Hongik-SafeMap-Server/.github/workflows/deploy.yml at develop · Hongik-SafeMap/Hongik-SafeMap-Server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
name: Deploy

on:
  workflow_dispatch:
    inputs:
      image_uri:
        description: '배포할 ECR 이미지 URI (비워두면 ECR 최신 이미지 자동 사용)'
        required: false

jobs:
  deploy:
    runs-on: ubuntu-latest

    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: AWS 자격증명 설정
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ap-northeast-2

      - name: IMAGE_URI 설정
        id: set-image-uri
        run: |
          if [ -n "${{ inputs.image_uri }}" ]; then
            IMAGE_URI="${{ inputs.image_uri }}"
          else
            LATEST_TAG=$(aws ecr describe-images \
              --repository-name safemap \
              --region ap-northeast-2 \
              --query 'sort_by(imageDetails, &imagePushedAt)[-1].imageTags[0]' \
              --output text)
            if [ -z "$LATEST_TAG" ] || [ "$LATEST_TAG" = "None" ]; then
              echo "ECR에서 이미지를 찾을 수 없습니다."
              exit 1
            fi
            IMAGE_URI="${{ secrets.ECR_REGISTRY }}/safemap:$LATEST_TAG"
          fi
          echo "IMAGE_URI=$IMAGE_URI" >> "$GITHUB_ENV"

      - name: docker-compose.yml EC2 전송
        uses: appleboy/scp-action@v0.1.7
        with:
          host: ${{ secrets.EC2_HOST }}
          username: ubuntu
          key: ${{ secrets.EC2_SSH_KEY }}
          source: docker-compose.yml
          target: /home/ubuntu

      - name: EC2 배포
        uses: appleboy/ssh-action@v1
        env:
          IMAGE_URI: ${{ env.IMAGE_URI }}
        with:
          host: ${{ secrets.EC2_HOST }}
          username: ubuntu
          key: ${{ secrets.EC2_SSH_KEY }}
          envs: IMAGE_URI
          script: |
            # Firebase 키 파일 생성
            echo '${{ secrets.FIREBASE_SERVICE_ACCOUNT_KEY }}' | base64 -d > /home/ubuntu/firebase-key.json
            chmod 600 /home/ubuntu/firebase-key.json

            # .env 파일 생성
            echo "DATABASE_NAME=${{ secrets.DATABASE_NAME }}" > /home/ubuntu/.env
            echo "DATABASE_USERNAME=${{ secrets.DATABASE_USERNAME }}" >> /home/ubuntu/.env
            echo "DATABASE_PASSWORD=${{ secrets.DATABASE_PASSWORD }}" >> /home/ubuntu/.env
            echo "AWS_S3_ACCESS_KEY=${{ secrets.AWS_S3_ACCESS_KEY }}" >> /home/ubuntu/.env
            echo "AWS_S3_SECRET_KEY=${{ secrets.AWS_S3_SECRET_KEY }}" >> /home/ubuntu/.env
            echo "AWS_S3_REGION=${{ secrets.AWS_S3_REGION }}" >> /home/ubuntu/.env
            echo "AWS_S3_BUCKET=${{ secrets.AWS_S3_BUCKET }}" >> /home/ubuntu/.env
            echo "JWT_SECRET=${{ secrets.JWT_SECRET }}" >> /home/ubuntu/.env
            echo "FCM_PROJECT_ID=${{ secrets.FCM_PROJECT_ID }}" >> /home/ubuntu/.env
            echo "AI_SERVER_URL=${{ secrets.AI_SERVER_URL }}" >> /home/ubuntu/.env
            chmod 600 /home/ubuntu/.env

            # ECR 로그인
            aws ecr get-login-password --region ap-northeast-2 | \
              docker login --username AWS --password-stdin ${{ secrets.ECR_REGISTRY }}

            # 기존 수동 컨테이너 정리
            docker stop safemap safemap-mysql || true
            docker rm safemap safemap-mysql || true

            cd /home/ubuntu

            # 새 이미지 pull 및 재시작
            IMAGE_URI=$IMAGE_URI docker compose pull app
            IMAGE_URI=$IMAGE_URI docker compose up -d

            # 사용하지 않는 이미지 정리
            docker image prune -f