feat: Lambda 실행환경 및 git action 배포 환경 최적화 #6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Lambda to Dev | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: [ "feat/#766-spring3-update" ] | |
| jobs: | |
| deploy: | |
| name: Build and Deploy Lambda | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v3 | |
| with: | |
| distribution: 'corretto' | |
| java-version: '17' | |
| - name: Setup Gradle cache | |
| uses: actions/cache@v3 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_TEMP }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY_TEMP }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: Get application-lambda-dev.yml from AWS S3 | |
| run: | | |
| aws s3 cp \ | |
| --region ap-northeast-2 \ | |
| s3://sopt-makers-internal/dev/deploy/application-lambda-dev.yml src/main/resources/application-lambda-dev.yml | |
| - name: Get Apple key from AWS S3 | |
| run: | | |
| aws s3 cp \ | |
| --region ap-northeast-2 \ | |
| s3://sopt-makers-internal/dev/deploy/${{ secrets.APPLE_KEY }} src/main/resources/static/${{ secrets.APPLE_KEY }} | |
| - name: Set up QEMU for multi-platform builds | |
| uses: docker/setup-qemu-action@v2 | |
| with: | |
| platforms: linux/arm64 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to ECR Public | |
| run: | | |
| aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws | |
| - name: Login to ECR Private | |
| run: | | |
| aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | docker login --username AWS --password-stdin ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com | |
| - name: Generate timestamp tag | |
| id: timestamp | |
| run: | | |
| TIMESTAMP=$(date +%Y%m%d-%H%M%S) | |
| echo "IMAGE_TAG=build-$TIMESTAMP" >> $GITHUB_OUTPUT | |
| echo "Generated image tag: build-$TIMESTAMP" | |
| - name: Build Docker image with GraalVM native compilation | |
| run: | | |
| docker buildx build \ | |
| --platform=linux/arm64 \ | |
| --cache-from type=gha \ | |
| --cache-to type=gha,mode=max \ | |
| -t ${{ secrets.AWS_LAMBDA_DEV_ECR_REPO }}:${{ steps.timestamp.outputs.IMAGE_TAG }} \ | |
| --load \ | |
| . | |
| - name: Tag and push Docker image to ECR | |
| run: | | |
| REPO_URI=${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com/${{ secrets.AWS_LAMBDA_DEV_ECR_REPO }} | |
| # Push with timestamp tag | |
| docker tag ${{ secrets.AWS_LAMBDA_DEV_ECR_REPO }}:${{ steps.timestamp.outputs.IMAGE_TAG }} $REPO_URI:${{ steps.timestamp.outputs.IMAGE_TAG }} | |
| docker push $REPO_URI:${{ steps.timestamp.outputs.IMAGE_TAG }} | |
| # Push with latest tag | |
| docker tag ${{ secrets.AWS_LAMBDA_DEV_ECR_REPO }}:${{ steps.timestamp.outputs.IMAGE_TAG }} $REPO_URI:latest | |
| docker push $REPO_URI:latest | |
| echo "IMAGE_URI=$REPO_URI:${{ steps.timestamp.outputs.IMAGE_TAG }}" >> $GITHUB_ENV | |
| - name: Set up Python for SAM CLI | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.11' | |
| - name: Install AWS SAM CLI | |
| run: | | |
| pip install aws-sam-cli | |
| - name: Deploy to Lambda with SAM | |
| working-directory: ./lambda | |
| run: | | |
| sam deploy \ | |
| --config-env dev \ | |
| --no-confirm-changeset \ | |
| --no-fail-on-empty-changeset \ | |
| --parameter-overrides ImageUri=${{ env.IMAGE_URI }} |