#45 fix: nginx 필수 블록 추가 #7
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI/CD Pipeline | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| - feature/** | |
| workflow_dispatch: | |
| jobs: | |
| frontend: | |
| name: Build & Push Frontend | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ap-northeast-2 | |
| - name: Login to Amazon ECR | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Build Docker image and push to AWS ECR | |
| run: | | |
| cd frontend | |
| docker build -t frontend-service . | |
| docker tag frontend-service:latest ${{ secrets.AWS_ECR_FRONTEND_REPOSITORY }}:latest | |
| docker push ${{ secrets.AWS_ECR_FRONTEND_REPOSITORY }}:latest | |
| backend: | |
| name: Build & Push Backend | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ap-northeast-2 | |
| - name: Login to AWS ECR | |
| run: | | |
| ECR_URL="${{ secrets.AWS_ECR_REPOSITORY }}" | |
| echo "Logging into AWS ECR: $ECR_URL" | |
| aws ecr get-login-password --region ap-northeast-2 | docker login --username AWS --password-stdin $ECR_URL | |
| - name: Build Docker image and push to AWS ECR | |
| run: | | |
| cd backend | |
| docker build -t backend-service . | |
| docker tag backend-service:latest ${{ secrets.AWS_ECR_REPOSITORY }}:latest | |
| docker push ${{ secrets.AWS_ECR_REPOSITORY }}:latest | |
| deploy: | |
| name: Deploy to EC2 | |
| runs-on: ubuntu-latest | |
| needs: [frontend, backend] | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Get GitHub Actions Public IP | |
| id: ip | |
| uses: haythem/public-ip@v1.3 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ap-northeast-2 | |
| - name: Authorize GitHub IP | |
| run: | | |
| aws ec2 authorize-security-group-ingress \ | |
| --group-id ${{ secrets.AWS_SECURITY_GROUP_ID }} \ | |
| --protocol tcp \ | |
| --port 22 \ | |
| --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
| - name: Deploy to EC2 with docker-compose | |
| uses: appleboy/ssh-action@v0.1.10 | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ${{ secrets.EC2_USERNAME }} | |
| key: ${{ secrets.EC2_SSH_PRIVATE_KEY }} | |
| script: | | |
| cd /home/${{ secrets.EC2_USERNAME }}/postdm | |
| echo "Logging in to ECR..." | |
| aws ecr get-login-password --region ap-northeast-2 | docker login --username AWS --password-stdin ${{ secrets.AWS_ECR_REPOSITORY }} | |
| aws ecr get-login-password --region ap-northeast-2 | docker login --username AWS --password-stdin ${{ secrets.AWS_ECR_FRONTEND_REPOSITORY }} | |
| echo "Updating .env file" | |
| cat <<EOF > .env | |
| MYSQL_URL=${{ secrets.MYSQL_URL }} | |
| MYSQL_USERNAME=${{ secrets.MYSQL_USERNAME }} | |
| MYSQL_PASSWORD=${{ secrets.MYSQL_PASSWORD }} | |
| MYSQL_ROOT_PASSWORD=${{ secrets.MYSQL_ROOT_PASSWORD }} | |
| MYSQL_DATABASE=${{ secrets.MYSQL_DATABASE }} | |
| SPRING_PROFILES_ACTIVE=${{ secrets.SPRING_PROFILES_ACTIVE }} | |
| JWT_SECRET=${{ secrets.JWT_SECRET }} | |
| JWT_EXPIRATION=${{ secrets.JWT_EXPIRATION }} | |
| JWT_EXPIREDMS=${{ secrets.JWT_EXPIREDMS }} | |
| JWT_REFRESHEDMS=${{ secrets.JWT_REFRESHEDMS }} | |
| SPRING_MAIL_HOST=${{ secrets.SPRING_MAIL_HOST }} | |
| SPRING_MAIL_PORT=${{ secrets.SPRING_MAIL_PORT }} | |
| SPRING_MAIL_USERNAME=${{ secrets.SPRING_MAIL_USERNAME }} | |
| SPRING_MAIL_PASSWORD=${{ secrets.SPRING_MAIL_PASSWORD }} | |
| EOF | |
| echo "Pulling latest images..." | |
| docker compose pull | |
| echo "Starting containers..." | |
| docker compose up -d --force-recreate | |
| - name: Revoke GitHub IP | |
| if: always() | |
| run: | | |
| aws ec2 revoke-security-group-ingress \ | |
| --group-id ${{ secrets.AWS_SECURITY_GROUP_ID }} \ | |
| --protocol tcp \ | |
| --port 22 \ | |
| --cidr ${{ steps.ip.outputs.ipv4 }}/32 |