2222 steps :
2323 - uses : actions/checkout@v4
2424
25- # 사전 점검
25+ # --- 사전 진단 ---
2626 - name : Assert AWS_ROLE_TO_ASSUME is set
2727 run : |
2828 test -n "${{ secrets.AWS_ROLE_TO_ASSUME }}" || { echo "Missing secret: AWS_ROLE_TO_ASSUME"; exit 1; }
3535 fi
3636 echo "OIDC token endpoint detected"
3737
38- # OIDC로 AWS 자격 구성
38+ # --- OIDC로 AWS 자격 구성 ---
3939 - name : Configure AWS credentials (OIDC)
4040 uses : aws-actions/configure-aws-credentials@v4
4141 with :
@@ -48,10 +48,15 @@ jobs:
4848 acct=$(aws sts get-caller-identity --query Account --output text)
4949 [ "$acct" = "782683897698" ] || { echo "Assumed wrong account: $acct" && exit 1; }
5050
51- # ECR 로그인 + 빌드/푸시
52- - id : login-ecr
51+ # --- ECR 로그인 & 빌드/푸시 ---
52+ - name : Login to Amazon ECR
53+ id : login-ecr
5354 uses : aws-actions/amazon-ecr-login@v2
5455
56+ - name : Assert ECR registry output
57+ run : |
58+ test -n "${{ steps.login-ecr.outputs.registry }}" || { echo "ECR registry output is empty. Check login-ecr step id."; exit 1; }
59+
5560uses : docker/setup-buildx-action@v3
5661
5762 - name : Build & Push to ECR
@@ -61,10 +66,13 @@ jobs:
6166 platforms : linux/amd64
6267 push : true
6368 tags : |
64- ${{ steps.ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ github.sha }}
65- ${{ steps.ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:latest
69+ ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ github.sha }}
70+ ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:latest
71+ labels : |
72+ org.opencontainers.image.revision=${{ github.sha }}
73+ org.opencontainers.image.source=${{ github.repository }}
6674
67- # 태스크 정의 렌더 & 배포
75+ # --- ECS 태스크 정의 렌더 & 배포 ---
6876 - name : Set image output
6977 id : image
7078 run : |
8593 service : ${{ env.ECS_SERVICE }}
8694 cluster : ${{ env.ECS_CLUSTER }}
8795 wait-for-service-stability : true
88-
0 commit comments