Fix: workflows host 수정 #146
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Backend CI/CD Pipeline | |
| on: | |
| push: | |
| branches: [ "main", "release" ] | |
| pull_request: | |
| branches: [ "main", "release" ] | |
| jobs: | |
| build: | |
| if: github.repository == 'prgrms-be-devcourse/NBB1_2_3_Team10' | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # JDK 설정 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| # application-prod.properties 암호화 | |
| - name: Add secrets into properties | |
| run: | | |
| echo "${{ secrets.APPLICATION_PROD }}" | base64 --decode > ./src/main/resources/application-prod.properties | |
| # Gradle 설정 | |
| - name: Setup Gradle | |
| uses: gradle/gradle-build-action@v2 | |
| # Gradlew 실행 권한 부여 | |
| - name: Grant execute permission for Gradlew | |
| run: chmod +x gradlew | |
| # 프로젝트 빌드 | |
| - name: Build with Gradle Wrapper | |
| run: ./gradlew build | |
| # Docker Hub 로그인 | |
| - name: Log in to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| # Docker 이미지 빌드 및 푸시 | |
| - name: Build and push Docker image | |
| run: | | |
| docker build -t ${{ secrets.DOCKER_USERNAME }}/bitta-kotlin:latest . | |
| docker push ${{ secrets.DOCKER_USERNAME }}/bitta-kotlin:latest | |
| # application-prod.properties 빌드 후 제거 - 안전성 확보 | |
| - name: Clean up application-prod.properties | |
| run: rm ./src/main/resources/application-prod.properties | |
| deploy: | |
| if: github.repository == 'prgrms-be-devcourse/NBB1_2_3_Team10' && github.ref == 'refs/heads/release' | |
| needs: build | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| # EC2 서버 배포 | |
| - name: Deploy to EC2 | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ${{ secrets.EC2_USER }} | |
| key: ${{ secrets.EC2_SSH_KEY }} | |
| script: | | |
| echo "${{ secrets.DOCKER_PASSWORD }}" | docker login -u "${{ secrets.DOCKER_USERNAME }}" --password-stdin | |
| docker pull ${{ secrets.DOCKER_USERNAME }}/bitta-kotlin:latest | |
| # Blue-Green 배포: blue와 green 컨테이너 전환 | |
| CURRENT_CONTAINER=$(docker ps --filter "name=backend-blue" -q) | |
| TARGET_CONTAINER="backend-green" | |
| [ -z "$CURRENT_CONTAINER" ] && TARGET_CONTAINER="backend-blue" | |
| # 새 컨테이너 실행 | |
| docker stop $TARGET_CONTAINER || true | |
| docker rm $TARGET_CONTAINER || true | |
| # 조건문을 사용해 컨테이너에 맞는 포트로 실행 | |
| if [ "$TARGET_CONTAINER" == "backend-blue" ]; then | |
| docker run -d --name backend-blue -p 8081:8080 \ | |
| -e SPRING_PROFILES_ACTIVE=prod \ | |
| -e AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} \ | |
| -e AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} \ | |
| ${{ secrets.DOCKER_USERNAME }}/bitta-kotlin:latest | |
| else | |
| docker run -d --name backend-green -p 8082:8080 \ | |
| -e SPRING_PROFILES_ACTIVE=prod \ | |
| -e AWS_ACCESS_KEY_ID=${{ secrets.AWS_ACCESS_KEY_ID }} \ | |
| -e AWS_SECRET_ACCESS_KEY=${{ secrets.AWS_SECRET_ACCESS_KEY }} \ | |
| ${{ secrets.DOCKER_USERNAME }}/bitta-kotlin:latest | |
| fi | |
| # Nginx 리로드하여 트래픽 전환 | |
| sudo systemctl reload nginx | |
| # Blue-Green 설정 Docker Compose 실행 | |
| - name: Deploy with Docker Compose on EC2 | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ${{ secrets.EC2_USER }} | |
| key: ${{ secrets.EC2_SSH_KEY }} | |
| script: | | |
| cd ~/bitta-project | |
| docker-compose down | |
| docker-compose up -d --no-deps | |
| sudo nginx -s reload | |
| # test | |
| - name: Test Frontend Response | |
| run: curl --fail http://${{ secrets.EC2_HOST }} || exit 1 | |
| - name: Test Backend Response | |
| run: curl --fail http://${{ secrets.EC2_HOST }}/api/ || exit 1 |