chore: root pw 제거 #133
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to ECR and EC2 | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| env: | |
| AWS_REGION: ap-northeast-2 | |
| ECR_REPOSITORY: wishpool-repo # ★ AWS ECR에 만들어둔 리포지토리 이름 | |
| jobs: | |
| # 1. 빌드해서 ECR에 올리기 | |
| build-and-push: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| - name: Build with Gradle | |
| run: | | |
| chmod +x gradlew | |
| ./gradlew clean build -x test | |
| # AWS 자격증명 설정 (ECR 접속용) | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v4 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| # ECR 로그인 | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v2 | |
| # 도커 빌드 & 푸시 (태그: latest) | |
| - name: Build, tag, and push image to Amazon ECR | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| run: | | |
| docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:latest . | |
| docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest | |
| # 2. 서버에 접속해서 실행하기 | |
| deploy: | |
| needs: build-and-push | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| # [★추가됨] 1. 폴더가 없으면 먼저 만들기 (이게 있어야 안전합니다) | |
| - name: Create directory | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.AWS_HOST }} | |
| username: ${{ secrets.AWS_USERNAME }} | |
| key: ${{ secrets.EC2_SSH_KEY }} | |
| script: mkdir -p ~/wishpool | |
| # 2. 그 만들어진 폴더에 파일 전송 | |
| - name: Copy docker-compose to server | |
| uses: appleboy/scp-action@master | |
| with: | |
| host: ${{ secrets.AWS_HOST }} | |
| username: ${{ secrets.AWS_USERNAME }} | |
| key: ${{ secrets.EC2_SSH_KEY }} | |
| source: "docker-compose.yml" | |
| target: "~/wishpool" # 이제 폴더가 확실히 있으니 여기 안으로 쏙 들어갑니다. | |
| # 3. 접속해서 실행 | |
| - name: SSH to Server and Deploy | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.AWS_HOST }} | |
| username: ${{ secrets.AWS_USERNAME }} | |
| key: ${{ secrets.EC2_SSH_KEY }} | |
| script: | | |
| # 폴더가 있으니 이동 가능! | |
| cd ~/wishpool | |
| # 1. ECR 로그인 | |
| aws ecr get-login-password --region ${{ env.AWS_REGION }} | docker login --username AWS --password-stdin ${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com | |
| # 2. .env 파일 생성 | |
| cat << EOF > .env | |
| IMAGE_FULL_PATH=${{ secrets.AWS_ACCOUNT_ID }}.dkr.ecr.${{ env.AWS_REGION }}.amazonaws.com/${{ env.ECR_REPOSITORY }}:latest | |
| HOST_PORT=8000 | |
| UPLOAD_PATH=/etc/var/www/wishpool | |
| DB_NAME=wishpool | |
| DB_USER_PROD=${{ secrets.DB_USER_PROD }} | |
| DB_PROD_PASSWORD=${{ secrets.DB_PROD_PASSWORD }} | |
| DB_PROD_PORT=3306 | |
| DB_URL_PROD=jdbc:mysql://wishpool-db:3306/wishpool?serverTimezone=Asia/Seoul&useSSL=false&allowPublicKeyRetrieval=true | |
| OAUTH2_KAKAO=${{ secrets.OAUTH2_KAKAO }} | |
| OAUTH2_REDIRECT_URL_PROD=${{ secrets.OAUTH2_REDIRECT_URL_PROD }} | |
| JWT_SECRET=${{ secrets.JWT_SECRET }} | |
| DISCORD_WEBHOOK=${{ secrets.DISCORD_WEBHOOK }} | |
| IMAGE_URL=${{ secrets.IMAGE_URL }} | |
| EOF | |
| # 3. 실행 | |
| docker compose pull | |
| docker compose up -d | |
| docker image prune -f |