++++++++-------- .github/workflows/develop_deploy.yml | 28 ++--- .github/workflows/production_build_deploy.yml | 100 +++++++++++------- .github/workflows/production_deploy.yml | 28 ++--- docker-compose.yaml | 12 ++- nginx/default.conf | 12 +++ 6 files changed, 163 insertions(+), 111 deletions(-) create mode 100644 nginx/default.conf diff --git a/.github/workflows/develop_build_deploy.yml b/.github/workflows/develop_build_deploy.yml index 2c9594a7f..43a5b66b4 100644 --- a/.github/workflows/develop_build_deploy.yml +++ b/.github/workflows/develop_build_deploy.yml @@ -4,17 +4,19 @@ on: push: branches: [ "develop" ] +env: + DOCKERHUB_USERNAME: tenminutes + DOCKERHUB_IMAGE_NAME: 10mm-server + jobs: - build: + build-deploy: runs-on: ubuntu-latest environment: DEV strategy: matrix: java-version: [ 17 ] distribution: [ 'temurin' ] - outputs: - # IMAGE_TAG 환경 변수를 다른 Job에서 사용하기 위해 설정 - image-tag: ${{ steps.image-tag.outputs.value }} + steps: # 기본 체크아웃 - name: Checkout @@ -27,11 +29,6 @@ jobs: java-version: ${{ matrix.java-version }} distribution: ${{ matrix.distribution }} - # 이미지 태그 설정 - - name: Set up image-tag by GITHUB_SHA - id: image-tag - run: echo "value=$(echo ${GITHUB_SHA::7})" >> $GITHUB_OUTPUT - # test 돌릴때 레디스 필요 - name: Start containers run: docker-compose -f ./docker-compose-test.yaml up -d @@ -50,33 +47,52 @@ jobs: --scan cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/develop' }} - # NCP Container Registry 로그인 - - name: Login to NCP Container Registry + # Dockerhub 로그인 + - name: Login to Dockerhub uses: docker/login-action@v3 with: - registry: ${{ secrets.NCP_CONTAINER_REGISTRY }} - username: ${{ secrets.NCP_ACCESS_KEY }} - password: ${{ secrets.NCP_SECRET_KEY }} + username: ${{ env.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} + + # Docker 메타데이터 추출 + - name: Extract Docker metadata + id: metadata + uses: docker/metadata-action@v5.5.0 + env: + DOCKERHUB_IMAGE_FULL_NAME: ${{ env.DOCKERHUB_USERNAME }}/${{ env.DOCKERHUB_IMAGE_NAME }} + with: + images: ${{ env.DOCKERHUB_IMAGE_FULL_NAME }} + tags: | + type=sha,prefix= - # Docker 이미지 빌드 및 푸시 + # Docker 이미지 빌드 및 도커허브로 푸시 - name: Docker Build and Push uses: docker/build-push-action@v5 with: context: . push: true - tags: ${{ secrets.NCP_CONTAINER_REGISTRY }}/server-spring:${{ steps.image-tag.outputs.value }} + tags: ${{ steps.metadata.outputs.tags }} # 서버로 docker-compose 파일 전송 - - name: copy source via ssh key - uses: burnett01/rsync-deployments@4.1 + - name: Copy docker-compose file to EC2 + uses: burnett01/rsync-deployments@7.0.1 with: switches: -avzr --delete - remote_host: ${{ secrets.NCP_HOST }} - remote_user: ${{ secrets.NCP_USERNAME }} - remote_port: ${{ secrets.NCP_PORT }} - remote_key: ${{ secrets.NCP_PRIVATE_KEY }} + remote_host: ${{ secrets.EC2_HOST }} + remote_user: ${{ secrets.EC2_USERNAME }} + remote_key: ${{ secrets.EC2_PRIVATE_KEY }} path: docker-compose.yaml - remote_path: /home/tenminute/ + remote_path: /home/ec2-user/ + + - name: Copy default.conf to EC2 + uses: burnett01/rsync-deployments@7.0.1 + with: + switches: -avzr --delete + remote_host: ${{ secrets.EC2_HOST }} + remote_user: ${{ secrets.EC2_USERNAME }} + remote_key: ${{ secrets.EC2_PRIVATE_KEY }} + path: ./nginx + remote_path: /home/ec2-user/ # 슬랙으로 빌드 스캔 결과 전송 - name: Send to slack @@ -89,26 +105,20 @@ jobs: env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - deploy: - runs-on: ubuntu-latest - environment: DEV - needs: build - steps: - - name: Deploy to NCP Server - uses: appleboy/ssh-action@master + # EC2로 배포 + - name: Deploy to EC2 Server + uses: appleboy/ssh-action@v1.0.3 env: - NCP_CONTAINER_REGISTRY: ${{ secrets.NCP_CONTAINER_REGISTRY }} - NCP_IMAGE_TAG: ${{ needs.build.outputs.image-tag }} + IMAGE_FULL_URL: ${{ steps.metadata.outputs.tags }} + DOCKERHUB_IMAGE_NAME: ${{ env.DOCKERHUB_IMAGE_NAME }} with: - host: ${{ secrets.NCP_HOST }} - username: ${{ secrets.NCP_USERNAME }} - key: ${{ secrets.NCP_PRIVATE_KEY }} - port: ${{ secrets.NCP_PORT }} - envs: NCP_CONTAINER_REGISTRY,NCP_IMAGE_TAG # docker-compose.yml 에서 사용할 환경 변수 + host: ${{ secrets.EC2_HOST }} + username: ${{ secrets.EC2_USERNAME }} + key: ${{ secrets.EC2_PRIVATE_KEY }} + envs: IMAGE_FULL_URL, DOCKERHUB_IMAGE_NAME # docker-compose.yml 에서 사용할 환경 변수 + debug: true script: | - echo "${{ secrets.NCP_SECRET_KEY }}" | docker login -u "${{ secrets.NCP_ACCESS_KEY }}" --password-stdin "${{ secrets.NCP_CONTAINER_REGISTRY }}" - docker pull ${{ secrets.NCP_CONTAINER_REGISTRY }}/server-spring:${{ env.NCP_IMAGE_TAG }} - SWAGGER_VERSION=${{ env.NCP_IMAGE_TAG }} - sed -i "s/SWAGGER_VERSION=.*/SWAGGER_VERSION=$SWAGGER_VERSION/" .env - docker compose -f /home/tenminute/docker-compose.yaml up -d + echo "${{ secrets.DOCKERHUB_ACCESS_TOKEN }}" | docker login -u "${{ env.DOCKERHUB_USERNAME }}" --password-stdin + docker compose up -d + docker exec -d nginx nginx -s reload docker image prune -a -f diff --git a/.github/workflows/develop_deploy.yml b/.github/workflows/develop_deploy.yml index 784ff4eb7..d2bb5faee 100644 --- a/.github/workflows/develop_deploy.yml +++ b/.github/workflows/develop_deploy.yml @@ -7,26 +7,28 @@ on: description: 'commit_hash' required: true +env: + DOCKERHUB_USERNAME: tenminutes + DOCKERHUB_IMAGE_NAME: 10mm-server + jobs: deploy: runs-on: ubuntu-latest environment: DEV steps: - - name: Deploy to NCP Server + # EC2로 배포 + - name: Deploy to EC2 Server uses: appleboy/ssh-action@master env: - NCP_CONTAINER_REGISTRY: ${{ secrets.NCP_CONTAINER_REGISTRY }} - NCP_IMAGE_TAG: ${{ github.event.inputs.commit_hash }} + IMAGE_FULL_URL: ${{ steps.metadata.outputs.tags }} + DOCKERHUB_IMAGE_NAME: ${{ env.DOCKERHUB_IMAGE_NAME }} with: - host: ${{ secrets.NCP_HOST }} - username: tenminute - key: ${{ secrets.NCP_PRIVATE_KEY }} - port: ${{ secrets.NCP_PORT }} - envs: NCP_CONTAINER_REGISTRY,NCP_IMAGE_TAG # docker-compose.yml 에서 사용할 환경 변수 + host: ${{ secrets.EC2_HOST }} + username: ${{ secrets.EC2_USERNAME }} + key: ${{ secrets.EC2_PRIVATE_KEY }} + envs: IMAGE_FULL_URL, DOCKERHUB_IMAGE_NAME # docker-compose.yml 에서 사용할 환경 변수 script: | - echo "${{ secrets.NCP_SECRET_KEY }}" | docker login -u "${{ secrets.NCP_ACCESS_KEY }}" --password-stdin "${{ secrets.NCP_CONTAINER_REGISTRY }}" - docker pull ${{ secrets.NCP_CONTAINER_REGISTRY }}/server-spring:${{ github.event.inputs.commit_hash }} - SWAGGER_VERSION=${{ env.NCP_IMAGE_TAG }} - sed -i "s/SWAGGER_VERSION=.*/SWAGGER_VERSION=$SWAGGER_VERSION/" .env - docker compose -f /home/tenminute/docker-compose.yaml up -d + echo "${{ secrets.DOCKERHUB_ACCESS_TOKEN }}" | docker login -u "${{ env.DOCKERHUB_USERNAME }}" --password-stdin + docker compose up -d + docker exec -d nginx nginx -s reload docker image prune -a -f diff --git a/.github/workflows/production_build_deploy.yml b/.github/workflows/production_build_deploy.yml index 66748f372..cee18ac8c 100644 --- a/.github/workflows/production_build_deploy.yml +++ b/.github/workflows/production_build_deploy.yml @@ -5,17 +5,19 @@ on: tags: - v*.*.* +env: + DOCKERHUB_USERNAME: tenminutes + DOCKERHUB_IMAGE_NAME: 10mm-server + jobs: - build: + build-deploy: runs-on: ubuntu-latest environment: PROD strategy: matrix: java-version: [ 17 ] distribution: [ 'temurin' ] - outputs: - # IMAGE_TAG 환경 변수를 다른 Job에서 사용하기 위해 설정 - image-tag: ${{ steps.image-tag.outputs.value }} + steps: # 기본 체크아웃 - name: Checkout @@ -28,11 +30,6 @@ jobs: java-version: ${{ matrix.java-version }} distribution: ${{ matrix.distribution }} - # 이미지 태그 설정 - - name: Set up image-tag by Releases Tag - id: image-tag - run: echo "value=$(cut -d'v' -f2 <<< ${GITHUB_REF#refs/*/})" >> $GITHUB_OUTPUT - # test 돌릴때 레디스 필요 - name: Start containers run: docker-compose -f ./docker-compose-test.yaml up -d @@ -51,33 +48,62 @@ jobs: --scan cache-read-only: ${{ github.ref != 'refs/heads/main' && github.ref != 'refs/heads/develop' }} - # NCP Container Registry 로그인 - - name: Login to NCP Container Registry + # Dockerhub 로그인 + - name: Login to Dockerhub uses: docker/login-action@v3 with: - registry: ${{ secrets.NCP_CONTAINER_REGISTRY }} - username: ${{ secrets.NCP_ACCESS_KEY }} - password: ${{ secrets.NCP_SECRET_KEY }} + username: ${{ env.DOCKERHUB_USERNAME }} + password: ${{ secrets.DOCKERHUB_ACCESS_TOKEN }} + + # Docker 메타데이터 추출 + - name: Extract Docker metadata + id: metadata + uses: docker/metadata-action@v5.5.0 + env: + DOCKERHUB_IMAGE_FULL_NAME: ${{ env.DOCKERHUB_USERNAME }}/${{ env.DOCKERHUB_IMAGE_NAME }} + with: + images: ${{ env.DOCKERHUB_IMAGE_FULL_NAME }} + tags: | + type=semver,pattern={{version}} + flavor: | + latest=false + + # 멀티 아키텍처 지원을 위한 QEMU 설정 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 - # Docker 이미지 빌드 및 푸시 + # 도커 확장 빌드를 위한 Buildx 설정 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 + + # Docker 이미지 빌드 및 도커허브로 푸시 - name: Docker Build and Push uses: docker/build-push-action@v5 with: context: . push: true - tags: ${{ secrets.NCP_CONTAINER_REGISTRY }}/server-spring:${{ steps.image-tag.outputs.value }} + tags: ${{ steps.metadata.outputs.tags }} # 서버로 docker-compose 파일 전송 - - name: copy source via ssh key - uses: burnett01/rsync-deployments@4.1 + - name: Copy docker-compose file to EC2 + uses: burnett01/rsync-deployments@7.0.1 with: switches: -avzr --delete - remote_host: ${{ secrets.NCP_HOST }} - remote_user: ${{ secrets.NCP_USERNAME }} - remote_port: ${{ secrets.NCP_PORT }} - remote_key: ${{ secrets.NCP_PRIVATE_KEY }} + remote_host: ${{ secrets.EC2_HOST }} + remote_user: ${{ secrets.EC2_USERNAME }} + remote_key: ${{ secrets.EC2_PRIVATE_KEY }} path: docker-compose.yaml - remote_path: /home/tenminute/ + remote_path: / + + - name: Copy default.conf to EC2 + uses: burnett01/rsync-deployments@7.0.1 + with: + switches: -avzr --delete + remote_host: ${{ secrets.EC2_HOST }} + remote_user: ${{ secrets.EC2_USERNAME }} + remote_key: ${{ secrets.EC2_PRIVATE_KEY }} + path: ./nginx + remote_path: / # 슬랙으로 빌드 스캔 결과 전송 - name: Send to slack @@ -90,26 +116,18 @@ jobs: env: SLACK_WEBHOOK_URL: ${{ secrets.SLACK_WEBHOOK_URL }} - deploy: - runs-on: ubuntu-latest - environment: PROD - needs: build - steps: - - name: Deploy to NCP Server + # EC2로 배포 + - name: Deploy to EC2 Server uses: appleboy/ssh-action@master env: - NCP_CONTAINER_REGISTRY: ${{ secrets.NCP_CONTAINER_REGISTRY }} - NCP_IMAGE_TAG: ${{ needs.build.outputs.image-tag }} + IMAGE_FULL_URL: ${{ steps.metadata.outputs.tags }} with: - host: ${{ secrets.NCP_HOST }} - username: ${{ secrets.NCP_USERNAME }} - key: ${{ secrets.NCP_PRIVATE_KEY }} - port: ${{ secrets.NCP_PORT }} - envs: NCP_CONTAINER_REGISTRY,NCP_IMAGE_TAG # docker-compose.yml 에서 사용할 환경 변수 + host: ${{ secrets.EC2_HOST }} + username: ${{ secrets.EC2_USERNAME }} + key: ${{ secrets.EC2_PRIVATE_KEY }} + envs: IMAGE_FULL_URL, DOCKERHUB_IMAGE_NAME # docker-compose.yml 에서 사용할 환경 변수 script: | - echo "${{ secrets.NCP_SECRET_KEY }}" | docker login -u "${{ secrets.NCP_ACCESS_KEY }}" --password-stdin "${{ secrets.NCP_CONTAINER_REGISTRY }}" - docker pull ${{ secrets.NCP_CONTAINER_REGISTRY }}/server-spring:${{ env.NCP_IMAGE_TAG }} - SWAGGER_VERSION=${{ env.NCP_IMAGE_TAG }} - sed -i "s/SWAGGER_VERSION=.*/SWAGGER_VERSION=$SWAGGER_VERSION/" .env - docker compose -f /home/tenminute/docker-compose.yaml up -d + echo "${{ secrets.DOCKERHUB_ACCESS_TOKEN }}" | docker login -u "${{ env.DOCKERHUB_USERNAME }}" --password-stdin + docker compose up -d + docker exec -d nginx nginx -s reload docker image prune -a -f diff --git a/.github/workflows/production_deploy.yml b/.github/workflows/production_deploy.yml index 485c7de86..2e7a53558 100644 --- a/.github/workflows/production_deploy.yml +++ b/.github/workflows/production_deploy.yml @@ -7,26 +7,28 @@ on: description: 'version' required: true +env: + DOCKERHUB_USERNAME: tenminutes + DOCKERHUB_IMAGE_NAME: 10mm-server + jobs: deploy: runs-on: ubuntu-latest environment: PROD steps: - - name: Deploy to NCP Server + # EC2로 배포 + - name: Deploy to EC2 Server uses: appleboy/ssh-action@master env: - NCP_CONTAINER_REGISTRY: ${{ secrets.NCP_CONTAINER_REGISTRY }} - NCP_IMAGE_TAG: ${{ github.event.inputs.version }} + IMAGE_FULL_URL: ${{ steps.metadata.outputs.tags }} + DOCKERHUB_IMAGE_NAME: ${{ env.DOCKERHUB_IMAGE_NAME }} with: - host: ${{ secrets.NCP_HOST }} - username: tenminute - key: ${{ secrets.NCP_PRIVATE_KEY }} - port: ${{ secrets.NCP_PORT }} - envs: NCP_CONTAINER_REGISTRY,NCP_IMAGE_TAG # docker-compose.yml 에서 사용할 환경 변수 + host: ${{ secrets.EC2_HOST }} + username: ${{ secrets.EC2_USERNAME }} + key: ${{ secrets.EC2_PRIVATE_KEY }} + envs: IMAGE_FULL_URL, DOCKERHUB_IMAGE_NAME # docker-compose.yml 에서 사용할 환경 변수 script: | - echo "${{ secrets.NCP_SECRET_KEY }}" | docker login -u "${{ secrets.NCP_ACCESS_KEY }}" --password-stdin "${{ secrets.NCP_CONTAINER_REGISTRY }}" - docker pull ${{ secrets.NCP_CONTAINER_REGISTRY }}/server-spring:${{ github.event.inputs.version }} - SWAGGER_VERSION=${{ env.NCP_IMAGE_TAG }} - sed -i "s/SWAGGER_VERSION=.*/SWAGGER_VERSION=$SWAGGER_VERSION/" .env - docker compose -f /home/tenminute/docker-compose.yaml up -d + echo "${{ secrets.DOCKERHUB_ACCESS_TOKEN }}" | docker login -u "${{ env.DOCKERHUB_USERNAME }}" --password-stdin + docker compose up -d + docker exec -d nginx nginx -s reload docker image prune -a -f diff --git a/docker-compose.yaml b/docker-compose.yaml index 162620430..92880399f 100644 --- a/docker-compose.yaml +++ b/docker-compose.yaml @@ -2,8 +2,8 @@ version: "3.8" services: backend: - image: ${NCP_CONTAINER_REGISTRY}/server-spring:${NCP_IMAGE_TAG} - container_name: server-spring + image: ${IMAGE_FULL_URL} + container_name: ${DOCKERHUB_IMAGE_NAME} restart: always environment: - TZ=Asia/Seoul @@ -18,3 +18,11 @@ services: environment: - TZ=Asia/Seoul network_mode: "host" + nginx: + image: "nginx:alpine" + container_name: nginx + environment: + - TZ=Asia/Seoul + network_mode: host + volumes: + - ./nginx/default.conf:/etc/nginx/conf.d/default.conf diff --git a/nginx/default.conf b/nginx/default.conf new file mode 100644 index 000000000..bb26ad398 --- /dev/null +++ b/nginx/default.conf @@ -0,0 +1,12 @@ +server { + listen 80; + server_name 10mm.today; + + location / { + proxy_pass http://localhost:8080/; + proxy_redirect off; + proxy_set_header Host $host; + proxy_set_header X-Real-IP $remote_addr; + proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for; + } +}