Merge pull request #14 from AutoLabeling-dotdot/feature/guide-pop-up #6
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy on single dotdot (AWS EC2) | |
| on: | |
| push: | |
| branches: ["develop"] | |
| pull_request: | |
| types: [closed] | |
| branches: ["develop"] | |
| workflow_dispatch: | |
| concurrency: | |
| group: deploy-single | |
| cancel-in-progress: false | |
| jobs: | |
| build-and-push: | |
| name: Build & Push to ECR | |
| runs-on: ubuntu-latest | |
| if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged == true) }} | |
| env: | |
| ECR_REGISTRY: 895409929723.dkr.ecr.ap-northeast-2.amazonaws.com | |
| SERVER_REPO: bytesize/single-dotdot-server | |
| UI_REPO: bytesize/single-dotdot-ui | |
| steps: | |
| - name: Checkout Repository | |
| uses: actions/checkout@v3 | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v3 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ap-northeast-2 | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| # 기존 :latest 이미지를 :rollback으로 retag (안전한 교체 전략) | |
| - name: Retag existing :latest as :rollback | |
| run: | | |
| for REPO in $SERVER_REPO $UI_REPO; do | |
| MANIFEST=$(aws ecr batch-get-image \ | |
| --repository-name "$REPO" \ | |
| --image-ids imageTag=latest \ | |
| --query 'images[0].imageManifest' \ | |
| --output text 2>/dev/null || echo "") | |
| if [ -n "$MANIFEST" ] && [ "$MANIFEST" != "None" ]; then | |
| aws ecr put-image \ | |
| --repository-name "$REPO" \ | |
| --image-tag rollback \ | |
| --image-manifest "$MANIFEST" || true | |
| echo "✅ $REPO :latest → :rollback 완료" | |
| else | |
| echo "⚠️ $REPO 에 기존 :latest 이미지 없음, retag 건너뜀" | |
| fi | |
| done | |
| - name: Build Server Image | |
| run: | | |
| docker build \ | |
| -t $ECR_REGISTRY/$SERVER_REPO:latest \ | |
| -f Dockerfile . | |
| - name: Build UI Image | |
| run: | | |
| docker build \ | |
| --build-arg NGINX_CONF=react_nginx.conf \ | |
| -t $ECR_REGISTRY/$UI_REPO:latest \ | |
| -f Dockerfile.ui . | |
| - name: Push Images to ECR | |
| run: | | |
| docker push $ECR_REGISTRY/$SERVER_REPO:latest | |
| docker push $ECR_REGISTRY/$UI_REPO:latest | |
| echo "✅ 이미지 ECR push 완료" | |
| deploy: | |
| name: Deploy to EC2 | |
| runs-on: ubuntu-latest | |
| needs: build-and-push | |
| env: | |
| ECR_REGISTRY: 895409929723.dkr.ecr.ap-northeast-2.amazonaws.com | |
| SERVER_REPO: bytesize/single-dotdot-server | |
| UI_REPO: bytesize/single-dotdot-ui | |
| CVAT_POSTGRES_PASSWORD: ${{ secrets.CVAT_POSTGRES_PASSWORD }} | |
| steps: | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v3 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ap-northeast-2 | |
| - name: Deploy via SSH | |
| uses: appleboy/ssh-action@v1.2.0 | |
| env: | |
| GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| GH_REPO: ${{ github.repository }} | |
| DEPLOY_PATH: ${{ secrets.PUBLIC_EC2_DEPLOY_PATH }} | |
| CVAT_HOST: ${{ secrets.PUBLIC_EC2_HOST }} | |
| LE_EMAIL: ${{ secrets.PUBLIC_LE_EMAIL }} | |
| with: | |
| host: ${{ secrets.PUBLIC_EC2_HOST }} | |
| username: ${{ secrets.PUBLIC_EC2_USER }} | |
| key: ${{ secrets.PUBLIC_EC2_SSH_KEY }} | |
| envs: GH_TOKEN,GH_REPO,DEPLOY_PATH,CVAT_HOST,LE_EMAIL,CVAT_POSTGRES_PASSWORD | |
| script: | | |
| set -euo pipefail | |
| echo "📂 배포 디렉토리 준비..." | |
| # Git 2.35.2+ 보안 정책: 디렉토리 소유자가 다를 경우 오류 방지 | |
| git config --global --add safe.directory "${DEPLOY_PATH}" | |
| if [ ! -d "${DEPLOY_PATH}/.git" ]; then | |
| echo "📥 최초 배포: 저장소 클론 중..." | |
| git clone https://oauth2:${GH_TOKEN}@github.com/${GH_REPO}.git "${DEPLOY_PATH}" | |
| cd "${DEPLOY_PATH}" | |
| git checkout develop | |
| else | |
| echo "🔄 저장소 업데이트 중..." | |
| cd "${DEPLOY_PATH}" | |
| git fetch origin develop | |
| git checkout develop | |
| git reset --hard origin/develop | |
| fi | |
| # GitHub Secrets에서 주입된 변수들을 docker compose에 전달 | |
| export CVAT_HOST=${CVAT_HOST} | |
| export LE_EMAIL=${LE_EMAIL} | |
| export CVAT_POSTGRES_PASSWORD=${CVAT_POSTGRES_PASSWORD} | |
| echo "⚙️ CVAT_HOST=${CVAT_HOST}" | |
| echo "🔐 ECR 로그인..." | |
| aws ecr get-login-password --region ap-northeast-2 | \ | |
| docker login --username AWS --password-stdin 895409929723.dkr.ecr.ap-northeast-2.amazonaws.com | |
| echo "🐳 최신 이미지 pull..." | |
| docker compose \ | |
| -f docker-compose.yml \ | |
| -f docker-compose.single.yml \ | |
| pull | |
| echo "🚀 서비스 기동..." | |
| docker compose \ | |
| -f docker-compose.yml \ | |
| -f docker-compose.single.yml \ | |
| up -d | |
| echo "✅ 배포 완료!" | |
| # HTTPS로 EC2 내부에서 헬스체크 (--resolve로 DNS 없이 localhost 443 접근) | |
| - name: Health Check | |
| uses: appleboy/ssh-action@v1.2.0 | |
| with: | |
| host: ${{ secrets.PUBLIC_EC2_HOST }} | |
| username: ${{ secrets.PUBLIC_EC2_USER }} | |
| key: ${{ secrets.PUBLIC_EC2_SSH_KEY }} | |
| script: | | |
| echo "⏳ 서비스 초기화 대기 중 (60초)..." | |
| sleep 60 | |
| CVAT_HOST="${{ secrets.PUBLIC_EC2_HOST }}" | |
| for i in $(seq 1 6); do | |
| STATUS=$(curl -sf -o /dev/null -w "%{http_code}" \ | |
| --resolve "${CVAT_HOST}:443:127.0.0.1" \ | |
| "https://${CVAT_HOST}/api/server/about" || echo "000") | |
| if [ "$STATUS" = "200" ]; then | |
| echo "✅ 헬스체크 통과! (HTTPS $STATUS)" | |
| exit 0 | |
| fi | |
| echo "⏳ 시도 $i/6: HTTP $STATUS — 10초 후 재시도..." | |
| sleep 10 | |
| done | |
| echo "❌ 헬스체크 6회 실패" | |
| exit 1 | |
| # 헬스체크 성공 시에만 :rollback 이미지 삭제 | |
| - name: Cleanup :rollback images from ECR | |
| if: success() | |
| run: | | |
| for REPO in $SERVER_REPO $UI_REPO; do | |
| aws ecr batch-delete-image \ | |
| --repository-name "$REPO" \ | |
| --image-ids imageTag=rollback \ | |
| --region ap-northeast-2 2>/dev/null \ | |
| && echo "✅ $REPO:rollback 삭제 완료" \ | |
| || echo "⚠️ $REPO:rollback 이미지 없음, 건너뜀" | |
| done |