-
Notifications
You must be signed in to change notification settings - Fork 6
181 lines (151 loc) · 7.68 KB
/
deploy.yml
File metadata and controls
181 lines (151 loc) · 7.68 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
name: Deploy to GCP
on:
pull_request:
types: [closed]
branches: [ main, dev ]
jobs:
build:
runs-on: ubuntu-latest
outputs:
image-digest: ${{ steps.build.outputs.digest }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Set up JDK 21
uses: actions/setup-java@v4
with:
java-version: '21'
distribution: 'temurin'
- name: Cache Gradle packages
uses: actions/cache@v4
with:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-
- name: Grant execute permission for gradlew
run: chmod +x gradlew
# 테스트 실행 (테스트 코드 완성 시 주석 해제)
# - name: Run tests
# run: ./gradlew test
- name: Build with Gradle
run: |
echo "Building commit: ${{ github.sha }}"
echo "Building from repository: ${{ github.repository }}"
./gradlew clean bootjar -Pprofile=prod
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Login to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push Docker image
id: build
uses: docker/build-push-action@v5
with:
context: .
file: ./Dockerfile
push: true
tags: |
${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE_NAME }}:latest
${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE_NAME }}:${{ github.sha }}
${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE_NAME }}:dev-${{ github.run_number }}
cache-from: type=gha
cache-to: type=gha,mode=max
- name: Verify build completion
run: |
echo "Build completed successfully!"
echo "Image digest: ${{ steps.build.outputs.digest }}"
echo "Pushed tags:"
echo " - ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE_NAME }}:latest"
echo " - ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE_NAME }}:${{ github.sha }}"
echo " - ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE_NAME }}:dev-${{ github.run_number }}"
deploy:
needs: build
runs-on: ubuntu-latest
steps:
- name: Deploy to GCP Instance
uses: appleboy/ssh-action@v1.1.0
with:
host: ${{ secrets.GCP_HOST }}
username: ${{ secrets.GCP_USERNAME }}
key: ${{ secrets.GCP_SSH_PRIVATE_KEY }}
port: 22
script: |
cd $HOME/project
echo "Updating .env file with latest Secret Manager values..."
# .env 파일 백업
cp .env .env.backup.$(date +%Y%m%d_%H%M%S)
# Secret Manager 관련 라인들 제거
sed -i '/^DB_URL=/d' .env
sed -i '/^JWT_SECRET=/d' .env
sed -i '/^GOOGLE_CLIENT_ID=/d' .env
sed -i '/^GOOGLE_CLIENT_SECRET=/d' .env
sed -i '/^GOOGLE_API_KEY=/d' .env
sed -i '/^GOOGLE_CALENDAR_REDIRECT_URI=/d' .env
sed -i '/^OAUTH_REDIRECT_URI=/d' .env
sed -i '/^KAKAO_CLIENT_ID=/d' .env
sed -i '/^KAKAO_CLIENT_SECRET=/d' .env
sed -i '/^KAKAO_API_KEY=/d' .env
sed -i '/^ZOOM_ACCOUNT_ID=/d' .env
sed -i '/^ZOOM_CLIENT_ID=/d' .env
sed -i '/^ZOOM_CLIENT_SECRET=/d' .env
sed -i '/^GCP_IP=/d' .env
sed -i '/^FRONT_DOMAIN_A=/d' .env
sed -i '/^FRONT_DOMAIN_B=/d' .env
sed -i '/^FRONT_CALLBACK=/d' .env
sed -i '/^REDIS_HOST=/d' .env
sed -i '/^REDIS_PORT=/d' .env
# Secret Manager에서 최신 값들을 가져와서 .env에 추가
echo "" >> .env
echo "DB_URL=$(gcloud secrets versions access latest --secret='db-url')" >> .env
echo "JWT_SECRET=$(gcloud secrets versions access latest --secret='jwt-secret')" >> .env
echo "GOOGLE_CLIENT_ID=$(gcloud secrets versions access latest --secret='google-client-id')" >> .env
echo "GOOGLE_CLIENT_SECRET=$(gcloud secrets versions access latest --secret='google-client-secret')" >> .env
echo "GOOGLE_API_KEY=$(gcloud secrets versions access latest --secret='google-api-key')" >> .env
echo "GOOGLE_CALENDAR_REDIRECT_URI=$(gcloud secrets versions access latest --secret='google-calendar-redirect-uri')" >> .env
echo "OAUTH_REDIRECT_URI=$(gcloud secrets versions access latest --secret='oauth-redirect-uri')" >> .env
echo "KAKAO_CLIENT_ID=$(gcloud secrets versions access latest --secret='kakao-client-id')" >> .env
echo "KAKAO_CLIENT_SECRET=$(gcloud secrets versions access latest --secret='kakao-client-secret')" >> .env
echo "KAKAO_API_KEY=$(gcloud secrets versions access latest --secret='kakao-api-key')" >> .env
echo "ZOOM_ACCOUNT_ID=$(gcloud secrets versions access latest --secret='zoom-account-id')" >> .env
echo "ZOOM_CLIENT_ID=$(gcloud secrets versions access latest --secret='zoom-client-id')" >> .env
echo "ZOOM_CLIENT_SECRET=$(gcloud secrets versions access latest --secret='zoom-client-secret')" >> .env
echo "GCP_IP=$(gcloud secrets versions access latest --secret='gcp-ip')" >> .env
echo "FRONT_DOMAIN_A=$(gcloud secrets versions access latest --secret='front-domain-A')" >> .env
echo "FRONT_DOMAIN_B=$(gcloud secrets versions access latest --secret='front-domain-B')" >> .env
echo "FRONT_CALLBACK=$(gcloud secrets versions access latest --secret='front-callback')" >> .env
echo "REDIS_HOST=$(gcloud secrets versions access latest --secret='redis-host')" >> .env
echo "REDIS_PORT=$(gcloud secrets versions access latest --secret='redis-port')" >> .env
echo "Updated Secret Manager Values"
echo "Stopping existing containers..."
sudo docker-compose down || true
echo "Cleaning up old images..."
sudo docker image prune -f
sudo docker rmi ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE_NAME }}:latest || true
sudo docker system prune -f || true
echo "Pulling latest image..."
sudo docker pull ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE_NAME }}:latest --disable-content-trust
echo "Starting containers with updated configuration..."
sudo docker-compose up -d
echo "Container status:"
sudo docker-compose ps
echo "Waiting for application to start..."
sleep 15
echo "Recent logs:"
sudo docker-compose logs --tail=30
echo "=== Deployed Image Info ==="
sudo docker images | grep ${{ secrets.DOCKER_IMAGE_NAME }}
echo "=== Container Info ==="
sudo docker ps | grep ittaeok
echo "=== Environment Variables Verification ==="
sudo docker exec ittaeok env | grep -E "(DB_URL|JWT_SECRET|REDIS_HOST)" | head -3
- name: Deployment completed
run: |
echo "Deployment completed successfully"
echo "Deployed commit: ${{ github.sha }}"
echo "Repository: ${{ github.repository }}"
echo "Secret Manager values automatically updated"