feat: Dockerfile 추가 #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker - Build, Push to ECR and Deploy (Catchme-Backend) | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| workflow_dispatch: | |
| inputs: | |
| tag: | |
| description: 'Release tag to deploy' | |
| required: true | |
| default: 'latest' | |
| jobs: | |
| build-push-deploy: | |
| runs-on: ubuntu-latest | |
| environment: dev # STG 서버를 통합 환경으로 사용 | |
| permissions: | |
| id-token: write | |
| contents: read | |
| defaults: | |
| run: | |
| working-directory: ./ | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up QEMU | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| with: | |
| driver-opts: | | |
| image=moby/buildkit:latest | |
| # 1. AWS 자격 증명 설정 (Secrets 기반) | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: us-east-1 # ECR Public 로그인을 위해 us-east-1 사용 | |
| - name: Login to Amazon ECR Public | |
| id: login-ecr-public | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| with: | |
| registry-type: public | |
| # 2. JDK 21 및 Gradle 빌드 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '21' | |
| distribution: 'temurin' | |
| cache: gradle | |
| - name: Grant execute permission for gradlew | |
| run: chmod +x gradlew | |
| - name: Clean Build with Gradle | |
| run: ./gradlew clean build -x test --build-cache --parallel --daemon | |
| # 3. Docker 이미지 빌드 및 푸시 (ARM64 호환) | |
| - name: Build, tag, and push image to Amazon ECR | |
| env: | |
| ECR_REGISTRY: public.ecr.aws/${{ vars.ECR_PUBLIC_REGISTRY_ID }} | |
| IMAGE_TAG: ${{ github.event.inputs.tag || github.sha }} | |
| run: | | |
| docker buildx create --use --name catchme-builder | |
| docker buildx build \ | |
| --platform linux/arm64 \ | |
| --push \ | |
| --provenance=false \ | |
| --cache-from type=gha \ | |
| --cache-to type=gha,mode=max \ | |
| -t $ECR_REGISTRY/yourssu/${{ vars.PROJECT_NAME }}:$IMAGE_TAG \ | |
| -t $ECR_REGISTRY/yourssu/${{ vars.PROJECT_NAME }}:latest \ | |
| . | |
| # 4. EC2 서버 배포 및 .env 생성 | |
| - name: Deploy to EC2 | |
| env: | |
| YOURSSU_PEM: ${{ secrets.EC2_SSH_KEY }} | |
| HOST_URL: ${{ secrets.EC2_STG_HOST }} | |
| PROJECT_NAME: ${{ vars.PROJECT_NAME }} | |
| SERVER_PORT: ${{ vars.SERVER_PORT }} | |
| DB_URL: ${{ secrets.DB_URL }} | |
| DB_USERNAME: ${{ secrets.DB_USERNAME }} | |
| DB_PASSWORD: ${{ secrets.DB_PASSWORD }} | |
| ECR_REGISTRY: public.ecr.aws/${{ vars.ECR_PUBLIC_REGISTRY_ID }} | |
| run: | | |
| mkdir -p ~/.ssh | |
| ssh-keyscan -H $HOST_URL >> ~/.ssh/known_hosts | |
| echo "$YOURSSU_PEM" > yourssu.pem | |
| chmod 600 yourssu.pem | |
| # .env 파일 생성 | |
| echo "SERVER_PORT=$SERVER_PORT" >> .env | |
| echo "DB_URL=$DB_URL" >> .env | |
| echo "DB_USERNAME=$DB_USERNAME" >> .env | |
| echo "DB_PASSWORD=$DB_PASSWORD" >> .env | |
| echo "PROJECT_NAME=$PROJECT_NAME" >> .env | |
| echo "ECR_REGISTRY=$ECR_REGISTRY" >> .env | |
| # 서버 디렉토리 생성 및 파일 전송 | |
| ssh -i yourssu.pem ubuntu@$HOST_URL "mkdir -p /home/ubuntu/$PROJECT_NAME-api/logs" | |
| scp -i yourssu.pem .env ubuntu@$HOST_URL:/home/ubuntu/$PROJECT_NAME-api/ | |
| scp -i yourssu.pem script/docker-deploy.sh ubuntu@$HOST_URL:/home/ubuntu/$PROJECT_NAME-api/ | |
| # 스크립트 실행 권한 부여 및 배포 실행 | |
| ssh -i yourssu.pem ubuntu@$HOST_URL "chmod +x /home/ubuntu/$PROJECT_NAME-api/docker-deploy.sh" | |
| ssh -i yourssu.pem ubuntu@$HOST_URL "cd /home/ubuntu/$PROJECT_NAME-api && \ | |
| PROJECT_NAME=$PROJECT_NAME IMAGE_TAG=${{ github.event.inputs.tag || github.sha }} ./docker-deploy.sh" |