go release 코드 통합 #72
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Services | |
| on: | |
| push: | |
| branches: [release] | |
| paths: ["src/backend/**", "src/go/**"] | |
| workflow_dispatch: | |
| jobs: | |
| deploy-backend: | |
| name: Build and Deploy Backend | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ap-northeast-2 | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Copy nginx config | |
| uses: appleboy/scp-action@master | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ubuntu | |
| key: ${{ secrets.EC2_SSH_KEY }} | |
| source: "infra/nginx/default.conf" | |
| target: "/home/ubuntu" | |
| - name: Setup Nginx and SSL | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ubuntu | |
| key: ${{ secrets.EC2_SSH_KEY }} | |
| script: | | |
| if ! command -v nginx &> /dev/null; then | |
| sudo apt update | |
| sudo apt install -y nginx certbot python3-certbot-nginx | |
| fi | |
| sudo cp /home/ubuntu/infra/nginx/default.conf /etc/nginx/sites-available/default | |
| if [ ! -d "/etc/letsencrypt/live/api-loa-life.duckdns.org" ]; then | |
| sudo certbot --nginx -d api-loa-life.duckdns.org --non-interactive --agree-tos --email ${{ secrets.CERTBOT_EMAIL }} | |
| fi | |
| sudo systemctl reload nginx | |
| - name: Build and Push Docker image | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker build -t $ECR_REGISTRY/loa-life:backend-api-$IMAGE_TAG ./src/backend | |
| docker push $ECR_REGISTRY/loa-life:backend-api-$IMAGE_TAG | |
| docker tag $ECR_REGISTRY/loa-life:backend-api-$IMAGE_TAG $ECR_REGISTRY/loa-life:backend-api-latest | |
| docker push $ECR_REGISTRY/loa-life:backend-api-latest | |
| - name: Install AWS CLI on EC2 | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ubuntu | |
| key: ${{ secrets.EC2_SSH_KEY }} | |
| script: | | |
| if ! command -v aws &> /dev/null; then | |
| curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" | |
| sudo apt install -y unzip | |
| unzip awscliv2.zip | |
| sudo ./aws/install | |
| rm -rf aws awscliv2.zip | |
| fi | |
| # Configure AWS CLI | |
| mkdir -p ~/.aws | |
| cat > ~/.aws/credentials << EOF | |
| [default] | |
| aws_access_key_id = ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws_secret_access_key = ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| EOF | |
| cat > ~/.aws/config << EOF | |
| [default] | |
| region = ap-northeast-2 | |
| output = json | |
| EOF | |
| - name: Deploy to EC2 | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ubuntu | |
| key: ${{ secrets.EC2_SSH_KEY }} | |
| script: | | |
| aws ecr get-login-password --region ap-northeast-2 | docker login --username AWS --password-stdin ${{ secrets.ECR_REGISTRY }} | |
| docker pull ${{ secrets.ECR_REGISTRY }}/loa-life:backend-api-latest | |
| docker stop backend-service || true | |
| docker rm backend-service || true | |
| docker run -d \ | |
| --name backend-service \ | |
| -p 3001:3001 \ | |
| -e DATABASE_URL="${{ secrets.DATABASE_URL }}" \ | |
| -e GOOGLE_CLIENT_ID="${{ secrets.GOOGLE_CLIENT_ID }}" \ | |
| -e GOOGLE_CLIENT_SECRET="${{ secrets.GOOGLE_CLIENT_SECRET }}" \ | |
| -e GOOGLE_AUTH_CALLBACK_URL="${{ secrets.GOOGLE_AUTH_CALLBACK_URL }}" \ | |
| -e DISCORD_CLIENT_ID="${{ secrets.DISCORD_CLIENT_ID }}" \ | |
| -e DISCORD_CLIENT_SECRET="${{ secrets.DISCORD_CLIENT_SECRET }}" \ | |
| -e DISCORD_AUTH_CALLBACK_URL="${{ secrets.DISCORD_AUTH_CALLBACK_URL }}" \ | |
| -e KAKAO_CLIENT_ID="${{ secrets.KAKAO_CLIENT_ID }}" \ | |
| -e KAKAO_CLIENT_SECRET="${{ secrets.KAKAO_CLIENT_SECRET }}" \ | |
| -e KAKAO_AUTH_CALLBACK_URL="${{ secrets.KAKAO_AUTH_CALLBACK_URL }}" \ | |
| -e AUTH_SUCCESS_URL="${{ secrets.AUTH_SUCCESS_URL }}" \ | |
| -e CLIENT_ENDPOINT="${{ secrets.CLIENT_ENDPOINT }}" \ | |
| --restart always \ | |
| ${{ secrets.ECR_REGISTRY }}/loa-life:backend-api-latest | |
| - name: Run Database Migrations | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ubuntu | |
| key: ${{ secrets.EC2_SSH_KEY }} | |
| script: | | |
| docker exec backend-service npx prisma migrate deploy --schema=/app/prisma/schema.prisma | |
| deploy-go-services: | |
| strategy: | |
| matrix: | |
| include: | |
| - name: market-item-stat-scraper | |
| app-path: src/go/apps/market-item-stat-scraper | |
| host-secret: MISS_EC2_HOST | |
| ssh-key-secret: MISS_EC2_SSH_KEY | |
| - name: auction-item-stat-scraper | |
| app-path: src/go/apps/auction-item-stat-scraper | |
| host-secret: AISS_EC2_HOST | |
| ssh-key-secret: AISS_EC2_SSH_KEY | |
| name: Build and Deploy ${{ matrix.name }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Configure AWS credentials for ECR | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ap-northeast-2 | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Build and Push Docker image | |
| env: | |
| ECR_REGISTRY: ${{ secrets.ECR_REGISTRY }} | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker build \ | |
| --build-arg APP_PATH=${{ matrix.app-path }} \ | |
| -t $ECR_REGISTRY/loa-life:${{ matrix.name }}-$IMAGE_TAG \ | |
| -f src/go/Dockerfile . | |
| docker push $ECR_REGISTRY/loa-life:${{ matrix.name }}-$IMAGE_TAG | |
| docker tag $ECR_REGISTRY/loa-life:${{ matrix.name }}-$IMAGE_TAG $ECR_REGISTRY/loa-life:${{ matrix.name }}-latest | |
| docker push $ECR_REGISTRY/loa-life:${{ matrix.name }}-latest | |
| - name: Deploy to EC2 | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets[matrix.host-secret] }} | |
| username: ubuntu | |
| key: ${{ secrets[matrix.ssh-key-secret] }} | |
| script: | | |
| # Install AWS CLI if not exists | |
| if ! command -v aws &> /dev/null; then | |
| curl "https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip" -o "awscliv2.zip" | |
| sudo apt install -y unzip | |
| unzip awscliv2.zip | |
| sudo ./aws/install | |
| rm -rf aws awscliv2.zip | |
| fi | |
| # Install Docker if not exists | |
| if ! command -v docker &> /dev/null; then | |
| sudo apt-get update | |
| sudo apt-get install -y ca-certificates curl gnupg | |
| sudo install -m 0755 -d /etc/apt/keyrings | |
| curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo gpg --dearmor -o /etc/apt/keyrings/docker.gpg | |
| sudo chmod a+r /etc/apt/keyrings/docker.gpg | |
| echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.gpg] https://download.docker.com/linux/ubuntu $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | sudo tee /etc/apt/sources.list.d/docker.list > /dev/null | |
| sudo apt-get update | |
| sudo apt-get install -y docker-ce docker-ce-cli containerd.io | |
| sudo usermod -aG docker ubuntu | |
| fi | |
| # Configure AWS CLI | |
| mkdir -p ~/.aws | |
| cat > ~/.aws/credentials << EOF | |
| [default] | |
| aws_access_key_id = ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws_secret_access_key = ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| EOF | |
| cat > ~/.aws/config << EOF | |
| [default] | |
| region = ap-northeast-2 | |
| output = json | |
| EOF | |
| # Deploy container | |
| aws ecr get-login-password --region ap-northeast-2 | docker login --username AWS --password-stdin ${{ secrets.ECR_REGISTRY }} | |
| docker pull ${{ secrets.ECR_REGISTRY }}/loa-life:${{ matrix.name }}-latest | |
| docker stop ${{ matrix.name }} || true | |
| docker rm ${{ matrix.name }} || true | |
| docker run -d \ | |
| --name ${{ matrix.name }} \ | |
| -e DATABASE_URL="${{ secrets.DATABASE_URL }}" \ | |
| -e LOA_API_BASE_URL="${{ secrets.LOA_API_BASE_URL }}" \ | |
| -e LOA_API_TOKEN="${{ secrets.LOA_API_TOKEN }}" \ | |
| --restart always \ | |
| ${{ secrets.ECR_REGISTRY }}/loa-life:${{ matrix.name }}-latest |