From 38fc390afb29663c6a6bda40d419f56638789f76 Mon Sep 17 00:00:00 2001 From: BYEONGRYEOL Date: Thu, 12 Sep 2024 08:41:48 +0900 Subject: [PATCH 1/2] =?UTF-8?q?Update:=20#158=20=EA=B0=9C=EB=B0=9C?= =?UTF-8?q?=EC=84=9C=EB=B2=84=20private=20subnet=20=EC=9D=B4=EB=8F=99?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/cicd-ec2.yml | 146 +++++++++++++++++++++------------ .gitignore | 1 + 2 files changed, 93 insertions(+), 54 deletions(-) diff --git a/.github/workflows/cicd-ec2.yml b/.github/workflows/cicd-ec2.yml index 4dadd61f..08e2c59c 100644 --- a/.github/workflows/cicd-ec2.yml +++ b/.github/workflows/cicd-ec2.yml @@ -10,7 +10,9 @@ on: env: AWS_REGION: ap-northeast-2 S3_BUCKET_NAME: genti-deploy + S3_BUCKET_NAME_STAGING: genti-staging CODE_DEPLOY_APPLICATION_NAME: genti + CODE_DEPLOY_APPLICATION_NAME_STAGING: genti-dev permissions: contents: read @@ -105,13 +107,13 @@ jobs: run: | chmod +x ./gradlew ./gradlew clean build -x test + - - - name: Get Github action IP - if: contains(github.ref, 'staging') - id: ip - uses: haythem/public-ip@v1.2 - + # - name: Get Github action IP + # if: contains(github.ref, 'staging') + # id: ip + # uses: haythem/public-ip@v1.2 + # - name: Setting environment variables run: | echo "AWS_DEFAULT_REGION=ap-northeast-2" >> $GITHUB_ENV @@ -123,14 +125,14 @@ jobs: aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ap-northeast-2 - - name: Add Github Actions IP to Security group - if: contains(github.ref, 'staging') - run: | - aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: ap-northeast-2 + # - name: Add Github Actions IP to Security group + # if: contains(github.ref, 'staging') + # run: | + # aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 + # env: + # AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + # AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + # AWS_DEFAULT_REGION: ap-northeast-2 - name: Login to aws ECR @@ -148,6 +150,15 @@ jobs: docker build -f ./Dockerfile_deploy -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG + - name: Build, tag, and push image to aws ECR + if: contains(github.ref, 'staging') + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + ECR_REPOSITORY: genti-staging + IMAGE_TAG: latest + run: | + docker build -f ./Dockerfile_deploy -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . + docker push $ECR_REGISTRY/$ECR_REPOSITORY: - name: Upload docker-compose, appspec, afterInstall file to S3 if: contains(github.ref, 'main') @@ -169,16 +180,36 @@ jobs: # Clean up the temporary directory rm -rf temp_dir - - name: Upload docker compose file to staging server + - name: Upload docker-compose, appspec, afterInstall file to S3 if: contains(github.ref, 'staging') - uses: appleboy/scp-action@master - with: - host: ${{ secrets.HOST_STAGING }} - username: ubuntu - key: ${{ secrets.EC2_KEY }} - port: 22 - source: "./docker/staging/*" - target: "/home/ubuntu/workspace/" + run: | + # Create a temporary directory for the zip contents + mkdir -p temp_dir/scripts + cp -r ./scripts/* temp_dir/scripts/ + cp appspec.yml temp_dir/ + cp ./docker/staging/docker-compose.yml temp_dir/docker-compose.yml + + # Navigate to the temporary directory and create the zip file + cd temp_dir + zip -r ../$GITHUB_SHA.zip ./* + + # Move back to the initial directory and upload the zip file to S3 + cd .. + aws s3 cp --region ap-northeast-2 ./$GITHUB_SHA.zip s3://S3_BUCKET_NAME_STAGING + + # Clean up the temporary directory + rm -rf temp_dir + + # - name: Upload docker compose file to staging server + # if: contains(github.ref, 'staging') + # uses: appleboy/scp-action@master + # with: + # host: ${{ secrets.HOST_STAGING }} + # username: ubuntu + # key: ${{ secrets.EC2_KEY }} + # port: 22 + # source: "./docker/staging/*" + # target: "/home/ubuntu/workspace/" # docker build & push to deploy server - name: Deploy to EC2 with CodeDeploy @@ -189,38 +220,45 @@ jobs: --deployment-group-name ${{ secrets.CODE_DEPLOY_DEPLOYMENT_GROUP_NAME }} \ --s3-location bucket=$S3_BUCKET_NAME,key=$GITHUB_SHA.zip,bundleType=zip - # docker build & push to staging - - name: Docker build & push to staging + - name: Staging Deploy to EC2 with CodeDeploy if: contains(github.ref, 'staging') run: | - docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} - docker build -f Dockerfile_staging -t ${{ secrets.DOCKER_USERNAME }}/genti-staging . - docker push ${{ secrets.DOCKER_USERNAME }}/genti-staging + aws deploy create-deployment \ + --application-name ${{ env.CODE_DEPLOY_APPLICATION_NAME_STAGING }} \ + --deployment-group-name genti-tg-staging \ + --s3-location bucket=$S3_BUCKET_NAME,key=$GITHUB_SHA.zip,bundleType=zip + # docker build & push to staging + # - name: Docker build & push to staging + # if: contains(github.ref, 'staging') + # run: | + # docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} + # docker build -f Dockerfile_staging -t ${{ secrets.DOCKER_USERNAME }}/genti-staging . + # docker push ${{ secrets.DOCKER_USERNAME }}/genti-staging ## deploy to staging server - - name: Deploy to staging server - uses: appleboy/ssh-action@master - id: deploy-staging - if: contains(github.ref, 'staging') - with: - host: ${{ secrets.HOST_STAGING }} # EC2 퍼블릭 IPv4 DNS - username: ubuntu - password: ${{ secrets.PASSWORD }} - port: 22 - key: ${{ secrets.EC2_KEY }} - script: | - sudo docker ps - cd /home/ubuntu/workspace/docker/staging - docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} - sudo docker pull ${{ secrets.DOCKER_USERNAME }}/genti-staging - sudo docker-compose up -d - sudo docker image prune -f - - - name: delete github actions ip from aws security group - if: contains(github.ref, 'staging') - run: | - aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 - env: - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - AWS_DEFAULT_REGION: ap-northeast-2 + # - name: Deploy to staging server + # uses: appleboy/ssh-action@master + # id: deploy-staging + # if: contains(github.ref, 'staging') + # with: + # host: ${{ secrets.HOST_STAGING }} # EC2 퍼블릭 IPv4 DNS + # username: ubuntu + # password: ${{ secrets.PASSWORD }} + # port: 22 + # key: ${{ secrets.EC2_KEY }} + # script: | + # sudo docker ps + # cd /home/ubuntu/workspace/docker/staging + # docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} + # sudo docker pull ${{ secrets.DOCKER_USERNAME }}/genti-staging + # sudo docker-compose up -d + # sudo docker image prune -f + +# - name: delete github actions ip from aws security group +# if: contains(github.ref, 'staging') +# run: | +# aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32 +# env: +# AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} +# AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} +# AWS_DEFAULT_REGION: ap-northeast-2 diff --git a/.gitignore b/.gitignore index c065f734..dae41ced 100644 --- a/.gitignore +++ b/.gitignore @@ -66,3 +66,4 @@ firebase-genti.json AuthKey_ZRZMQQX883.p8 /genti-api/src/main/resources/static/swagger.json +update-github-secret.sh \ No newline at end of file From ff5a197d0eac882ad3a4f88fab83fb07cdb4ebe8 Mon Sep 17 00:00:00 2001 From: BYEONGRYEOL Date: Thu, 12 Sep 2024 08:44:47 +0900 Subject: [PATCH 2/2] =?UTF-8?q?Update:=20#158=20cicd=20=ED=8C=8C=EC=9D=B4?= =?UTF-8?q?=ED=94=84=EB=9D=BC=EC=9D=B8=20=EB=82=B4=20=EC=98=A4=ED=83=80=20?= =?UTF-8?q?=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/cicd-ec2.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cicd-ec2.yml b/.github/workflows/cicd-ec2.yml index 08e2c59c..cb4b29da 100644 --- a/.github/workflows/cicd-ec2.yml +++ b/.github/workflows/cicd-ec2.yml @@ -157,7 +157,7 @@ jobs: ECR_REPOSITORY: genti-staging IMAGE_TAG: latest run: | - docker build -f ./Dockerfile_deploy -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . + docker build -f ./Dockerfile_staging -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . docker push $ECR_REGISTRY/$ECR_REPOSITORY: - name: Upload docker-compose, appspec, afterInstall file to S3 @@ -195,7 +195,7 @@ jobs: # Move back to the initial directory and upload the zip file to S3 cd .. - aws s3 cp --region ap-northeast-2 ./$GITHUB_SHA.zip s3://S3_BUCKET_NAME_STAGING + aws s3 cp --region ap-northeast-2 ./$GITHUB_SHA.zip s3://$S3_BUCKET_NAME_STAGING # Clean up the temporary directory rm -rf temp_dir