Merge pull request #139 from Central-MakeUs/dev

deploy: 배포 스크립트 수정

Author: HamJina

.github/workflows/deploy.yml

@@ -1,4 +1,4 @@
-name: Deploy To EC2 (Blue-Green via SSM)
+name: Deploy To EC2 (Blue-Green via Bastion)
 
 on:
   push:
@@ -8,10 +8,12 @@ permissions:
   contents: read
 
 jobs:
+  # 1️⃣ BUILD JOB
   build:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v4
+
       - uses: actions/setup-java@v4
         with:
           distribution: temurin
@@ -42,80 +44,105 @@ jobs:
           docker tag forday:latest 839983937363.dkr.ecr.ap-northeast-2.amazonaws.com/forday:latest
           docker push 839983937363.dkr.ecr.ap-northeast-2.amazonaws.com/forday:latest
 
+  # 2️⃣ DEPLOY JOB
   deploy:
     needs: build
     runs-on: ubuntu-latest
     steps:
-      - name: Configure AWS Credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-region: ap-northeast-2
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+      - name: Configure SSH (Bastion → Private)
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+
+          cat <<EOF >> ~/.ssh/config
+          Host bastion
+            HostName ${{ secrets.BASTION_HOST }}
+            User ubuntu
+            IdentityFile ~/.ssh/id_rsa
+            StrictHostKeyChecking no
+
+          Host private
+            HostName ${{ secrets.EC2_PRIVATE_HOST }}
+            User ubuntu
+            IdentityFile ~/.ssh/id_rsa
+            ProxyJump bastion
+            StrictHostKeyChecking no
+          EOF
 
-      - name: Blue-Green Deploy via SSM
+      - name: Blue-Green Deploy
         run: |
-          COMMAND_ID=$(aws ssm send-command \
-            --document-name "AWS-RunShellScript" \
-            --instance-ids "${{ secrets.EC2_INSTANCE_ID }}" \
-            --parameters '{
-              "commands": [
-                "set -e",
-                "ENV_FILE=/etc/nginx/conf.d/service-env.inc",
-                "if [ ! -f $ENV_FILE ]; then sudo sh -c \"printf '\''set \\$service_url blue;'\'' > $ENV_FILE\"; fi",
+          ssh private << 'EOF'
+            set -e
           
-                "if grep -q \"green\" $ENV_FILE; then TARGET=\"blue\"; TARGET_PORT=8080; OLD_TARGET=\"green\"; else TARGET=\"green\"; TARGET_PORT=8081; OLD_TARGET=\"blue\"; fi",
+            echo "▶ Detect current upstream from nginx env file"
+            if [ -f /etc/nginx/conf.d/service-env.inc ]; then
+              CURRENT_VAL=$(grep -oP '(?<=set \$service_url ).*(?=;)' /etc/nginx/conf.d/service-env.inc || echo "blue")
+            else
+              CURRENT_VAL="blue"
+            fi
           
-                "echo \"▶ 배포 시작: $TARGET (포트: $TARGET_PORT)\"",
-                "aws ecr get-login-password --region ap-northeast-2 | docker login --username AWS --password-stdin 839983937363.dkr.ecr.ap-northeast-2.amazonaws.com",
-                "docker pull 839983937363.dkr.ecr.ap-northeast-2.amazonaws.com/forday:latest",
+            echo "현재 서비스 상태: $CURRENT_VAL"
           
-                "docker stop $TARGET || true",
-                "docker rm $TARGET || true",
-                "docker run -d --name $TARGET --restart=always -e SPRING_PROFILES_ACTIVE=$TARGET -p $TARGET_PORT:8080 -e SPRING_DATA_REDIS_HOST=172.17.0.1 -e SPRING_DATA_REDIS_PORT=6379 839983937363.dkr.ecr.ap-northeast-2.amazonaws.com/forday:latest",
+            if [ "$CURRENT_VAL" = "blue" ]; then
+              TARGET="green"
+              TARGET_PORT=8081
+              OLD_TARGET="blue"
+            else
+              TARGET="blue"
+              TARGET_PORT=8080
+              OLD_TARGET="green"
+            fi
           
-                "echo \"▶ 헬스 체크 시작...\"",
-                "HEALTH_OK=false",
-                "for i in {1..20}; do",
-                "  # curl 실패 시에도 스크립트가 중단되지 않도록 || true 추가",
-                "  HTTP_CODE=$(curl -s -o /dev/null -w \"%{http_code}\" http://localhost:$TARGET_PORT/health_check || echo \"000\")",
-                "  if [ \"$HTTP_CODE\" = \"200\" ] || [ \"$HTTP_CODE\" = \"401\" ]; then",
-                "    echo \"✅ 서비스 응답 확인 (코드: $HTTP_CODE)\"",
-                "    HEALTH_OK=true",
-                "    break",
-                "  fi",
-                "  echo \"대기 중... ($i/20) 응답: $HTTP_CODE\"",
-                "  sleep 10",
-                "done",
+            echo "▶ Deploy target: $TARGET (port: $TARGET_PORT)"
+            echo "▶ Old container: $OLD_TARGET"
           
-                "if [ \"$HEALTH_OK\" = \"true\" ]; then",
-                "  echo \"▶ Nginx 스위칭 실행\"",
-                "  sudo sh -c \"printf '\''set \\$service_url $TARGET;'\'' > $ENV_FILE\"",
-                "  sudo nginx -t && sudo nginx -s reload",
-                "  echo \"▶ 이전 컨테이너 정리\"",
-                "  docker stop $OLD_TARGET || true",
-                "  docker rm $OLD_TARGET || true",
-                "  docker image prune -af",
-                "  echo \"✅ 배포 성공: $TARGET\"",
-                "else",
-                "  echo \"❌ 헬스 체크 최종 실패\"",
-                "  docker logs --tail 50 $TARGET",
-                "  exit 1",
-                "fi"
-              ]
-            }' --query "Command.CommandId" --output text)
-
-          echo "Command ID: $COMMAND_ID"
-
-          # EC2 내부 실행 완료 대기
-          aws ssm wait command-executed --command-id "$COMMAND_ID" --instance-id "${{ secrets.EC2_INSTANCE_ID }}" || true
-
-          # 상세 로그 출력 (스위칭 여부 확인용)
-          aws ssm list-command-invocations --command-id "$COMMAND_ID" --details --query "CommandInvocations[0].CommandPlugins[0].Output" --output text
+            # ECR 로그인
+            aws ecr get-login-password --region ap-northeast-2 | docker login --username AWS --password-stdin 839983937363.dkr.ecr.ap-northeast-2.amazonaws.com
+          
+            echo "▶ Pull image"
+            docker pull 839983937363.dkr.ecr.ap-northeast-2.amazonaws.com/forday:latest
+          
+            echo "▶ Stop & remove current $TARGET (if exists)"
+            docker stop $TARGET || true
+            docker rm $TARGET || true
+          
+            echo "▶ Run new $TARGET"
+            docker run -d \
+              --name $TARGET \
+              --restart=always \
+              -e SPRING_PROFILES_ACTIVE=$TARGET \
+              -p $TARGET_PORT:8080 \
+              -e SPRING_DATA_REDIS_HOST=172.17.0.1 \
+              -e SPRING_DATA_REDIS_PORT=6379 \
+              839983937363.dkr.ecr.ap-northeast-2.amazonaws.com/forday:latest
+          
+            echo "▶ Health Check"
+            for i in {1..20}; do
+              if curl -sf http://localhost:$TARGET_PORT/health_check; then
+                echo "Health OK"
+                HEALTH_OK=true
+                break
+              fi
+              echo "Waiting... ($i/20)"
+              sleep 5
+            done
+          
+            if [ "$HEALTH_OK" != "true" ]; then
+              echo "❌ Health check failed. Rollback."
+              docker logs $TARGET
+              exit 1
+            fi
+          
+            echo "▶ Switching Nginx upstream to $TARGET"
+            echo "set \$service_url $TARGET;" | sudo tee /etc/nginx/conf.d/service-env.inc
+          
+            sudo nginx -t
+            sudo nginx -s reload
+          
+            echo "▶ Stopping OLD container: $OLD_TARGET"
+            docker stop $OLD_TARGET || true
+            docker rm $OLD_TARGET || true
           
-          # 최종 상태 확인
-          FINAL_STATUS=$(aws ssm get-command-invocation --command-id "$COMMAND_ID" --instance-id "${{ secrets.EC2_INSTANCE_ID }}" --query "Status" --output text)
-          if [ "$FINAL_STATUS" != "Success" ]; then
-            echo "Deployment failed with status: $FINAL_STATUS"
-            exit 1
-          fi
+            echo "✅ Deployment complete. Now running: $TARGET"
+          EOF