CD #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CD | |
| on: | |
| workflow_run: | |
| workflows: ['CI'] | |
| types: [completed] | |
| jobs: | |
| # ============================================ | |
| # 서버 배포 | |
| # ============================================ | |
| deploy: | |
| name: Deploy to Wisoft Server | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'push' }} | |
| steps: | |
| - name: SSH 키 설정 | |
| uses: webfactory/ssh-agent@v0.9.0 | |
| with: | |
| ssh-private-key: ${{ secrets.RASPI_SSH_PRIVATE_KEY }} | |
| - name: Known Hosts 등록 | |
| env: | |
| JUMP_PORT: ${{ secrets.RASPI_SSH_PORT }} | |
| JUMP_HOST: ${{ secrets.RASPI_HOST }} | |
| run: | | |
| mkdir -p ~/.ssh | |
| ssh-keyscan -p $JUMP_PORT -H $JUMP_HOST >> ~/.ssh/known_hosts | |
| - name: 서버에 배포 | |
| env: | |
| JUMP_PORT: ${{ secrets.RASPI_SSH_PORT }} | |
| JUMP_HOST: ${{ secrets.RASPI_HOST }} | |
| JUMP_USER: ${{ secrets.RASPI_USER }} | |
| TARGET_HOST: ${{ secrets.RASPI_TARGET_HOST }} | |
| TARGET_USER: ${{ secrets.RASPI_TARGET_USER }} | |
| DEPLOY_PATH: ${{ secrets.RASPI_DEPLOY_PATH_JAVA }} | |
| GHCR_PAT: ${{ secrets.GHCR_PAT }} | |
| GITHUB_ACTOR: ${{ github.actor }} | |
| run: | | |
| ssh -o StrictHostKeyChecking=no -o ProxyJump=$JUMP_USER@$JUMP_HOST:$JUMP_PORT $TARGET_USER@$TARGET_HOST /bin/bash << ENDSSH | |
| set -e | |
| echo "=== 배포 디렉토리 이동 ===" | |
| cd $DEPLOY_PATH | |
| echo "=== GHCR 로그인 ===" | |
| echo "$GHCR_PAT" | docker login ghcr.io -u "$GITHUB_ACTOR" --password-stdin | |
| echo "=== 최신 이미지 Pull ===" | |
| docker compose -f docker/docker-compose.prod.yml --env-file .env pull app | |
| echo "=== 앱 컨테이너 재시작 ===" | |
| docker compose -f docker/docker-compose.prod.yml --env-file .env up -d app | |
| echo "=== Health Check (최대 60초) ===" | |
| for i in \$(seq 1 12); do | |
| if curl -sf http://localhost:7300/health > /dev/null; then | |
| echo "Health check 통과" | |
| exit 0 | |
| fi | |
| echo "재시도 \$i/12" | |
| sleep 5 | |
| done | |
| echo "Health check 실패" | |
| docker compose -f docker/docker-compose.prod.yml logs --tail=50 app | |
| exit 1 | |
| ENDSSH | |
| - name: 오래된 Docker 이미지 정리 | |
| if: success() | |
| env: | |
| JUMP_PORT: ${{ secrets.RASPI_SSH_PORT }} | |
| JUMP_HOST: ${{ secrets.RASPI_HOST }} | |
| JUMP_USER: ${{ secrets.RASPI_USER }} | |
| TARGET_HOST: ${{ secrets.RASPI_TARGET_HOST }} | |
| TARGET_USER: ${{ secrets.RASPI_TARGET_USER }} | |
| run: | | |
| ssh -o StrictHostKeyChecking=no -o ProxyJump=$JUMP_USER@$JUMP_HOST:$JUMP_PORT $TARGET_USER@$TARGET_HOST /bin/bash << ENDSSH | |
| docker image prune -af --filter "until=72h" || true | |
| ENDSSH |