Deploy and Release Services #35
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Services | |
| on: | |
| push: | |
| branches: | |
| - release | |
| paths: | |
| - "src/backend/**" | |
| workflow_dispatch: | |
| jobs: | |
| deploy-backend: | |
| name: Build and Deploy Backend | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ap-northeast-2 | |
| - name: Setup Nginx and SSL | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ubuntu | |
| key: ${{ secrets.EC2_SSH_KEY }} | |
| script: | | |
| if ! command -v nginx &> /dev/null; then | |
| sudo apt update | |
| sudo apt install -y nginx certbot python3-certbot-nginx | |
| fi | |
| sudo tee /etc/nginx/sites-available/default << 'EOF' | |
| server { | |
| listen 80; | |
| listen [::]:80; | |
| server_name api-loa-life.duckdns.org; | |
| add_header 'Access-Control-Allow-Origin' 'https://loa-life.vercel.app' always; | |
| add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; | |
| add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,Apollo-Require-Preflight,x-apollo-operation-name,apollo-require-preflight' always; | |
| add_header 'Access-Control-Allow-Credentials' 'true' always; | |
| location = /graphql { | |
| if ($request_method = 'OPTIONS') { | |
| add_header 'Access-Control-Allow-Origin' 'https://loa-life.vercel.app' always; | |
| add_header 'Access-Control-Allow-Methods' 'GET, POST, OPTIONS' always; | |
| add_header 'Access-Control-Allow-Headers' 'DNT,User-Agent,X-Requested-With,If-Modified-Since,Cache-Control,Content-Type,Range,Authorization,Apollo-Require-Preflight,x-apollo-operation-name,apollo-require-preflight' always; | |
| add_header 'Access-Control-Allow-Credentials' 'true' always; | |
| add_header 'Access-Control-Max-Age' 1728000; | |
| add_header 'Content-Type' 'text/plain; charset=utf-8'; | |
| add_header 'Content-Length' 0; | |
| return 204; | |
| } | |
| proxy_pass http://localhost:3001; | |
| proxy_http_version 1.1; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection 'upgrade'; | |
| proxy_set_header Host $host; | |
| proxy_cache_bypass $http_upgrade; | |
| } | |
| location / { | |
| proxy_pass http://localhost:3001; | |
| proxy_http_version 1.1; | |
| proxy_set_header Upgrade $http_upgrade; | |
| proxy_set_header Connection 'upgrade'; | |
| proxy_set_header Host $host; | |
| proxy_cache_bypass $http_upgrade; | |
| } | |
| } | |
| EOF | |
| if [ ! -d "/etc/letsencrypt/live/api-loa-life.duckdns.org" ]; then | |
| sudo certbot --nginx -d api-loa-life.duckdns.org --non-interactive --agree-tos --email ${{ secrets.CERTBOT_EMAIL }} | |
| fi | |
| sudo systemctl reload nginx | |
| - name: Build and Deploy Backend | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ubuntu | |
| key: ${{ secrets.EC2_SSH_KEY }} | |
| script: | | |
| cd /home/ubuntu/loalife | |
| git pull origin release | |
| docker build -t backend-service ./src/backend | |
| docker stop backend-service || true | |
| docker rm backend-service || true | |
| docker run -d \ | |
| --name backend-service \ | |
| -p 3001:3001 \ | |
| -e DATABASE_URL="${{ secrets.DATABASE_URL }}" \ | |
| -e GOOGLE_CLIENT_ID="${{ secrets.GOOGLE_CLIENT_ID }}" \ | |
| -e GOOGLE_CLIENT_SECRET="${{ secrets.GOOGLE_CLIENT_SECRET }}" \ | |
| -e GOOGLE_AUTH_CALLBACK_URL="${{ secrets.GOOGLE_AUTH_CALLBACK_URL }}" \ | |
| -e DISCORD_CLIENT_ID="${{ secrets.DISCORD_CLIENT_ID }}" \ | |
| -e DISCORD_CLIENT_SECRET="${{ secrets.DISCORD_CLIENT_SECRET }}" \ | |
| -e DISCORD_AUTH_CALLBACK_URL="${{ secrets.DISCORD_AUTH_CALLBACK_URL }}" \ | |
| -e KAKAO_CLIENT_ID="${{ secrets.KAKAO_CLIENT_ID }}" \ | |
| -e KAKAO_CLIENT_SECRET="${{ secrets.KAKAO_CLIENT_SECRET }}" \ | |
| -e KAKAO_AUTH_CALLBACK_URL="${{ secrets.KAKAO_AUTH_CALLBACK_URL }}" \ | |
| -e AUTH_SUCCESS_URL="${{ secrets.AUTH_SUCCESS_URL }}" \ | |
| -e CLIENT_ENDPOINT="${{ secrets.CLIENT_ENDPOINT }}" \ | |
| --restart always \ | |
| backend-service | |
| - name: Run Database Migrations | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ubuntu | |
| key: ${{ secrets.EC2_SSH_KEY }} | |
| script: | | |
| cd /home/ubuntu/loalife/src/backend | |
| docker exec backend-service npx prisma migrate deploy --schema=/app/prisma/schema.prisma |