Skip to content

Commit 20019b3

Browse files
committed
deploy: main, single 배포 파일 생성 및 변경
1 parent 053ba2d commit 20019b3

File tree

5 files changed

+376
-14
lines changed

5 files changed

+376
-14
lines changed

.github/workflows/deploy-main.yml

Lines changed: 202 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,202 @@
1+
name: Deploy on main dotdot (AWS EC2)
2+
3+
on:
4+
push:
5+
branches: ["main"]
6+
workflow_dispatch:
7+
8+
concurrency:
9+
group: deploy-main
10+
cancel-in-progress: false
11+
12+
jobs:
13+
build-and-push:
14+
name: Build & Push to ECR
15+
runs-on: ubuntu-latest
16+
if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
17+
18+
env:
19+
ECR_REGISTRY: 895409929723.dkr.ecr.ap-northeast-2.amazonaws.com
20+
SERVER_REPO: bytesize/main-dotdot-server
21+
UI_REPO: bytesize/main-dotdot-ui
22+
23+
steps:
24+
- name: Checkout Repository
25+
uses: actions/checkout@v3
26+
27+
- name: Configure AWS Credentials
28+
uses: aws-actions/configure-aws-credentials@v3
29+
with:
30+
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
31+
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
32+
aws-region: ap-northeast-2
33+
34+
- name: Login to Amazon ECR
35+
id: login-ecr
36+
uses: aws-actions/amazon-ecr-login@v2
37+
38+
# 기존 :latest 이미지를 :rollback으로 retag (안전한 교체 전략)
39+
- name: Retag existing :latest as :rollback
40+
run: |
41+
for REPO in $SERVER_REPO $UI_REPO; do
42+
MANIFEST=$(aws ecr batch-get-image \
43+
--repository-name "$REPO" \
44+
--image-ids imageTag=latest \
45+
--query 'images[0].imageManifest' \
46+
--output text 2>/dev/null || echo "")
47+
48+
if [ -n "$MANIFEST" ] && [ "$MANIFEST" != "None" ]; then
49+
aws ecr put-image \
50+
--repository-name "$REPO" \
51+
--image-tag rollback \
52+
--image-manifest "$MANIFEST" || true
53+
echo "✅ $REPO :latest → :rollback 완료"
54+
else
55+
echo "⚠️ $REPO 에 기존 :latest 이미지 없음, retag 건너뜀"
56+
fi
57+
done
58+
59+
- name: Build Server Image
60+
run: |
61+
docker build \
62+
-t $ECR_REGISTRY/$SERVER_REPO:latest \
63+
-f Dockerfile .
64+
65+
- name: Build UI Image
66+
run: |
67+
docker build \
68+
--build-arg NGINX_CONF=react_nginx.conf \
69+
-t $ECR_REGISTRY/$UI_REPO:latest \
70+
-f Dockerfile.ui .
71+
72+
- name: Push Images to ECR
73+
run: |
74+
docker push $ECR_REGISTRY/$SERVER_REPO:latest
75+
docker push $ECR_REGISTRY/$UI_REPO:latest
76+
echo "✅ 이미지 ECR push 완료"
77+
78+
deploy:
79+
name: Deploy to EC2
80+
runs-on: ubuntu-latest
81+
needs: build-and-push
82+
83+
env:
84+
ECR_REGISTRY: 895409929723.dkr.ecr.ap-northeast-2.amazonaws.com
85+
SERVER_REPO: bytesize/main-dotdot-server
86+
UI_REPO: bytesize/main-dotdot-ui
87+
CVAT_POSTGRES_PASSWORD: ${{ secrets.CVAT_POSTGRES_PASSWORD }}
88+
89+
steps:
90+
- name: Configure AWS Credentials
91+
uses: aws-actions/configure-aws-credentials@v3
92+
with:
93+
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
94+
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
95+
aws-region: ap-northeast-2
96+
97+
- name: Deploy via SSH
98+
uses: appleboy/[email protected]
99+
env:
100+
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
101+
GH_REPO: ${{ github.repository }}
102+
DEPLOY_PATH: ${{ secrets.MAIN_EC2_DEPLOY_PATH }}
103+
CVAT_HOST: ${{ secrets.MAIN_EC2_HOST }}
104+
LE_EMAIL: ${{ secrets.MAIN_LE_EMAIL }}
105+
106+
with:
107+
host: ${{ secrets.MAIN_EC2_HOST }}
108+
username: ${{ secrets.MAIN_EC2_USER }}
109+
key: ${{ secrets.MAIN_EC2_SSH_KEY }}
110+
envs: GH_TOKEN,GH_REPO,DEPLOY_PATH,CVAT_HOST,LE_EMAIL,CVAT_POSTGRES_PASSWORD
111+
script: |
112+
set -euo pipefail
113+
114+
echo "📂 배포 디렉토리 준비..."
115+
116+
# Git 2.35.2+ 보안 정책: 디렉토리 소유자가 다를 경우 오류 방지
117+
git config --global --add safe.directory "${DEPLOY_PATH}"
118+
119+
if [ ! -d "${DEPLOY_PATH}/.git" ]; then
120+
echo "📥 최초 배포: 저장소 클론 중..."
121+
git clone https://oauth2:${GH_TOKEN}@github.com/${GH_REPO}.git "${DEPLOY_PATH}"
122+
cd "${DEPLOY_PATH}"
123+
git checkout develop
124+
else
125+
echo "🔄 저장소 업데이트 중..."
126+
cd "${DEPLOY_PATH}"
127+
git fetch origin develop
128+
git checkout develop
129+
git reset --hard origin/develop
130+
fi
131+
# GitHub Secrets에서 주입된 변수들을 docker compose에 전달
132+
export CVAT_HOST=${CVAT_HOST}
133+
export LE_EMAIL=${LE_EMAIL}
134+
export CVAT_POSTGRES_PASSWORD=${CVAT_POSTGRES_PASSWORD}
135+
echo "⚙️ CVAT_HOST=${CVAT_HOST}"
136+
137+
echo "🔐 ECR 로그인..."
138+
aws ecr get-login-password --region ap-northeast-2 | \
139+
docker login --username AWS --password-stdin 895409929723.dkr.ecr.ap-northeast-2.amazonaws.com
140+
141+
echo "🐳 최신 이미지 pull..."
142+
docker compose \
143+
-f docker-compose.yml \
144+
-f docker-compose.single.yml \
145+
pull
146+
147+
echo "🗄️ DB 마이그레이션 실행..."
148+
# init subcommand: DB 연결 대기 + migrate + redis migrate 자동 처리
149+
docker compose \
150+
-f docker-compose.yml \
151+
-f docker-compose.single.yml \
152+
run --rm cvat_server init
153+
154+
echo "🚀 서비스 기동..."
155+
docker compose \
156+
-f docker-compose.yml \
157+
-f docker-compose.single.yml \
158+
up -d
159+
160+
echo "✅ 배포 완료!"
161+
162+
# HTTPS로 EC2 내부에서 헬스체크 (--resolve로 DNS 없이 localhost 443 접근)
163+
- name: Health Check
164+
uses: appleboy/[email protected]
165+
with:
166+
host: ${{ secrets.MAIN_EC2_HOST }}
167+
username: ${{ secrets.MAIN_EC2_USER }}
168+
key: ${{ secrets.MAIN_EC2_SSH_KEY }}
169+
script: |
170+
echo "⏳ 서비스 초기화 대기 중 (60초)..."
171+
sleep 60
172+
173+
CVAT_HOST="${{ secrets.MAIN_EC2_HOST }}"
174+
175+
for i in $(seq 1 6); do
176+
STATUS=$(curl -sf -o /dev/null -w "%{http_code}" \
177+
--resolve "${CVAT_HOST}:443:127.0.0.1" \
178+
"https://${CVAT_HOST}/api/server/about" || echo "000")
179+
180+
if [ "$STATUS" = "200" ]; then
181+
echo "✅ 헬스체크 통과! (HTTPS $STATUS)"
182+
exit 0
183+
fi
184+
echo "⏳ 시도 $i/6: HTTP $STATUS — 10초 후 재시도..."
185+
sleep 10
186+
done
187+
188+
echo "❌ 헬스체크 6회 실패"
189+
exit 1
190+
191+
# 헬스체크 성공 시에만 :rollback 이미지 삭제
192+
- name: Cleanup :rollback images from ECR
193+
if: success()
194+
run: |
195+
for REPO in $SERVER_REPO $UI_REPO; do
196+
aws ecr batch-delete-image \
197+
--repository-name "$REPO" \
198+
--image-ids imageTag=rollback \
199+
--region ap-northeast-2 2>/dev/null \
200+
&& echo "✅ $REPO:rollback 삭제 완료" \
201+
|| echo "⚠️ $REPO:rollback 이미지 없음, 건너뜀"
202+
done

.github/workflows/deploy-single.yml

Lines changed: 11 additions & 14 deletions
Original file line numberDiff line numberDiff line change
@@ -3,9 +3,6 @@ name: Deploy on single dotdot (AWS EC2)
33
on:
44
push:
55
branches: ["develop"]
6-
pull_request:
7-
types: [closed]
8-
branches: ["develop"]
96
workflow_dispatch:
107

118
concurrency:
@@ -16,7 +13,7 @@ jobs:
1613
build-and-push:
1714
name: Build & Push to ECR
1815
runs-on: ubuntu-latest
19-
if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' || (github.event_name == 'pull_request' && github.event.pull_request.merged == true) }}
16+
if: ${{ github.event_name == 'push' || github.event_name == 'workflow_dispatch' }}
2017

2118
env:
2219
ECR_REGISTRY: 895409929723.dkr.ecr.ap-northeast-2.amazonaws.com
@@ -102,14 +99,14 @@ jobs:
10299
env:
103100
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
104101
GH_REPO: ${{ github.repository }}
105-
DEPLOY_PATH: ${{ secrets.PUBLIC_EC2_DEPLOY_PATH }}
106-
CVAT_HOST: ${{ secrets.PUBLIC_EC2_HOST }}
107-
LE_EMAIL: ${{ secrets.PUBLIC_LE_EMAIL }}
102+
DEPLOY_PATH: ${{ secrets.SINGLE_EC2_DEPLOY_PATH }}
103+
CVAT_HOST: ${{ secrets.SINGLE_EC2_HOST }}
104+
LE_EMAIL: ${{ secrets.SINGLE_LE_EMAIL }}
108105

109106
with:
110-
host: ${{ secrets.PUBLIC_EC2_HOST }}
111-
username: ${{ secrets.PUBLIC_EC2_USER }}
112-
key: ${{ secrets.PUBLIC_EC2_SSH_KEY }}
107+
host: ${{ secrets.SINGLE_EC2_HOST }}
108+
username: ${{ secrets.SINGLE_EC2_USER }}
109+
key: ${{ secrets.SINGLE_EC2_SSH_KEY }}
113110
envs: GH_TOKEN,GH_REPO,DEPLOY_PATH,CVAT_HOST,LE_EMAIL,CVAT_POSTGRES_PASSWORD
114111
script: |
115112
set -euo pipefail
@@ -166,14 +163,14 @@ jobs:
166163
- name: Health Check
167164
uses: appleboy/[email protected]
168165
with:
169-
host: ${{ secrets.PUBLIC_EC2_HOST }}
170-
username: ${{ secrets.PUBLIC_EC2_USER }}
171-
key: ${{ secrets.PUBLIC_EC2_SSH_KEY }}
166+
host: ${{ secrets.SINGLE_EC2_HOST }}
167+
username: ${{ secrets.SINGLE_EC2_USER }}
168+
key: ${{ secrets.SINGLE_EC2_SSH_KEY }}
172169
script: |
173170
echo "⏳ 서비스 초기화 대기 중 (60초)..."
174171
sleep 60
175172
176-
CVAT_HOST="${{ secrets.PUBLIC_EC2_HOST }}"
173+
CVAT_HOST="${{ secrets.SINGLE_EC2_HOST }}"
177174
178175
for i in $(seq 1 6); do
179176
STATUS=$(curl -sf -o /dev/null -w "%{http_code}" \

0 commit comments

Comments
 (0)