Merge pull request #487 from boostcampwm-2024/feat/create-email-worker #92
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: BE Deployment | |
| on: | |
| push: | |
| branches: [main] | |
| paths: ["server/**"] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| packages: write | |
| env: | |
| IMAGE_NAME: ghcr.io/boostcampwm-2024/web05-denamu/server | |
| IMAGE_TAG: sha-${{ github.sha }} | |
| SERVICE: app | |
| ENV_DIR: /var/prod_config/server | |
| ENV_FILE: /var/prod_config/server/.env.prod | |
| COMPOSE_FILE: docker-compose/docker-compose.prod.yml | |
| jobs: | |
| build-and-push: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: QEMU 멀티 아키텍쳐 에뮬레이터 | |
| uses: docker/setup-qemu-action@v3 | |
| - name: Buildx 멀티 아키텍쳐 빌더 | |
| uses: docker/setup-buildx-action@v3 | |
| - name: GHCR 로그인 | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_GITHUB_TOKEN }} | |
| - name: Docker 이미지 Build 및 Push | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: ./server | |
| file: ./server/docker/Dockerfile.prod | |
| push: true | |
| platforms: linux/amd64,linux/arm64 | |
| tags: | | |
| ${{ env.IMAGE_NAME }}:${{ env.IMAGE_TAG }} | |
| ${{ env.IMAGE_NAME }}:latest | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| deploy: | |
| runs-on: [self-hosted, prod] | |
| needs: build-and-push # Build 및 Push가 끝나면 시작 | |
| steps: | |
| - name: 코드 체크아웃 | |
| uses: actions/checkout@v4 | |
| - name: GHCR 로그인 (prod) | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GHCR_GITHUB_TOKEN }} | |
| - name: 환경변수 최신화 | |
| run: | | |
| sudo mkdir -p "$ENV_DIR" | |
| sudo install -m 600 /dev/null "$ENV_FILE" | |
| { | |
| echo "PORT=${{ secrets.PRODUCT_PORT }}" | |
| echo "DB_TYPE=mysql" | |
| echo "DB_DATABASE=${{ secrets.PRODUCT_DB_DATABASE }}" | |
| echo "DB_HOST=${{ secrets.PRODUCT_DB_HOST }}" | |
| echo "DB_PORT=${{ secrets.PRODUCT_DB_PORT }}" | |
| echo "DB_USERNAME=${{ secrets.PRODUCT_DB_USERNAME }}" | |
| echo "DB_PASSWORD=${{ secrets.PRODUCT_DB_PASSWORD }}" | |
| echo "REDIS_HOST=${{ secrets.REDIS_HOST }}" | |
| echo "REDIS_PORT=${{ secrets.REDIS_PORT }}" | |
| echo "REDIS_USERNAME=${{ secrets.REDIS_USERNAME }}" | |
| echo "REDIS_PASSWORD=${{ secrets.REDIS_PASSWORD }}" | |
| echo "EMAIL_USER=${{ secrets.EMAIL_USER }}" | |
| echo "EMAIL_PASSWORD=${{ secrets.EMAIL_PASSWORD }}" | |
| echo "JWT_ACCESS_SECRET=${{ secrets.JWT_ACCESS_SECRET }}" | |
| echo "JWT_REFRESH_SECRET=${{ secrets.JWT_REFRESH_SECRET }}" | |
| echo "REFRESH_TOKEN_EXPIRE=${{ secrets.REFRESH_TOKEN_EXPIRE }}" | |
| echo "ACCESS_TOKEN_EXPIRE=${{ secrets.ACCESS_TOKEN_EXPIRE }}" | |
| echo "GOOGLE_CLIENT_ID=${{ secrets.GOOGLE_CLIENT_ID }}" | |
| echo "GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET }}" | |
| echo "GITHUB_CLIENT_ID=${{ secrets.GIT_CLIENT_ID }}" | |
| echo "GITHUB_CLIENT_SECRET=${{ secrets.GIT_CLIENT_SECRET }}" | |
| echo "RABBITMQ_DEFAULT_USER=${{ secrets.PRODUCT_RABBITMQ_DEFAULT_USER }}" | |
| echo "RABBITMQ_DEFAULT_PASS=${{ secrets.PRODUCT_RABBITMQ_DEFAULT_PASS }}" | |
| echo "RABBITMQ_HOST=${{ secrets.PRODUCT_RABBITMQ_HOST }}" | |
| echo "RABBITMQ_PORT=${{ secrets.PRODUCT_RABBITMQ_PORT }}" | |
| } | sudo tee "$ENV_FILE" >/dev/null | |
| # 인프라용 환경변수 파일 생성 (Redis, MySQL 등) | |
| sudo mkdir -p /var/prod_config/infra | |
| sudo install -m 600 /dev/null /var/prod_config/infra/.env.prod | |
| { | |
| echo "REDIS_USER=${{ secrets.REDIS_USERNAME }}" | |
| echo "REDIS_PASSWORD=${{ secrets.REDIS_PASSWORD }}" | |
| echo "MYSQL_ROOT_PASSWORD=${{ secrets.PRODUCT_DB_PASSWORD }}" | |
| echo "MYSQL_DATABASE=${{ secrets.PRODUCT_DB_DATABASE }}" | |
| echo "MYSQL_USER=${{ secrets.PRODUCT_DB_USERNAME }}" | |
| echo "MYSQL_PASSWORD=${{ secrets.PRODUCT_DB_PASSWORD }}" | |
| echo "RABBITMQ_DEFAULT_USER=${{ secrets.PRODUCT_RABBITMQ_DEFAULT_USER }}" | |
| echo "RABBITMQ_DEFAULT_PASS=${{ secrets.PRODUCT_RABBITMQ_DEFAULT_PASS }}" | |
| echo "RABBITMQ_HOST=${{ secrets.PRODUCT_RABBITMQ_HOST }}" | |
| echo "RABBITMQ_PORT=${{ secrets.PRODUCT_RABBITMQ_PORT }}" | |
| echo "RABBITMQ_MANAGEMENT_PORT=${{ secrets.PRODUCT_RABBITMQ_MANAGEMENT_PORT }}" | |
| } | sudo tee /var/prod_config/infra/.env.prod >/dev/null | |
| - name: Docker 이미지 Pull & 서비스 재시작 | |
| run: | | |
| docker pull "${IMAGE_NAME}:${IMAGE_TAG}" || true | |
| docker pull "${IMAGE_NAME}:latest" || true | |
| docker compose -f "$COMPOSE_FILE" pull "$SERVICE" | |
| docker compose -f "$COMPOSE_FILE" up -d --no-deps --force-recreate "$SERVICE" | |
| docker image prune -f || true |