CI / CD 파이프라인 구축 (#1)

* scc-admin-frontend helm chart 옮겨오기

* docker image build & push 스크립트 작성

* CI / CD 파이프라인을 위한 github action workflow 추가

* 빌드 테스트

* port 올바르게 수정

* 테스트를 위한 설정 롤백

* README.md 업데이트

.github/workflows/dev-ci-cd.yaml

@@ -0,0 +1,81 @@
+name: dev-ci-cd
+on:
+  push:
+    branches:
+      - main
+  workflow_dispatch: # for manual trigger
+
+permissions:
+  id-token: write
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Setup Node
+        uses: actions/setup-node@v3
+        with:
+          node-version: 20
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: arn:aws:iam::291889421067:role/github-action-ci-cd
+          aws-region: ap-northeast-2
+
+      - name: Build and Push Image
+        run: ./docker-push.sh dev
+
+      - name: Notify CI failure to slack
+        if: failure()
+        run: |
+          CURRENT_GITHUB_ACTION_RUN_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+          curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"[DEV] Admin Frontend CI failed. <!subteam^S052B9W7129> (<$CURRENT_GITHUB_ACTION_RUN_URL|github action run url>)\"}" ${{ secrets.SLACK_URL_SCC_SERVER_CHANNEL }} -v
+
+  cd:
+    runs-on: ubuntu-latest
+    needs:
+      - ci
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Install kubeconfig
+        env:
+          SCC_K3S_KUBECONFIG: ${{ secrets.SCC_K3S_KUBECONFIG }}
+        run: |
+          mkdir -p ~/.kube && echo "$SCC_K3S_KUBECONFIG" > ~/.kube/config
+
+      - uses: azure/setup-helm@v1
+        with:
+          version: '3.8.2'
+        id: install-helm
+
+      - uses: azure/setup-kubectl@v3
+        with:
+           version: 'v1.24.1'
+        id: install-kubectl
+
+      - name: Upgrade scc-admin-frontend helm chart
+        working-directory: helm-chart/scc-admin-frontend
+        run: |
+          helm upgrade --install --namespace dev -f values-dev.yaml scc-admin-frontend ./
+
+      - name: Restart deploy/scc-admin-frontend # tag를 latest-rc로 고정해서 사용하기 때문에 helm upgrade --install만 해서는 새 버전의 이미지가 배포되지 않는다. 따라서 강제로 rollout을 해준다.
+        run: |
+          kubectl rollout restart deploy/scc-admin-frontend -n dev
+
+      - name: Notify CD failure to slack
+        if: failure()
+        run: |
+          CURRENT_GITHUB_ACTION_RUN_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+          curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"[DEV] scc-admin-frontend deployment failed. <!subteam^S052B9W7129> (<$CURRENT_GITHUB_ACTION_RUN_URL|github action run url>)\"}" ${{ secrets.SLACK_URL_SCC_SERVER_CHANNEL }} -v
+
+      - name: Notify CD success to slack
+        if: success()
+        run: |
+          CURRENT_GITHUB_ACTION_RUN_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+          curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"[DEV] scc-admin-frontend with latest version is deployed!\"}" ${{ secrets.SLACK_URL_SCC_SERVER_CHANNEL }} -v

.github/workflows/prod-ci-cd.yaml

@@ -0,0 +1,124 @@
+name: prod-ci-cd
+on:
+  push:
+    tags:
+      - '[0-9]+.[0-9]+.[0-9]+' # Follow semantic versioning
+      - '[0-9]+.[0-9]+.[0-9]+-hotfix[0-9]' # For hotfix
+  workflow_dispatch: # for manual trigger
+
+permissions:
+  contents: write
+  id-token: write
+
+jobs:
+  ci:
+    runs-on: ubuntu-latest
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set RELEASE_VERSION
+        run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+
+      - name: Setup Node
+        uses: actions/setup-node@v3
+        with:
+          node-version: 20
+
+      - name: Configure AWS Credentials
+        uses: aws-actions/configure-aws-credentials@v2
+        with:
+          role-to-assume: arn:aws:iam::291889421067:role/github-action-ci-cd
+          aws-region: ap-northeast-2
+
+      - name: Build and Push Image
+        run: ./docker-push.sh live $RELEASE_VERSION
+
+      - name: Notify CD failure to slack
+        if: failure()
+        run: |
+          CURRENT_GITHUB_ACTION_RUN_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+          curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"[PROD] Admin Frontend CI failed. <!subteam^S052B9W7129> (<$CURRENT_GITHUB_ACTION_RUN_URL|github action run url>)\"}" ${{ secrets.SLACK_URL_SCC_SERVER_CHANNEL }} -v
+
+  cd:
+    runs-on: ubuntu-latest
+    needs:
+      - ci
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set RELEASE_VERSION
+        run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+
+      - name: Install kubeconfig
+        env:
+          SCC_K3S_KUBECONFIG: ${{ secrets.SCC_K3S_KUBECONFIG }}
+        run: |
+          mkdir -p ~/.kube && echo "$SCC_K3S_KUBECONFIG" > ~/.kube/config
+
+      - uses: azure/setup-helm@v1
+        with:
+          version: '3.8.2'
+        id: install-helm
+
+      - uses: azure/setup-kubectl@v3
+        with:
+           version: 'v1.24.1'
+        id: install-kubectl
+
+      - name: Update image tag for scc-admin-frontend
+        uses: mikefarah/yq@master
+        with:
+          cmd: yq -i '.image.tag = strenv(RELEASE_VERSION)' 'infra/helm/scc-admin-frontend/values-prod.yaml'
+
+      - name: Upgrade scc-admin-frontend helm chart
+        working-directory: helm-chart/scc-admin-frontend
+        run: |
+          helm upgrade --install --namespace scc -f values-prod.yaml scc-admin-frontend ./
+
+      - name: Notify CD failure to slack
+        if: failure()
+        run: |
+          CURRENT_GITHUB_ACTION_RUN_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+          curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"[PROD] scc-admin-frontend deployment failed. <!subteam^S052B9W7129> (<$CURRENT_GITHUB_ACTION_RUN_URL|github action run url>)\"}" ${{ secrets.SLACK_URL_SCC_SERVER_CHANNEL }} -v
+
+      - name: Set RELEASE_VERSION
+        run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+
+      - name: Notify CD success to slack
+        if: success()
+        run: |
+          echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}"
+          CURRENT_GITHUB_ACTION_RUN_URL="${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+          curl -X POST -H 'Content-type: application/json' --data "{\"text\":\"[PROD] scc-admin-frontend version $RELEASE_VERSION is deployed!\"}" ${{ secrets.SLACK_URL_SCC_SERVER_CHANNEL }} -v
+
+  update-main-branch:
+    runs-on: ubuntu-latest
+    needs:
+      - cd
+
+    steps:
+      - uses: actions/checkout@v3
+
+      - name: Set RELEASE_VERSION
+        run: echo "RELEASE_VERSION=${GITHUB_REF#refs/*/}" >> $GITHUB_ENV
+
+      - uses: actions/checkout@v3
+        with:
+          ref: refs/heads/main
+          token: ${{ secrets.STAIRCRUSHERCLUB_ACCOUNT_GH_TOKEN }}
+
+      - name: Update image tag for scc-admin-frontend
+        uses: mikefarah/yq@master
+        with:
+          cmd: yq -i '.image.tag = strenv(RELEASE_VERSION)' 'helm-chart/scc-admin-frontend/values-prod.yaml'
+
+      - name: Commit and push image tag for main branch
+        run: |
+          git config --global user.email "[email protected]"
+          git config --global user.name "Stair-Crusher-Club"
+          git diff
+          git add .
+          git commit -m "[skip ci] Prod deploy: $RELEASE_VERSION"
+          git push

README.md

@@ -28,3 +28,7 @@ pnpm dev
 ### 로컬 실행
 
 `pnpm dev`를 통해 로컬에서 실행한 경우, 3066 포트를 사용합니다. [http://localhost:3066](http://localhost:3066)
+
+### 배포
+- DEV - main 브랜치에 커밋될 때마다 자동으로 배포됩니다.
+- PROD - `a.b.c` 형식의 git tag를 푸시하면 해당 tag가 달린 커밋 기준으로 푸시됩니다.

docker-push.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+set -e
+
+if [[ $1 != "dev" && $1 != "live" ]]; then
+  echo 'Usage: ./docker-push.sh (dev|live) [<release-version>]; <release-version> is "latest" by default'
+  exit 0
+fi;
+
+IMAGE_TAG="${2:-"latest"}"
+if [[ $1 = "dev" ]]; then
+  IMAGE_TAG="$IMAGE_TAG-rc"
+fi;
+
+aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws/q0g6g7m8
+
+docker buildx build --platform linux/amd64 -t public.ecr.aws/i6n1n6v2/scc-admin-frontend:$IMAGE_TAG --build-arg="NEXT_PUBLIC_DEPLOY_TYPE=$1" .
+docker push public.ecr.aws/i6n1n6v2/scc-admin-frontend:$IMAGE_TAG

helm-chart/scc-admin-frontend/.helmignore

@@ -0,0 +1,23 @@
+# Patterns to ignore when building packages.
+# This supports shell glob matching, relative path matching, and
+# negation (prefixed with !). Only one pattern per line.
+.DS_Store
+# Common VCS dirs
+.git/
+.gitignore
+.bzr/
+.bzrignore
+.hg/
+.hgignore
+.svn/
+# Common backup files
+*.swp
+*.bak
+*.tmp
+*.orig
+*~
+# Various IDEs
+.project
+.idea/
+*.tmproj
+.vscode/

helm-chart/scc-admin-frontend/Chart.yaml

@@ -0,0 +1,24 @@
+apiVersion: v2
+name: scc-admin-frontend
+description: A Helm chart for Kubernetes
+
+# A chart can be either an 'application' or a 'library' chart.
+#
+# Application charts are a collection of templates that can be packaged into versioned archives
+# to be deployed.
+#
+# Library charts provide useful utilities or functions for the chart developer. They're included as
+# a dependency of application charts to inject those utilities and functions into the rendering
+# pipeline. Library charts do not define any templates and therefore cannot be deployed.
+type: application
+
+# This is the chart version. This version number should be incremented each time you make changes
+# to the chart and its templates, including the app version.
+# Versions are expected to follow Semantic Versioning (https://semver.org/)
+version: 0.1.0
+
+# This is the version number of the application being deployed. This version number should be
+# incremented each time you make changes to the application. Versions are not expected to
+# follow Semantic Versioning. They should reflect the version the application is using.
+# It is recommended to use it with quotes.
+appVersion: "1.16.0"

helm-chart/scc-admin-frontend/templates/NOTES.txt

@@ -0,0 +1,22 @@
+1. Get the application URL by running these commands:
+{{- if .Values.ingress.enabled }}
+{{- range $host := .Values.ingress.hosts }}
+  {{- range .paths }}
+  http{{ if $.Values.ingress.tls }}s{{ end }}://{{ $host.host }}{{ .path }}
+  {{- end }}
+{{- end }}
+{{- else if contains "NodePort" .Values.service.type }}
+  export NODE_PORT=$(kubectl get --namespace {{ .Release.Namespace }} -o jsonpath="{.spec.ports[0].nodePort}" services {{ include "scc-admin-frontend.fullname" . }})
+  export NODE_IP=$(kubectl get nodes --namespace {{ .Release.Namespace }} -o jsonpath="{.items[0].status.addresses[0].address}")
+  echo http://$NODE_IP:$NODE_PORT
+{{- else if contains "LoadBalancer" .Values.service.type }}
+     NOTE: It may take a few minutes for the LoadBalancer IP to be available.
+           You can watch the status of by running 'kubectl get --namespace {{ .Release.Namespace }} svc -w {{ include "scc-admin-frontend.fullname" . }}'
+  export SERVICE_IP=$(kubectl get svc --namespace {{ .Release.Namespace }} {{ include "scc-admin-frontend.fullname" . }} --template "{{"{{ range (index .status.loadBalancer.ingress 0) }}{{.}}{{ end }}"}}")
+  echo http://$SERVICE_IP:{{ .Values.service.port }}
+{{- else if contains "ClusterIP" .Values.service.type }}
+  export POD_NAME=$(kubectl get pods --namespace {{ .Release.Namespace }} -l "app.kubernetes.io/name={{ include "scc-admin-frontend.name" . }},app.kubernetes.io/instance={{ .Release.Name }}" -o jsonpath="{.items[0].metadata.name}")
+  export CONTAINER_PORT=$(kubectl get pod --namespace {{ .Release.Namespace }} $POD_NAME -o jsonpath="{.spec.containers[0].ports[0].containerPort}")
+  echo "Visit http://127.0.0.1:8080 to use your application"
+  kubectl --namespace {{ .Release.Namespace }} port-forward $POD_NAME 8080:$CONTAINER_PORT
+{{- end }}

helm-chart/scc-admin-frontend/templates/_helpers.tpl

@@ -0,0 +1,62 @@
+{{/*
+Expand the name of the chart.
+*/}}
+{{- define "scc-admin-frontend.name" -}}
+{{- default .Chart.Name .Values.nameOverride | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Create a default fully qualified app name.
+We truncate at 63 chars because some Kubernetes name fields are limited to this (by the DNS naming spec).
+If release name contains chart name it will be used as a full name.
+*/}}
+{{- define "scc-admin-frontend.fullname" -}}
+{{- if .Values.fullnameOverride }}
+{{- .Values.fullnameOverride | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- $name := default .Chart.Name .Values.nameOverride }}
+{{- if contains $name .Release.Name }}
+{{- .Release.Name | trunc 63 | trimSuffix "-" }}
+{{- else }}
+{{- printf "%s-%s" .Release.Name $name | trunc 63 | trimSuffix "-" }}
+{{- end }}
+{{- end }}
+{{- end }}
+
+{{/*
+Create chart name and version as used by the chart label.
+*/}}
+{{- define "scc-admin-frontend.chart" -}}
+{{- printf "%s-%s" .Chart.Name .Chart.Version | replace "+" "_" | trunc 63 | trimSuffix "-" }}
+{{- end }}
+
+{{/*
+Common labels
+*/}}
+{{- define "scc-admin-frontend.labels" -}}
+helm.sh/chart: {{ include "scc-admin-frontend.chart" . }}
+{{ include "scc-admin-frontend.selectorLabels" . }}
+{{- if .Chart.AppVersion }}
+app.kubernetes.io/version: {{ .Chart.AppVersion | quote }}
+{{- end }}
+app.kubernetes.io/managed-by: {{ .Release.Service }}
+{{- end }}
+
+{{/*
+Selector labels
+*/}}
+{{- define "scc-admin-frontend.selectorLabels" -}}
+app.kubernetes.io/name: {{ include "scc-admin-frontend.name" . }}
+app.kubernetes.io/instance: {{ .Release.Name }}
+{{- end }}
+
+{{/*
+Create the name of the service account to use
+*/}}
+{{- define "scc-admin-frontend.serviceAccountName" -}}
+{{- if .Values.serviceAccount.create }}
+{{- default (include "scc-admin-frontend.fullname" .) .Values.serviceAccount.name }}
+{{- else }}
+{{- default "default" .Values.serviceAccount.name }}
+{{- end }}
+{{- end }}