44 push :
55 branches :
66 - main
7+ permissions :
8+ id-token : write # OIDC 토큰 발급
9+ contents : read # checkout이 코드 읽을 권한
710
811jobs :
912 build-and-push :
@@ -49,14 +52,50 @@ jobs:
4952 ${{ secrets.DOCKERHUB_USERNAME }}/rootin-be:latest
5053 ${{ secrets.DOCKERHUB_USERNAME }}/rootin-be:${{ github.sha }}
5154
52- - name : Deploy to EC2
53- uses : appleboy/ssh-action@v1.0.3
55+ - name : Configure AWS credentials
56+ uses : aws-actions/configure-aws-credentials@v4
5457 with :
55- host : ${{ secrets.EC2_HOST }}
56- username : ubuntu
57- key : ${{ secrets.EC2_SSH_KEY }}
58- script : |
59- cd ~/rootin
60- docker compose -f docker-compose.yml pull be
61- docker compose -f docker-compose.yml up -d --no-deps be
62- docker image prune -f
58+ role-to-assume : ${{ secrets.AWS_ROLE_ARN }}
59+ aws-region : ${{ secrets.AWS_REGION }}
60+
61+ - name : Deploy to EC2 via SSM
62+ env :
63+ INSTANCE_ID : ${{ secrets.EC2_ID }}
64+ run : |
65+ set -euo pipefail
66+
67+ CMD_ID=$(aws ssm send-command \
68+ --instance-ids "$INSTANCE_ID" \
69+ --document-name "AWS-RunShellScript" \
70+ --comment "Deploy from ${{ github.repository }}" \
71+ --parameters 'commands=["cd /home/ubuntu/rootin && docker compose -f docker-compose.yml pull be && docker compose -f docker-compose.yml up -d --no-deps be && docker image prune -f"]' \
72+ --query "Command.CommandId" --output text)
73+ echo "Command ID: $CMD_ID"
74+
75+ sleep 5
76+
77+ # 종료 상태가 될 때까지 직접 폴링 (긴 배포도 끝까지 기다림)
78+ while true; do
79+ STATUS=$(aws ssm get-command-invocation \
80+ --command-id "$CMD_ID" --instance-id "$INSTANCE_ID" \
81+ --query "Status" --output text 2>/dev/null || echo "Pending")
82+ echo "Current status: $STATUS"
83+ case "$STATUS" in
84+ Success|Failed|Cancelled|TimedOut) break ;;
85+ esac
86+ sleep 5
87+ done
88+
89+ # 실행 로그 출력 (성공/실패 무관하게 항상)
90+ echo "----- stdout -----"
91+ aws ssm get-command-invocation --command-id "$CMD_ID" --instance-id "$INSTANCE_ID" --query "StandardOutputContent" --output text
92+ echo "----- stderr -----"
93+ aws ssm get-command-invocation --command-id "$CMD_ID" --instance-id "$INSTANCE_ID" --query "StandardErrorContent" --output text
94+
95+ # Success가 아니면 워크플로우 실패 처리
96+ if [ "$STATUS" != "Success" ]; then
97+ echo "::error::Deployment failed with status: $STATUS"
98+ exit 1
99+ fi
100+ echo "Deployment succeeded ✅"
101+
0 commit comments