devridge-api/.github/workflows/continuous_deployment.yml at main · DEVRIDGE/devridge-api · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
name: Deploy Docker Container

on:
  workflow_run:
    workflows: ["Build and Push Docker Image"]
    types:
      - completed
    branches:
      - main

jobs:
  deploy:
    runs-on: ubuntu-latest
    environment: devridge docker
    if: ${{ github.event.workflow_run.conclusion == 'success' }}

    steps:
      - name: Get Github Actions IP
        id: ip
        uses: haythem/public-ip@v1.2

      - name: Configure AWS Credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ap-northeast-2

      - name: Add Github Actions IP to Security group
        run: |
          aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32

      - name: Set up SSH agent
        uses: webfactory/ssh-agent@v0.5.3
        with:
          ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}

      - name: Execute Deploy Script with Docker Pull
        run: |
          ssh -o StrictHostKeyChecking=no gitaction@3.38.125.102 << EOF
            docker login -u ${{ secrets.DOCKER_HUB_USERNAME }} -p ${{ secrets.DOCKER_HUB_PASSWORD }}
            docker pull ${{ secrets.DOCKER_HUB_USERNAME }}/devridge:${{ secrets.DOCKER_IMAGE_TAG }}
            /home/gitaction/deploy.sh ${{ secrets.DOCKER_IMAGE_TAG }} ${{ secrets.DOCKER_HUB_USERNAME }}
          EOF

      - name: Remove Github Actions IP from Security Group
        run: |
          aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32