backend-java/.github/workflows/cd.yaml at main · WiSoft-PrePair/backend-java · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
name: CD

on:
  workflow_run:
    workflows: ['CI']
    types: [completed]

jobs:
  # ============================================
  # 서버 배포
  # ============================================
  deploy:
    name: Deploy to Wisoft Server
    runs-on: ubuntu-latest
    if: ${{ github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.event == 'push' && github.event.workflow_run.head_branch == 'main'    }}

    steps:
      - name: SSH 키 설정
        uses: webfactory/ssh-agent@v0.9.0
        with:
          ssh-private-key: ${{ secrets.RASPI_SSH_PRIVATE_KEY }}

      - name: Known Hosts 등록
        env:
          JUMP_PORT: ${{ secrets.RASPI_SSH_PORT }}
          JUMP_HOST: ${{ secrets.RASPI_HOST }}
        run: |
          mkdir -p ~/.ssh
          ssh-keyscan -p $JUMP_PORT -H $JUMP_HOST >> ~/.ssh/known_hosts

      - name: 서버에 배포
        env:
          JUMP_PORT: ${{ secrets.RASPI_SSH_PORT }}
          JUMP_HOST: ${{ secrets.RASPI_HOST }}
          JUMP_USER: ${{ secrets.RASPI_USER }}
          TARGET_HOST: ${{ secrets.RASPI_TARGET_HOST }}
          TARGET_USER: ${{ secrets.RASPI_TARGET_USER }}
          DEPLOY_PATH: ${{ secrets.RASPI_DEPLOY_PATH_JAVA }}
          GHCR_PAT: ${{ secrets.GHCR_PAT }}
          GITHUB_ACTOR: ${{ github.actor }}
        run: |
          ssh -o StrictHostKeyChecking=no -o ProxyJump=$JUMP_USER@$JUMP_HOST:$JUMP_PORT $TARGET_USER@$TARGET_HOST /bin/bash << ENDSSH
            set -e

            echo "=== 배포 디렉토리 이동 ==="
            cd $DEPLOY_PATH

            echo "=== GHCR 로그인 ==="
            echo "$GHCR_PAT" | docker login ghcr.io -u "$GITHUB_ACTOR" --password-stdin

            echo "=== 최신 이미지 Pull ==="
            docker compose -f docker-compose.prod.yml pull app

            echo "=== 앱 컨테이너 재시작 ==="
            docker compose -f docker-compose.prod.yml up -d app

            echo "=== Health Check (최대 60초) ==="
            for i in \$(seq 1 12); do
              if curl -sf http://localhost:7300/actuator/health > /dev/null; then
                echo "Health check 통과"
                exit 0
              fi
              echo "재시도 \$i/12"
              sleep 5
            done

            echo "Health check 실패"
            docker compose -f docker-compose.prod.yml logs --tail=50 app
            exit 1
          ENDSSH

      - name: 오래된 Docker 이미지 정리
        if: success()
        env:
          JUMP_PORT: ${{ secrets.RASPI_SSH_PORT }}
          JUMP_HOST: ${{ secrets.RASPI_HOST }}
          JUMP_USER: ${{ secrets.RASPI_USER }}
          TARGET_HOST: ${{ secrets.RASPI_TARGET_HOST }}
          TARGET_USER: ${{ secrets.RASPI_TARGET_USER }}
        run: |
          ssh -o StrictHostKeyChecking=no -o ProxyJump=$JUMP_USER@$JUMP_HOST:$JUMP_PORT $TARGET_USER@$TARGET_HOST /bin/bash << ENDSSH
            docker images 'ghcr.io/wisoft-prepair/backend-java*' --format '{{.ID}}' \
              | awk '!seen[\$0]++' \
              | tail -n +2 \
              | xargs -r docker rmi -f || true
          ENDSSH