feat: check env #23
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: FE-Dockerizing to Amazon ECR | |
| on: | |
| push: | |
| branches: ["main"] | |
| pull_request: | |
| branches: ["main"] | |
| env: | |
| AWS_REGION: ap-northeast-2 | |
| ECR_REPOSITORY: sj-graduate | |
| ECR_REGISTRY: 214925768882.dkr.ecr.ap-northeast-2.amazonaws.com | |
| jobs: | |
| ci: | |
| name: FE-Deploy | |
| runs-on: ubuntu-latest | |
| environment: production | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Config AWS credentials # AWS 자격 증명을 구성하는 단계 | |
| uses: aws-actions/configure-aws-credentials@v2 # AWS 자격 증명 구성 액션 사용 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_IAM_ACCESS }} # GitHub Secrets에 저장된 AWS 액세스 키 ID 사용 | |
| aws-secret-access-key: ${{ secrets.AWS_IAM_SECRET }} # GitHub Secrets에 저장된 AWS 시크릿 액세스 키 사용 | |
| aws-region: ${{ env.AWS_REGION }} # 위에서 정의한 AWS 리전 사용 | |
| - name: Login To Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Build, tag, and push image to Amazon ECR | |
| id: build-image | |
| env: | |
| ECR_REGISTRY: ${{ env.ECR_REGISTRY }} | |
| ECR_REPOSITORY: ${{ env.ECR_REPOSITORY }} | |
| IMAGE_TAG: ${{ github.sha }} | |
| run: | | |
| docker build --build-arg NEXT_PUBLIC_API_URL=${{ secrets.NEXT_PUBLIC_API_URL }} \ | |
| -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f ./Dockerfile.prod . | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG | |
| echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV | |
| - name: Save image tag to file | |
| run: echo "${IMAGE_TAG}" > image-tag.txt | |
| - name: Verify image tag file | |
| run: cat image-tag.txt | |
| - name: Upload artifact | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: image-tag | |
| path: image-tag.txt | |
| cd: | |
| name: FE-Deploy Docker Image to Server | |
| runs-on: self-hosted | |
| needs: ci | |
| steps: | |
| - name: Download artifact | |
| uses: actions/download-artifact@v3 | |
| with: | |
| name: image-tag | |
| - name: Read image tag | |
| id: read-image-tag | |
| run: | | |
| IMAGE_TAG=$(cat image-tag.txt) | |
| echo "IMAGE_TAG=$IMAGE_TAG" >> $GITHUB_ENV | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_IAM_ACCESS }} | |
| aws-secret-access-key: ${{ secrets.AWS_IAM_SECRET }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Remove any existing .env.production file | |
| run: rm -f .env.production | |
| - name: Create .env.production file in config directory | |
| run: | | |
| echo NEXTAUTH_SECRET="${{ secrets.NEXTAUTH_SECRET }}" >> .env.production | |
| echo NEXTAUTH_URL="${{ secrets.NEXTAUTH_URL }}" >> .env.production | |
| echo NEXT_PUBLIC_API_URL="${{ secrets.NEXT_PUBLIC_API_URL }}" >> .env.production | |
| echo NEXT_PUBLIC_THREAD_KEY="${{ secrets.NEXT_PUBLIC_THREAD_KEY }}" >> .env.production | |
| # mkdir -p config | |
| # echo NEXTAUTH_SECRET="${{ secrets.NEXTAUTH_SECRET }}" >> config/.env.production | |
| # echo NEXTAUTH_URL="${{ secrets.NEXTAUTH_URL }}" >> config/.env.production | |
| # echo NEXT_PUBLIC_API_URL="${{ secrets.NEXT_PUBLIC_API_URL }}" >> config/.env.production | |
| # echo NEXT_PUBLIC_THREAD_KEY = "${{ secrets.NEXT_PUBLIC_THREAD_KEY }}" >> config/.env.production | |
| - name: Set permissions for .env.production file | |
| # run: chmod 600 config/.env.production | |
| run: chmod 600 .env.production | |
| - name: Verify .env file contents | |
| # run: cat config/.env.production | |
| run: cat .env.production | |
| - name: Pull image from Amazon ECR and restart Docker Container | |
| run: | | |
| docker pull ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} | |
| docker stop sj-graduate-client || true && docker rm sj-graduate-client || true | |
| docker run -d --name sj-graduate-client -p 3000:3000 --restart unless-stopped \ | |
| --env-file .env.production \ | |
| ${{ env.ECR_REGISTRY }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} | |
| # --env-file .env.production \ |