DB_DATABASE 환경변수화 #36
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI/CD Pipeline | |
on: | |
push: | |
branches: | |
- main # main 브랜치에 푸시될 때 실행 | |
jobs: | |
build-and-deploy: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout Code | |
uses: actions/checkout@v3 | |
- name: Set Docker Permissions | |
run: | | |
sudo chmod 666 /var/run/docker.sock | |
- name: Generate .env.prod | |
run: | | |
echo "DB_HOST=${{ secrets.DB_HOST }}" >> .env.prod | |
echo "DB_PASSWORD=${{ secrets.DB_PASSWORD }}" >> .env.prod | |
echo "DB_PORT=${{ secrets.DB_PORT }}" >> .env.prod | |
echo "DB_DATABASE=${{ secrets.DB_DATABASE }}" >> .env.prod | |
echo "SECRET_FOR_JWT=${{ secrets.SECRET_FOR_JWT }}" >> .env.prod | |
- name: Get Public IP | |
id: ip | |
uses: haythem/[email protected] | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v2 | |
- name: Log in to Docker Hub | |
uses: docker/login-action@v2 | |
with: | |
username: ${{ secrets.DOCKER_USERNAME }} | |
password: ${{ secrets.DOCKER_PASSWORD }} | |
- name: Get Version | |
id: version | |
run: echo "VERSION=1.0.$(date +%s)" >> $GITHUB_ENV | |
- name: Build and Push Docker Image | |
run: | | |
docker build -t odumag99/snuvote:${{ env.VERSION }} . | |
docker tag odumag99/snuvote:${{ env.VERSION }} odumag99/snuvote:latest | |
docker push odumag99/snuvote:${{ env.VERSION }} | |
docker push odumag99/snuvote:latest | |
- name: Configure AWS credentials | |
uses: aws-actions/configure-aws-credentials@v4 | |
with: | |
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
aws-region: 'ap-northeast-2' | |
- name: Add GitHub Actions IP | |
run: | | |
aws ec2 authorize-security-group-ingress \ | |
--group-id ${{ secrets.SECURITY_GROUP_ID }} \ | |
--protocol tcp \ | |
--port 22 \ | |
--cidr ${{ steps.ip.outputs.ipv4 }}/32 || true | |
- name: Copy .env.prod to EC2 | |
run: | | |
echo "${{ secrets.SERVER_SSH_KEY }}" > ssh_key | |
chmod 600 ssh_key | |
scp -i ssh_key -o StrictHostKeyChecking=no .env.prod ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_IP }}:/home/${{ secrets.SERVER_USER }}/.env.prod | |
- name: Deploy to EC2 | |
run: | | |
ssh -i ssh_key -o StrictHostKeyChecking=no ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_IP }} " | |
sudo docker pull odumag99/snuvote:${{ env.VERSION }} && | |
if [ \"\$(sudo docker ps -aq -f name=snuvote)\" ]; then | |
sudo docker stop snuvote | |
sudo docker rm snuvote | |
fi && | |
sudo docker run -d --name snuvote -p 8000:8000 \ | |
--env-file /home/${{ secrets.SERVER_USER }}/.env.prod \ | |
odumag99/snuvote:${{ env.VERSION }}" | |
- name: Remove GitHub Actions IP | |
run: | | |
aws ec2 revoke-security-group-ingress \ | |
--group-id ${{ secrets.SECURITY_GROUP_ID }} \ | |
--protocol tcp \ | |
--port 22 \ | |
--cidr ${{ steps.ip.outputs.ipv4 }}/32 || true |