Update README.md #54
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy Backend to EC2 | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - develop | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Get GitHub Actions Public IP | |
| id: ip | |
| uses: haythem/public-ip@v1.3 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ap-northeast-2 | |
| - name: Add GitHub Actions IP to EC2 security group | |
| run: | | |
| echo "Authorizing IP ${{ steps.ip.outputs.ipv4 }}" | |
| aws ec2 authorize-security-group-ingress \ | |
| --group-id ${{ secrets.AWS_SECURITY_GROUP_ID }} \ | |
| --protocol tcp \ | |
| --port 22 \ | |
| --cidr ${{ steps.ip.outputs.ipv4 }}/32 | |
| - name: Login to AWS ECR | |
| run: | | |
| ECR_URL="${{ secrets.AWS_ECR_REPOSITORY }}" | |
| echo "Logging into AWS ECR: $ECR_URL" | |
| aws ecr get-login-password --region ap-northeast-2 | docker login --username AWS --password-stdin $ECR_URL | |
| - name: Build Docker image and push to AWS ECR | |
| run: | | |
| cd backend | |
| docker build -t backend-service . | |
| docker tag backend-service:latest ${{ secrets.AWS_ECR_REPOSITORY }}:latest | |
| docker push ${{ secrets.AWS_ECR_REPOSITORY }}:latest | |
| - name: Logout from AWS ECR | |
| run: | | |
| docker logout ${{ secrets.AWS_ECR_REPOSITORY }} | |
| echo "Logged out from AWS ECR." | |
| - name: Copy backend directory to EC2 | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ${{ secrets.EC2_USERNAME }} | |
| key: ${{ secrets.EC2_SSH_PRIVATE_KEY }} | |
| port: 22 | |
| source: "backend/*,docker-compose.yml" | |
| target: "/home/${{ secrets.EC2_USERNAME }}/backend" | |
| - name: Deploy to EC2 via SSH | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.EC2_HOST }} | |
| username: ${{ secrets.EC2_USERNAME }} | |
| key: ${{ secrets.EC2_SSH_PRIVATE_KEY }} | |
| port: ${{ secrets.PORT }} | |
| script: | | |
| cd /home/${{ secrets.EC2_USERNAME }}/backend | |
| aws ecr get-login-password --region ap-northeast-2 | docker login --username AWS --password-stdin ${{ secrets.AWS_ECR_REPOSITORY }} | |
| echo "PULLING LATEST IMAGE..." | |
| docker pull ${{ secrets.AWS_ECR_REPOSITORY }}:latest | |
| echo "STOPPING AND REMOVING EXISTING CONTAINERS..." | |
| sudo docker compose down --remove-orphans || true | |
| echo "REMOVING UNUSED DOCKER IMAGES..." | |
| docker image rm ${{ secrets.AWS_ECR_REPOSITORY }}:latest || true | |
| echo "UPDATING .env FILE..." | |
| cat <<EOF > .env | |
| MYSQL_URL=${{ secrets.MYSQL_URL }} | |
| MYSQL_USERNAME=${{ secrets.MYSQL_USERNAME }} | |
| MYSQL_PASSWORD=${{ secrets.MYSQL_PASSWORD }} | |
| MYSQL_ROOT_PASSWORD=${{ secrets.MYSQL_ROOT_PASSWORD }} | |
| MYSQL_DATABASE=${{ secrets.MYSQL_DATABASE }} | |
| SPRING_PROFILES_ACTIVE=${{ secrets.SPRING_PROFILES_ACTIVE }} | |
| JWT_SECRET=${{ secrets.JWT_SECRET }} | |
| JWT_EXPIRATION=${{ secrets.JWT_EXPIRATION }} | |
| JWT_EXPIREDMS=${{ secrets.JWT_EXPIREDMS }} | |
| JWT_REFRESHEDMS=${{ secrets.JWT_REFRESHEDMS }} | |
| SPRING_MAIL_HOST=${{ secrets.SPRING_MAIL_HOST }} | |
| SPRING_MAIL_PORT=${{ secrets.SPRING_MAIL_PORT }} | |
| SPRING_MAIL_USERNAME=${{ secrets.SPRING_MAIL_USERNAME }} | |
| SPRING_MAIL_PASSWORD=${{ secrets.SPRING_MAIL_PASSWORD }} | |
| EOF | |
| echo "STARTING NEW CONTAINER..." | |
| sudo docker compose up -d --force-recreate | |
| echo "✅ DEPLOYMENT COMPLETE!" | |
| - name: Remove GitHub Actions IP from EC2 security group | |
| if: always() | |
| run: | | |
| echo "Revoking IP ${{ steps.ip.outputs.ipv4 }}" | |
| aws ec2 revoke-security-group-ingress \ | |
| --group-id ${{ secrets.AWS_SECURITY_GROUP_ID }} \ | |
| --protocol tcp \ | |
| --port 22 \ | |
| --cidr ${{ steps.ip.outputs.ipv4 }}/32 |