Github Actions .env 파일 갱신 방식 개선 #13
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to GCP | |
| on: | |
| pull_request: | |
| types: [closed] | |
| branches: [ main, dev ] | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| image-digest: ${{ steps.build.outputs.digest }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '21' | |
| distribution: 'temurin' | |
| - name: Cache Gradle packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| - name: Grant execute permission for gradlew | |
| run: chmod +x gradlew | |
| # 테스트 실행 (테스트 코드 완성 시 주석 해제) | |
| # - name: Run tests | |
| # run: ./gradlew test | |
| - name: Build with Gradle | |
| run: | | |
| echo "Building commit: ${{ github.sha }}" | |
| echo "Building from repository: ${{ github.repository }}" | |
| ./gradlew clean bootjar -Pprofile=prod | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Build and push Docker image | |
| id: build | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./Dockerfile | |
| push: true | |
| tags: | | |
| ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE_NAME }}:latest | |
| ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE_NAME }}:${{ github.sha }} | |
| ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE_NAME }}:dev-${{ github.run_number }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| - name: Verify build completion | |
| run: | | |
| echo "Build completed successfully!" | |
| echo "Image digest: ${{ steps.build.outputs.digest }}" | |
| echo "Pushed tags:" | |
| echo " - ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE_NAME }}:latest" | |
| echo " - ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE_NAME }}:${{ github.sha }}" | |
| echo " - ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE_NAME }}:dev-${{ github.run_number }}" | |
| deploy: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Deploy to GCP Instance | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ secrets.GCP_HOST }} | |
| username: ${{ secrets.GCP_USERNAME }} | |
| key: ${{ secrets.GCP_SSH_PRIVATE_KEY }} | |
| port: 22 | |
| script: | | |
| cd $HOME/project | |
| echo "Updating .env file with latest Secret Manager values..." | |
| # 오류 발생 시 즉시 종료 | |
| set -e | |
| # .env 파일 백업 | |
| cp .env .env.backup.$(date +%Y%m%d_%H%M%S) | |
| # 임시 파일 생성 | |
| NEW_ENV=$(mktemp) | |
| # # Secret Manager 관련 라인들 제거 | |
| # sed -i '/^DB_URL=/d' .env | |
| # sed -i '/^JWT_SECRET=/d' .env | |
| # sed -i '/^GOOGLE_CLIENT_ID=/d' .env | |
| # sed -i '/^GOOGLE_CLIENT_SECRET=/d' .env | |
| # sed -i '/^GOOGLE_API_KEY=/d' .env | |
| # sed -i '/^GOOGLE_CALENDAR_REDIRECT_URI=/d' .env | |
| # sed -i '/^OAUTH_REDIRECT_URI=/d' .env | |
| # sed -i '/^KAKAO_CLIENT_ID=/d' .env | |
| # sed -i '/^KAKAO_CLIENT_SECRET=/d' .env | |
| # sed -i '/^KAKAO_API_KEY=/d' .env | |
| # sed -i '/^ZOOM_ACCOUNT_ID=/d' .env | |
| # sed -i '/^ZOOM_CLIENT_ID=/d' .env | |
| # sed -i '/^ZOOM_CLIENT_SECRET=/d' .env | |
| # sed -i '/^GCP_IP=/d' .env | |
| # sed -i '/^FRONT_DOMAIN_A=/d' .env | |
| # sed -i '/^FRONT_DOMAIN_B=/d' .env | |
| # sed -i '/^FRONT_CALLBACK=/d' .env | |
| # sed -i '/^REDIS_HOST=/d' .env | |
| # sed -i '/^REDIS_PORT=/d' .env | |
| # Secret Manager에서 최신 값들을 가져와서 임시 파일에 추가 | |
| echo "DB_URL=$(gcloud secrets versions access latest --secret='db-url')" >> $NEW_ENV | |
| echo "JWT_SECRET=$(gcloud secrets versions access latest --secret='jwt-secret')" >> $NEW_ENV | |
| echo "GOOGLE_CLIENT_ID=$(gcloud secrets versions access latest --secret='google-client-id')" >> $NEW_ENV | |
| echo "GOOGLE_CLIENT_SECRET=$(gcloud secrets versions access latest --secret='google-client-secret')" >> $NEW_ENV | |
| echo "GOOGLE_API_KEY=$(gcloud secrets versions access latest --secret='google-api-key')" >> .env | |
| echo "GOOGLE_CALENDAR_REDIRECT_URI=$(gcloud secrets versions access latest --secret='google-calendar-redirect-uri')" >> $NEW_ENV | |
| echo "OAUTH_REDIRECT_URI=$(gcloud secrets versions access latest --secret='oauth-redirect-uri')" >> $NEW_ENV | |
| echo "KAKAO_CLIENT_ID=$(gcloud secrets versions access latest --secret='kakao-client-id')" >> $NEW_ENV | |
| echo "KAKAO_CLIENT_SECRET=$(gcloud secrets versions access latest --secret='kakao-client-secret')" >> $NEW_ENV | |
| echo "KAKAO_API_KEY=$(gcloud secrets versions access latest --secret='kakao-api-key')" >> $NEW_ENV | |
| echo "ZOOM_ACCOUNT_ID=$(gcloud secrets versions access latest --secret='zoom-account-id')" >> $NEW_ENV | |
| echo "ZOOM_CLIENT_ID=$(gcloud secrets versions access latest --secret='zoom-client-id')" >> $NEW_ENV | |
| echo "ZOOM_CLIENT_SECRET=$(gcloud secrets versions access latest --secret='zoom-client-secret')" >> $NEW_ENV | |
| echo "GCP_IP=$(gcloud secrets versions access latest --secret='gcp-ip')" >> $NEW_ENV | |
| echo "FRONT_DOMAIN_A=$(gcloud secrets versions access latest --secret='front-domain-A')" >> $NEW_ENV | |
| echo "FRONT_DOMAIN_B=$(gcloud secrets versions access latest --secret='front-domain-B')" >> $NEW_ENV | |
| echo "FRONT_CALLBACK=$(gcloud secrets versions access latest --secret='front-callback')" >> $NEW_ENV | |
| echo "REDIS_HOST=$(gcloud secrets versions access latest --secret='redis-host')" >> $NEW_ENV | |
| echo "REDIS_PORT=$(gcloud secrets versions access latest --secret='redis-port')" >> $NEW_ENV | |
| # 기존 .env 교체 | |
| mv "$NEW_ENV" .env | |
| echo "Updated Secret Manager Values successfully" | |
| echo "Stopping existing containers..." | |
| sudo docker-compose down || true | |
| echo "Cleaning up old images..." | |
| sudo docker image prune -f | |
| sudo docker rmi ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE_NAME }}:latest || true | |
| sudo docker system prune -f || true | |
| echo "Pulling latest image..." | |
| sudo docker pull ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE_NAME }}:latest --disable-content-trust | |
| echo "Starting containers with updated configuration..." | |
| sudo docker-compose up -d | |
| echo "Container status:" | |
| sudo docker-compose ps | |
| echo "Waiting for application to start..." | |
| sleep 15 | |
| echo "Recent logs:" | |
| sudo docker-compose logs --tail=30 | |
| echo "=== Deployed Image Info ===" | |
| sudo docker images | grep ${{ secrets.DOCKER_IMAGE_NAME }} | |
| echo "=== Container Info ===" | |
| sudo docker ps | grep ittaeok | |
| echo "=== Environment Variables Verification ===" | |
| sudo docker exec ittaeok env | grep -E "(DB_URL|JWT_SECRET|REDIS_HOST)" | head -3 | |
| - name: Deployment completed | |
| run: | | |
| echo "Deployment completed successfully" | |
| echo "Deployed commit: ${{ github.sha }}" | |
| echo "Repository: ${{ github.repository }}" | |
| echo "Secret Manager values automatically updated" |