Skip to content
deploy

Fix/dockerfile parse (#536) #151

Sign in to view logs

Fix/dockerfile parse (#536)

Fix/dockerfile parse (#536) #151

Workflow file for this run

.github/workflows/deploy.yml at a06c171
name: deploy
env:
IMAGE_NAME: tt_backend
on:
push:
paths:
- ".github/workflows/**"
- "src/**"
- "build.gradle"
- "settings.gradle"
- "build.gradle.kts"
- "settings.gradle.kts"
- "gradle/**"
- "gradlew"
- "gradlew.bat"
- "Dockerfile"
- "docker/**"
branches:
- develop
permissions:
contents: write
packages: write
jobs:
makeTagAndRelease:
runs-on: ubuntu-latest
outputs:
tag_name: ${{ steps.create_tag.outputs.new_tag }}
steps:
- uses: actions/checkout@v4
- name: Create Tag
id: create_tag
uses: mathieudutour/github-tag-action@v6.2
with:
github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
- name: Create Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
with:
tag_name: ${{ steps.create_tag.outputs.new_tag }}
release_name: Release ${{ steps.create_tag.outputs.new_tag }}
body: ${{ steps.create_tag.outputs.changelog }}
draft: false
prerelease: false
buildImageAndPush:
name: 도커 이미지 빌드와 푸시
needs: makeTagAndRelease
runs-on: ubuntu-latest
outputs:
owner_lc: ${{ steps.export_owner.outputs.owner_lc }}
image_name: ${{ steps.export_image.outputs.image_name }}
steps:
- uses: actions/checkout@v4
- name: Docker Buildx 설치
uses: docker/setup-buildx-action@v2
- name: 레지스트리 로그인
uses: docker/login-action@v2
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
- name: set lower case owner name
id: export_owner
run: |
OWNER_LC="chehyeon-kim23"
echo "owner_lc=$OWNER_LC" >> $GITHUB_OUTPUT
- name: export image name
id: export_image
run: echo "image_name=tt_backend" >> $GITHUB_OUTPUT
- name: 빌드 앤 푸시
uses: docker/build-push-action@v3
with:
context: .
push: true
cache-from: type=registry,ref=ghcr.io/${{ steps.export_owner.outputs.owner_lc }}/${{ steps.export_image.outputs.image_name }}:cache
cache-to: type=registry,ref=ghcr.io/${{ steps.export_owner.outputs.owner_lc }}/${{ steps.export_image.outputs.image_name }}:cache,mode=max
tags: |
ghcr.io/${{ steps.export_owner.outputs.owner_lc }}/${{ steps.export_image.outputs.image_name }}:${{ needs.makeTagAndRelease.outputs.tag_name }},
ghcr.io/${{ steps.export_owner.outputs.owner_lc }}/${{ steps.export_image.outputs.image_name }}:latest
deploy:
runs-on: ubuntu-latest
needs: [ buildImageAndPush ]
steps:
- uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_REGION }}
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
- name: 인스턴스 ID 가져오기
id: get_instance_id
run: |
INSTANCE_ID=$(aws ec2 describe-instances --filters "Name=tag:Name,Values=TT-ec2-1" "Name=instance-state-name,Values=running" --query "Reservations[].Instances[].InstanceId" --output text)
echo "INSTANCE_ID=$INSTANCE_ID" >> $GITHUB_ENV
- name: AWS SSM Send-Command (Official CLI)
run: |
aws ssm send-command \
--instance-ids "${{ env.INSTANCE_ID }}" \
--document-name "AWS-RunShellScript" \
--comment "Deploy Spring Boot (Doppler env_file injection)" \
--parameters '{
"commands": [
"#!/bin/bash",
"set -euo pipefail",
"export HOME=/root",
"export PATH=$PATH:/usr/local/bin",
"git config --global --add safe.directory /dockerProjects/tt-src/WEB7_9_B2ST_BE",
"cd /dockerProjects/tt-src/WEB7_9_B2ST_BE/ || exit 1",
"git fetch --all",
"git reset --hard origin/develop",
"cd docker/",
"export DOPPLER_TOKEN=\"${{ secrets.DOPPLER_TOKEN }}\"",
"export DOPPLER_PROJECT=tt",
"export DOPPLER_CONFIG=prd",
"echo \"${{ secrets.PERSONAL_ACCESS_TOKEN }}\" | docker login ghcr.io -u ${{ github.actor }} --password-stdin 2>/dev/null",
"umask 077",
"doppler secrets download --project \"$DOPPLER_PROJECT\" --config \"$DOPPLER_CONFIG\" --format env --no-file > doppler.env",
"chmod 600 doppler.env",
"docker compose --env-file doppler.env pull",
"docker compose --env-file doppler.env up -d --force-recreate",
"rm -f doppler.env",
"docker image prune -f",
"docker logout ghcr.io 2>/dev/null"
]
}' \
--region ${{ secrets.AWS_REGION }}