Merge pull request #46 from DGU-RETURNWORK/feature/#10_create_acciden… #41
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Production Deployment | |
| on: | |
| push: | |
| branches: ["dev"] | |
| workflow_dispatch: # 수동 배포 가능 | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Free up disk space | |
| run: | | |
| sudo rm -rf /usr/share/dotnet | |
| sudo rm -rf /opt/ghc | |
| sudo rm -rf /usr/local/share/boost | |
| sudo rm -rf "$AGENT_TOOLSDIRECTORY" | |
| sudo apt clean | |
| sudo docker system prune -af | |
| df -h | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Create production application.yml | |
| run: | | |
| cd ./src/main/resources | |
| echo "${{ secrets.APPLICATION_PROD_YML }}" > ./application-prod.yml | |
| echo "${{ secrets.APPLICATION_JWT_YML }}" > ./application-jwt.yml | |
| echo '${{ secrets.APPLICATION_EMAIL_YML }}' > ./application-email.yml | |
| echo '${{ secrets.APPLICATION_REDIS_YML }}' > ./appication-redis.yml | |
| echo '${{ secrets.APPLICATION_OAUTH_YML }}' > ./appication-oauth.yml | |
| shell: bash | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| push: true | |
| tags: ${{ secrets.DOCKER_USERNAME }}/returnwork:${{ github.sha }},${{ secrets.DOCKER_USERNAME }}/returnwork:latest | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| deploy: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Create .env file for production | |
| run: | | |
| echo "SPRING_PROFILES_ACTIVE=prod" >> .env | |
| echo "DB_NAME=${{ secrets.DB_NAME }}" >> .env | |
| echo "DB_USERNAME=${{ secrets.DB_USERNAME }}" >> .env | |
| echo "DB_PASSWORD=${{ secrets.DB_PASSWORD }}" >> .env | |
| echo "JWT_SECRET=${{ secrets.JWT_SECRET }}" >> .env | |
| echo "DOCKER_IMAGE=${{ secrets.DOCKER_USERNAME }}/returnwork:${{ github.sha }}" >> .env | |
| - name: Deploy to EC2 | |
| env: | |
| EC2_SSH_KEY: ${{ secrets.EC2_SSH_KEY }} | |
| EC2_USERNAME: ${{ secrets.EC2_USERNAME }} | |
| EC2_HOST: ${{ secrets.EC2_HOST }} | |
| run: | | |
| echo "$EC2_SSH_KEY" | base64 -d > private_key.pem | |
| chmod 600 private_key.pem | |
| # Copy deployment files to server | |
| echo "=== Copying docker-compose.yml ===" | |
| scp -i private_key.pem -o StrictHostKeyChecking=no docker-compose.yml $EC2_USERNAME@$EC2_HOST:/home/$EC2_USERNAME/ | |
| echo "=== Copying .env file ===" | |
| scp -i private_key.pem -o StrictHostKeyChecking=no .env $EC2_USERNAME@$EC2_HOST:/home/$EC2_USERNAME/ | |
| echo "=== Copy completed ===" | |
| # Deploy on server | |
| ssh -i private_key.pem -o StrictHostKeyChecking=no $EC2_USERNAME@$EC2_HOST " | |
| # Login to Docker Hub | |
| echo '${{ secrets.DOCKER_PASSWORD }}' | docker login -u '${{ secrets.DOCKER_USERNAME }}' --password-stdin | |
| # Stop and remove containers but preserve volumes(수정, 볼륩 보존) | |
| docker-compose down --remove-orphans | |
| # Pull latest image and start services | |
| docker-compose pull | |
| docker-compose up -d | |
| # Wait for services to be healthy | |
| echo 'Waiting for services to start...' | |
| sleep 30 | |
| # Check if services are running | |
| docker-compose ps | |
| # Show recent logs for debugging | |
| echo '=== Recent application logs ===' | |
| docker-compose logs --tail=50 app | |
| # Check application health | |
| echo '=== Checking application health ===' | |
| sleep 10 | |
| curl -f http://localhost:8080/actuator/health || echo 'Health check failed' | |
| # Clean up old returnwork images (keep latest, current SHA, and 2 recent versions) | |
| docker images ${{ secrets.DOCKER_USERNAME }}/returnwork --format '{{.Repository}}:{{.Tag}}' | grep -v latest | grep -v ${{ github.sha }} | head -n -2 | xargs -r docker rmi || true | |
| " | |
| rm -f private_key.pem |