|
| 1 | +name: Deploy on main dotdot (AWS EC2) |
| 2 | + |
| 3 | +on: |
| 4 | + push: |
| 5 | + branches: ["main"] |
| 6 | + workflow_dispatch: |
| 7 | + |
| 8 | +concurrency: |
| 9 | + group: deploy-main |
| 10 | + cancel-in-progress: false |
| 11 | + |
| 12 | +jobs: |
| 13 | + build-and-push: |
| 14 | + name: Build & Push to ECR |
| 15 | + runs-on: ubuntu-latest |
| 16 | + if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }} |
| 17 | + |
| 18 | + env: |
| 19 | + ECR_REGISTRY: 895409929723.dkr.ecr.ap-northeast-2.amazonaws.com |
| 20 | + SERVER_REPO: bytesize/main-dotdot-server |
| 21 | + UI_REPO: bytesize/main-dotdot-ui |
| 22 | + |
| 23 | + steps: |
| 24 | + - name: Checkout Repository |
| 25 | + uses: actions/checkout@v3 |
| 26 | + |
| 27 | + - name: Configure AWS Credentials |
| 28 | + uses: aws-actions/configure-aws-credentials@v3 |
| 29 | + with: |
| 30 | + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} |
| 31 | + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |
| 32 | + aws-region: ap-northeast-2 |
| 33 | + |
| 34 | + - name: Login to Amazon ECR |
| 35 | + id: login-ecr |
| 36 | + uses: aws-actions/amazon-ecr-login@v2 |
| 37 | + |
| 38 | + # 기존 :latest 이미지를 :rollback으로 retag (안전한 교체 전략) |
| 39 | + - name: Retag existing :latest as :rollback |
| 40 | + run: | |
| 41 | + for REPO in $SERVER_REPO $UI_REPO; do |
| 42 | + MANIFEST=$(aws ecr batch-get-image \ |
| 43 | + --repository-name "$REPO" \ |
| 44 | + --image-ids imageTag=latest \ |
| 45 | + --query 'images[0].imageManifest' \ |
| 46 | + --output text 2>/dev/null || echo "") |
| 47 | +
|
| 48 | + if [ -n "$MANIFEST" ] && [ "$MANIFEST" != "None" ]; then |
| 49 | + aws ecr put-image \ |
| 50 | + --repository-name "$REPO" \ |
| 51 | + --image-tag rollback \ |
| 52 | + --image-manifest "$MANIFEST" || true |
| 53 | + echo "✅ $REPO :latest → :rollback 완료" |
| 54 | + else |
| 55 | + echo "⚠️ $REPO 에 기존 :latest 이미지 없음, retag 건너뜀" |
| 56 | + fi |
| 57 | + done |
| 58 | +
|
| 59 | + - name: Build Server Image |
| 60 | + run: | |
| 61 | + docker build \ |
| 62 | + -t $ECR_REGISTRY/$SERVER_REPO:latest \ |
| 63 | + -f Dockerfile . |
| 64 | +
|
| 65 | + - name: Build UI Image |
| 66 | + run: | |
| 67 | + docker build \ |
| 68 | + --build-arg NGINX_CONF=react_nginx.conf \ |
| 69 | + -t $ECR_REGISTRY/$UI_REPO:latest \ |
| 70 | + -f Dockerfile.ui . |
| 71 | +
|
| 72 | + - name: Push Images to ECR |
| 73 | + run: | |
| 74 | + docker push $ECR_REGISTRY/$SERVER_REPO:latest |
| 75 | + docker push $ECR_REGISTRY/$UI_REPO:latest |
| 76 | + echo "✅ 이미지 ECR push 완료" |
| 77 | +
|
| 78 | + deploy: |
| 79 | + name: Deploy to EC2 |
| 80 | + runs-on: ubuntu-latest |
| 81 | + needs: build-and-push |
| 82 | + |
| 83 | + env: |
| 84 | + ECR_REGISTRY: 895409929723.dkr.ecr.ap-northeast-2.amazonaws.com |
| 85 | + SERVER_REPO: bytesize/main-dotdot-server |
| 86 | + UI_REPO: bytesize/main-dotdot-ui |
| 87 | + CVAT_POSTGRES_PASSWORD: ${{ secrets.CVAT_POSTGRES_PASSWORD }} |
| 88 | + |
| 89 | + steps: |
| 90 | + - name: Configure AWS Credentials |
| 91 | + uses: aws-actions/configure-aws-credentials@v3 |
| 92 | + with: |
| 93 | + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} |
| 94 | + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} |
| 95 | + aws-region: ap-northeast-2 |
| 96 | + |
| 97 | + - name: Deploy via SSH |
| 98 | + |
| 99 | + env: |
| 100 | + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} |
| 101 | + GH_REPO: ${{ github.repository }} |
| 102 | + DEPLOY_PATH: ${{ secrets.MAIN_EC2_DEPLOY_PATH }} |
| 103 | + CVAT_HOST: ${{ secrets.MAIN_EC2_HOST }} |
| 104 | + LE_EMAIL: ${{ secrets.MAIN_LE_EMAIL }} |
| 105 | + |
| 106 | + with: |
| 107 | + host: ${{ secrets.MAIN_EC2_HOST }} |
| 108 | + username: ${{ secrets.MAIN_EC2_USER }} |
| 109 | + key: ${{ secrets.MAIN_EC2_SSH_KEY }} |
| 110 | + envs: GH_TOKEN,GH_REPO,DEPLOY_PATH,CVAT_HOST,LE_EMAIL,CVAT_POSTGRES_PASSWORD |
| 111 | + script: | |
| 112 | + set -euo pipefail |
| 113 | +
|
| 114 | + echo "📂 배포 디렉토리 준비..." |
| 115 | +
|
| 116 | + # Git 2.35.2+ 보안 정책: 디렉토리 소유자가 다를 경우 오류 방지 |
| 117 | + git config --global --add safe.directory "${DEPLOY_PATH}" |
| 118 | +
|
| 119 | + if [ ! -d "${DEPLOY_PATH}/.git" ]; then |
| 120 | + echo "📥 최초 배포: 저장소 클론 중..." |
| 121 | + git clone https://oauth2:${GH_TOKEN}@github.com/${GH_REPO}.git "${DEPLOY_PATH}" |
| 122 | + cd "${DEPLOY_PATH}" |
| 123 | + git checkout develop |
| 124 | + else |
| 125 | + echo "🔄 저장소 업데이트 중..." |
| 126 | + cd "${DEPLOY_PATH}" |
| 127 | + git fetch origin develop |
| 128 | + git checkout develop |
| 129 | + git reset --hard origin/develop |
| 130 | + fi |
| 131 | + # GitHub Secrets에서 주입된 변수들을 docker compose에 전달 |
| 132 | + export CVAT_HOST=${CVAT_HOST} |
| 133 | + export LE_EMAIL=${LE_EMAIL} |
| 134 | + export CVAT_POSTGRES_PASSWORD=${CVAT_POSTGRES_PASSWORD} |
| 135 | + echo "⚙️ CVAT_HOST=${CVAT_HOST}" |
| 136 | +
|
| 137 | + echo "🔐 ECR 로그인..." |
| 138 | + aws ecr get-login-password --region ap-northeast-2 | \ |
| 139 | + docker login --username AWS --password-stdin 895409929723.dkr.ecr.ap-northeast-2.amazonaws.com |
| 140 | +
|
| 141 | + echo "🐳 최신 이미지 pull..." |
| 142 | + docker compose \ |
| 143 | + -f docker-compose.yml \ |
| 144 | + -f docker-compose.single.yml \ |
| 145 | + pull |
| 146 | +
|
| 147 | + echo "🗄️ DB 마이그레이션 실행..." |
| 148 | + # init subcommand: DB 연결 대기 + migrate + redis migrate 자동 처리 |
| 149 | + docker compose \ |
| 150 | + -f docker-compose.yml \ |
| 151 | + -f docker-compose.single.yml \ |
| 152 | + run --rm cvat_server init |
| 153 | +
|
| 154 | + echo "🚀 서비스 기동..." |
| 155 | + docker compose \ |
| 156 | + -f docker-compose.yml \ |
| 157 | + -f docker-compose.single.yml \ |
| 158 | + up -d |
| 159 | +
|
| 160 | + echo "✅ 배포 완료!" |
| 161 | +
|
| 162 | + # HTTPS로 EC2 내부에서 헬스체크 (--resolve로 DNS 없이 localhost 443 접근) |
| 163 | + - name: Health Check |
| 164 | + |
| 165 | + with: |
| 166 | + host: ${{ secrets.MAIN_EC2_HOST }} |
| 167 | + username: ${{ secrets.MAIN_EC2_USER }} |
| 168 | + key: ${{ secrets.MAIN_EC2_SSH_KEY }} |
| 169 | + script: | |
| 170 | + echo "⏳ 서비스 초기화 대기 중 (60초)..." |
| 171 | + sleep 60 |
| 172 | +
|
| 173 | + CVAT_HOST="${{ secrets.MAIN_EC2_HOST }}" |
| 174 | +
|
| 175 | + for i in $(seq 1 6); do |
| 176 | + STATUS=$(curl -sf -o /dev/null -w "%{http_code}" \ |
| 177 | + --resolve "${CVAT_HOST}:443:127.0.0.1" \ |
| 178 | + "https://${CVAT_HOST}/api/server/about" || echo "000") |
| 179 | +
|
| 180 | + if [ "$STATUS" = "200" ]; then |
| 181 | + echo "✅ 헬스체크 통과! (HTTPS $STATUS)" |
| 182 | + exit 0 |
| 183 | + fi |
| 184 | + echo "⏳ 시도 $i/6: HTTP $STATUS — 10초 후 재시도..." |
| 185 | + sleep 10 |
| 186 | + done |
| 187 | +
|
| 188 | + echo "❌ 헬스체크 6회 실패" |
| 189 | + exit 1 |
| 190 | +
|
| 191 | + # 헬스체크 성공 시에만 :rollback 이미지 삭제 |
| 192 | + - name: Cleanup :rollback images from ECR |
| 193 | + if: success() |
| 194 | + run: | |
| 195 | + for REPO in $SERVER_REPO $UI_REPO; do |
| 196 | + aws ecr batch-delete-image \ |
| 197 | + --repository-name "$REPO" \ |
| 198 | + --image-ids imageTag=rollback \ |
| 199 | + --region ap-northeast-2 2>/dev/null \ |
| 200 | + && echo "✅ $REPO:rollback 삭제 완료" \ |
| 201 | + || echo "⚠️ $REPO:rollback 이미지 없음, 건너뜀" |
| 202 | + done |
0 commit comments