Skip to content

Commit d6998d6

Browse files
authored
Merge pull request #167 from prgrms-aibe-devcourse/feature/metrics
fix: OIDC방식으로 AWS EC2로 CD 자동화
2 parents 3566b43 + 14951d8 commit d6998d6

1 file changed

Lines changed: 49 additions & 10 deletions

File tree

.github/workflows/cd.yml

Lines changed: 49 additions & 10 deletions
Original file line numberDiff line numberDiff line change
@@ -4,6 +4,9 @@ on:
44
push:
55
branches:
66
- main
7+
permissions:
8+
id-token: write # OIDC 토큰 발급
9+
contents: read # checkout이 코드 읽을 권한
710

811
jobs:
912
build-and-push:
@@ -49,14 +52,50 @@ jobs:
4952
${{ secrets.DOCKERHUB_USERNAME }}/rootin-be:latest
5053
${{ secrets.DOCKERHUB_USERNAME }}/rootin-be:${{ github.sha }}
5154
52-
- name: Deploy to EC2
53-
uses: appleboy/ssh-action@v1.0.3
55+
- name: Configure AWS credentials
56+
uses: aws-actions/configure-aws-credentials@v4
5457
with:
55-
host: ${{ secrets.EC2_HOST }}
56-
username: ubuntu
57-
key: ${{ secrets.EC2_SSH_KEY }}
58-
script: |
59-
cd ~/rootin
60-
docker compose -f docker-compose.yml pull be
61-
docker compose -f docker-compose.yml up -d --no-deps be
62-
docker image prune -f
58+
role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
59+
aws-region: ${{ secrets.AWS_REGION }}
60+
61+
- name: Deploy to EC2 via SSM
62+
env:
63+
INSTANCE_ID: ${{ secrets.EC2_ID }}
64+
run: |
65+
set -euo pipefail
66+
67+
CMD_ID=$(aws ssm send-command \
68+
--instance-ids "$INSTANCE_ID" \
69+
--document-name "AWS-RunShellScript" \
70+
--comment "Deploy from ${{ github.repository }}" \
71+
--parameters 'commands=["cd /home/ubuntu/rootin && docker compose -f docker-compose.yml pull be && docker compose -f docker-compose.yml up -d --no-deps be && docker image prune -f"]' \
72+
--query "Command.CommandId" --output text)
73+
echo "Command ID: $CMD_ID"
74+
75+
sleep 5
76+
77+
# 종료 상태가 될 때까지 직접 폴링 (긴 배포도 끝까지 기다림)
78+
while true; do
79+
STATUS=$(aws ssm get-command-invocation \
80+
--command-id "$CMD_ID" --instance-id "$INSTANCE_ID" \
81+
--query "Status" --output text 2>/dev/null || echo "Pending")
82+
echo "Current status: $STATUS"
83+
case "$STATUS" in
84+
Success|Failed|Cancelled|TimedOut) break ;;
85+
esac
86+
sleep 5
87+
done
88+
89+
# 실행 로그 출력 (성공/실패 무관하게 항상)
90+
echo "----- stdout -----"
91+
aws ssm get-command-invocation --command-id "$CMD_ID" --instance-id "$INSTANCE_ID" --query "StandardOutputContent" --output text
92+
echo "----- stderr -----"
93+
aws ssm get-command-invocation --command-id "$CMD_ID" --instance-id "$INSTANCE_ID" --query "StandardErrorContent" --output text
94+
95+
# Success가 아니면 워크플로우 실패 처리
96+
if [ "$STATUS" != "Success" ]; then
97+
echo "::error::Deployment failed with status: $STATUS"
98+
exit 1
99+
fi
100+
echo "Deployment succeeded ✅"
101+

0 commit comments

Comments
 (0)