6565 host : ${{ secrets.EC2_HOST }}
6666 username : ubuntu
6767 key : ${{ secrets.EC2_SSH_PRIVATE_KEY }}
68+ # ------------------------------
69+ # 원격에서 실행될 스크립트
70+ # ------------------------------
6871 script : |
6972 set -euo pipefail
7073
@@ -78,14 +81,17 @@ jobs:
7881 echo "${{ secrets.GHCR_TOKEN }}" | docker login ghcr.io -u "${{ secrets.GHCR_USERNAME }}" --password-stdin
7982
8083 # 2) Create ephemeral env file in RAM (no disk residue)
81- # - make /run/saerok owned by current user to avoid Permission denied
8284 sudo install -d -m 0700 -o "$(id -un)" -g "$(id -gn)" /run/saerok
8385 ENV_FILE="/run/saerok/env.dev"
8486 umask 177
8587 : > "$ENV_FILE"
88+ # 어떤 경우에도 마지막에 지우도록 보장
89+ cleanup() { shred -u "$ENV_FILE" || rm -f "$ENV_FILE"; }
90+ trap cleanup EXIT
8691
8792 # 2-1) Write secrets safely (single-line values assumed)
8893 add_kv() { printf '%s\n' "$1=$2" >> "$ENV_FILE"; }
94+ add_kv SPRING_PROFILES_ACTIVE "dev"
8995 add_kv DB_URL "${{ secrets.DB_URL }}"
9096 add_kv DB_USERNAME "${{ secrets.DB_USERNAME }}"
9197 add_kv DB_PASSWORD "${{ secrets.DB_PASSWORD }}"
@@ -122,14 +128,11 @@ jobs:
122128 -f docker-compose.dev.yml \
123129 up -d --force-recreate --quiet-pull
124130
125- # 4) Clean up env (memory file)
126- shred -u "$ENV_FILE" || rm -f "$ENV_FILE"
127-
128- # 5) Show minimal status (no secrets)
131+ # 4) Status & recent logs (env 파일은 trap으로 종료 시 삭제)
129132 docker compose -p saerok -f docker-compose.yml -f docker-compose.dev.yml ps
130133 docker logs --tail=120 saerok-dev || true
131134
132- # 6 ) Healthcheck
135+ # 5 ) Healthcheck
133136 echo "Waiting for health endpoint..."
134137 for i in {1..30}; do
135138 if curl -fsS http://localhost:8080/health > /dev/null; then
@@ -140,4 +143,5 @@ jobs:
140143 sleep 5
141144 done
142145 echo "❌ Healthcheck failed after retries"
146+ docker logs --tail=200 saerok-dev || true
143147 exit 1
0 commit comments