ãpordrod강제설정 (#549) #161

Workflow file for this run

	name: deploy
	env:
	IMAGE_NAME: tt_backend

	on:
	push:
	paths:
	- ".github/workflows/**"
	- "src/**"
	- "build.gradle"
	- "settings.gradle"
	- "build.gradle.kts"
	- "settings.gradle.kts"
	- "gradle/**"
	- "gradlew"
	- "gradlew.bat"
	- "Dockerfile"
	- "docker/**"
	branches:
	- develop

	permissions:
	contents: write
	packages: write

	jobs:
	makeTagAndRelease:
	runs-on: ubuntu-latest
	outputs:
	tag_name: ${{ steps.create_tag.outputs.new_tag }}
	steps:
	- uses: actions/checkout@v4
	- name: Create Tag
	id: create_tag
	uses: mathieudutour/github-tag-action@v6.2
	with:
	github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
	- name: Create Release
	id: create_release
	uses: actions/create-release@v1
	env:
	GITHUB_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
	with:
	tag_name: ${{ steps.create_tag.outputs.new_tag }}
	release_name: Release ${{ steps.create_tag.outputs.new_tag }}
	body: ${{ steps.create_tag.outputs.changelog }}
	draft: false
	prerelease: false

	buildImageAndPush:
	name: 도커 이미지 빌드와 푸시
	needs: makeTagAndRelease
	runs-on: ubuntu-latest
	outputs:
	owner_lc: ${{ steps.export_owner.outputs.owner_lc }}
	image_name: ${{ steps.export_image.outputs.image_name }}
	steps:
	- uses: actions/checkout@v4

	- name: Docker Buildx 설치
	uses: docker/setup-buildx-action@v2

	- name: 레지스트리 로그인
	uses: docker/login-action@v2
	with:
	registry: ghcr.io
	username: ${{ github.actor }}
	password: ${{ secrets.PERSONAL_ACCESS_TOKEN }}

	- name: set lower case owner name
	id: export_owner
	run: \|
	OWNER_LC="chehyeon-kim23"
	echo "owner_lc=$OWNER_LC" >> $GITHUB_OUTPUT

	- name: export image name
	id: export_image
	run: echo "image_name=tt_backend" >> $GITHUB_OUTPUT

	- name: 빌드 앤 푸시
	uses: docker/build-push-action@v3
	with:
	context: .
	push: true
	cache-from: type=registry,ref=ghcr.io/${{ steps.export_owner.outputs.owner_lc }}/${{ steps.export_image.outputs.image_name }}:cache
	cache-to: type=registry,ref=ghcr.io/${{ steps.export_owner.outputs.owner_lc }}/${{ steps.export_image.outputs.image_name }}:cache,mode=max
	tags: \|
	ghcr.io/${{ steps.export_owner.outputs.owner_lc }}/${{ steps.export_image.outputs.image_name }}:${{ needs.makeTagAndRelease.outputs.tag_name }},
	ghcr.io/${{ steps.export_owner.outputs.owner_lc }}/${{ steps.export_image.outputs.image_name }}:latest

	deploy:
	runs-on: ubuntu-latest
	needs: [ buildImageAndPush ]
	steps:
	- uses: aws-actions/configure-aws-credentials@v4
	with:
	aws-region: ${{ secrets.AWS_REGION }}
	aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
	aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}

	- name: 인스턴스 ID 가져오기
	id: get_instance_id
	run: \|
	INSTANCE_ID=$(aws ec2 describe-instances --filters "Name=tag:Name,Values=TT-ec2-1" "Name=instance-state-name,Values=running" --query "Reservations[].Instances[].InstanceId" --output text)
	echo "INSTANCE_ID=$INSTANCE_ID" >> $GITHUB_ENV

	- name: AWS SSM Send-Command (EC2 로컬 토큰 사용 - 노출 방지)
	run: \|
	aws ssm send-command \
	--instance-ids "${{ env.INSTANCE_ID }}" \
	--document-name "AWS-RunShellScript" \
	--comment "Deploy Spring Boot with doppler run (secure)" \
	--parameters '{
	"commands": [
	"#!/bin/bash",
	"set -euo pipefail",

	"export HOME=/root",
	"export PATH=$PATH:/usr/local/bin",

	"git config --global --add safe.directory /dockerProjects/tt-src/WEB7_9_B2ST_BE",

	"cd /dockerProjects/tt-src/WEB7_9_B2ST_BE/ \|\| exit 1",
	"git fetch --all",
	"git reset --hard origin/develop",

	"cd docker/",

	"# EC2에 저장된 토큰 파일에서 안전하게 읽기 (SSM 로그에 노출 안됨)",
	"export DOPPLER_TOKEN=$(sudo cat /etc/tt-secrets/doppler-token)",
	"export DOPPLER_PROJECT=tt",
	"export DOPPLER_CONFIG=prd",

	"# GitHub 토큰도 파일에서 읽기",
	"GITHUB_TOKEN=$(sudo cat /etc/tt-secrets/github-token)",
	"echo \"$GITHUB_TOKEN\" \| docker login ghcr.io -u ${{ github.actor }} --password-stdin 2>/dev/null",

	"doppler run --project \"$DOPPLER_PROJECT\" --config \"$DOPPLER_CONFIG\" -- docker compose pull",
	"doppler run --project \"$DOPPLER_PROJECT\" --config \"$DOPPLER_CONFIG\" -- docker compose up -d --force-recreate",

	"docker image prune -f",
	"docker logout ghcr.io 2>/dev/null",

	"echo \"Deployment completed at $(date)\"",
	"docker compose ps"
	]
	}' \
	--region ${{ secrets.AWS_REGION }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

ãpordrod강제설정 (#549) #161

Workflow file

ãpordrod강제설정 (#549) #161

Uh oh!

Workflow file for this run