Production Server Deployer (CD) #68
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Production Server Deployer (CD) | |
| on: workflow_dispatch | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| environment: prod | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v4 | |
| - name: Send discord notification (production server deploy start) | |
| uses: appleboy/discord-action@master | |
| with: | |
| webhook_id: ${{ secrets.SERVER_DEPLOY_DISCORD_WEBHOOK_ID }} | |
| webhook_token: ${{ secrets.SERVER_DEPLOY_DISCORD_WEBHOOK_TOKEN }} | |
| message: | | |
| > **🌈 Server Deployment Start (Production)** | |
| > | |
| > 🛢️ Repository : ${{ github.repository }} | |
| > 🎋 Branch : ${{ github.ref }} | |
| > 🔁 Run Attempt : ${{ github.run_attempt }} | |
| > 🤗 Actor : ${{ github.triggering_actor }} | |
| - name: Get Github Actions IP Addresses | |
| id: publicip | |
| run: | | |
| response=$(curl -s canhazip.com) | |
| echo "ip=$response" >> "$GITHUB_OUTPUT" | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: 'ap-northeast-2' | |
| - name: Add GitHub Actions IP | |
| run: | | |
| aws ec2 authorize-security-group-ingress \ | |
| --group-id ${{ secrets.SECURITY_GROUP_ID }} \ | |
| --protocol tcp \ | |
| --port 22 \ | |
| --cidr ${{ steps.publicip.outputs.ip }}/32 | |
| - name: Install Docker if not present | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ vars.INSTANCE_HOST }} | |
| username: ${{ vars.INSTANCE_USERNAME }} | |
| key: ${{ secrets.INSTANCE_PEM_KEY }} | |
| script: | | |
| if ! command -v docker >/dev/null 2>&1; then | |
| echo "Installing Docker..." | |
| sudo apt-get update | |
| sudo apt-get install -y docker.io | |
| else | |
| echo "Docker already installed." | |
| fi | |
| if ! command -v docker-compose >/dev/null 2>&1; then | |
| echo "Installing Docker Compose..." | |
| sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose | |
| sudo chmod +x /usr/local/bin/docker-compose | |
| else | |
| echo "Docker Compose already installed." | |
| fi | |
| - name: Configuration Env file | |
| uses: appleboy/ssh-action@master | |
| env: | |
| VARS_CONTEXT: ${{ toJson(vars) }} | |
| SECRETS_CONTEXT: ${{ toJson(secrets) }} | |
| with: | |
| host: ${{ vars.INSTANCE_HOST }} | |
| username: ${{ vars.INSTANCE_USERNAME }} | |
| key: ${{ secrets.INSTANCE_PEM_KEY }} | |
| envs: VARS_CONTEXT,SECRETS_CONTEXT | |
| script: | | |
| cd ~/app/docker | |
| jq -s '.[0] * .[1] | del(.INSTANCE_PEM_KEY)' <(echo "$VARS_CONTEXT") <(echo "$SECRETS_CONTEXT") \ | |
| | jq -r 'to_entries | map("\(.key)=\(.value)") | .[]' > .env | |
| - name: Run Docker | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ vars.INSTANCE_HOST }} | |
| username: ${{ vars.INSTANCE_USERNAME }} | |
| key: ${{ secrets.INSTANCE_PEM_KEY }} | |
| script: | | |
| sudo docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} | |
| sudo docker pull public.ecr.aws/f5q3r6m5/idle-prod-ecr:$IMAGE_TAG | |
| if [ $(sudo docker ps -q -f name=caremeet_server_prod) ]; then | |
| sudo docker stop caremeet_server_prod | |
| sudo docker rm caremeet_server_prod | |
| fi | |
| sudo docker run --name caremeet_server_prod --env-file ./app/docker/.env \ | |
| -e SPRING_PROFILES_ACTIVE=prod \ | |
| -d -p 8080:8080 public.ecr.aws/f5q3r6m5/idle-prod-ecr:$IMAGE_TAG | |
| - name: Remove GitHub Actions IP | |
| run: | | |
| aws ec2 revoke-security-group-ingress \ | |
| --group-id ${{ secrets.SECURITY_GROUP_ID }} \ | |
| --protocol tcp \ | |
| --port 22 \ | |
| --cidr ${{ steps.publicip.outputs.ip }}/32 |