배포테스트 7차

nerdboi123 · nerdboi123 · commit 6ca0e00baa98 · 2025-09-07T01:39:00.000+09:00
diff --git a/.github/workflows/deploy-purchase-to-ecs.yml b/.github/workflows/deploy-purchase-to-ecs.yml
@@ -22,41 +22,37 @@ jobs:
     steps:
       - uses: actions/checkout@v4
 
-      # --- 사전 진단 ---
       - name: Assert AWS_ROLE_TO_ASSUME is set
         run: |
           test -n "${{ secrets.AWS_ROLE_TO_ASSUME }}" || { echo "Missing secret: AWS_ROLE_TO_ASSUME"; exit 1; }
-          echo "Secret is set (value hidden)"
 
-      - name: Check OIDC availability
-        run: |
-          if [ -z "${ACTIONS_ID_TOKEN_REQUEST_URL}" ]; then
-            echo "No OIDC token available. Add 'permissions: id-token: write'."; exit 1;
-          fi
-          echo "OIDC token endpoint detected"
-
-      # --- OIDC로 AWS 자격 구성 ---
       - name: Configure AWS credentials (OIDC)
         uses: aws-actions/configure-aws-credentials@v4
         with:
           role-to-assume: ${{ secrets.AWS_ROLE_TO_ASSUME }}
           aws-region: ${{ env.AWS_REGION }}
 
       - name: Verify assumed identity
+        run: aws sts get-caller-identity
+
+      # --- 여기서 task-def 파일의 컨테이너 이름을 출력/검증 ---
+      - name: Show task definition & container names
         run: |
-          aws sts get-caller-identity
-          acct=$(aws sts get-caller-identity --query Account --output text)
-          [ "$acct" = "782683897698" ] || { echo "Assumed wrong account: $acct" && exit 1; }
+          echo "---- task-def path ----"
+          ls -la .github/ecs
+          echo "---- names ----"
+          jq -r '.containerDefinitions[].name' .github/ecs/task-definition.json
+
+      - name: Assert container name matches
+        run: |
+          name=$(jq -r '.containerDefinitions[0].name' .github/ecs/task-definition.json)
+          echo "taskdef: $name / expected: $CONTAINER_NAME"
+          test "$name" = "$CONTAINER_NAME" || (echo "Mismatch! Fix container name in task-definition.json or CONTAINER_NAME env." && exit 1)
 
-      # --- ECR 로그인 & 빌드/푸시 ---
       - name: Login to Amazon ECR
         id: login-ecr
         uses: aws-actions/amazon-ecr-login@v2
 
-      - name: Assert ECR registry output
-        run: |
-          test -n "${{ steps.login-ecr.outputs.registry }}" || { echo "ECR registry output is empty. Check login-ecr step id."; exit 1; }
-
       - uses: docker/setup-buildx-action@v3
 
       - name: Build & Push to ECR
@@ -68,11 +64,7 @@ jobs:
           tags: |
             ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ github.sha }}
             ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:latest
-          labels: |
-            org.opencontainers.image.revision=${{ github.sha }}
-            org.opencontainers.image.source=${{ github.repository }}
 
-      # --- ECS 태스크 정의 렌더 & 배포 ---
       - name: Set image output
         id: image
         run: |
