From b787b86754c09ae94d419941109033c1ce8867c2 Mon Sep 17 00:00:00 2001 From: do-huni Date: Sun, 21 Jul 2024 12:26:58 +0900 Subject: [PATCH] fix(cd): divide cd process --- .github/workflows/deploy-to-master.yml | 85 ++++++++++++++++++-------- 1 file changed, 60 insertions(+), 25 deletions(-) diff --git a/.github/workflows/deploy-to-master.yml b/.github/workflows/deploy-to-master.yml index a3a412b..1219069 100644 --- a/.github/workflows/deploy-to-master.yml +++ b/.github/workflows/deploy-to-master.yml @@ -6,27 +6,9 @@ on: - master jobs: - deploy: + checkout_and_build: runs-on: ubuntu-latest - permissions: - id-token: write - contents: read - - env: - ECR_URL: ${{ secrets.AWS_PRODUCTION_ECR_URL }} - HOSTS: ${{ secrets.AWS_PRODUCTUON_HOSTS }} - AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }} - AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PRODUCTION_ACCESS_KEY }} - AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PRODUCTION_SECRET_ACCESS_KEY }} - AWS_PROFILE: production - ACCOUNT: 'ubuntu' - DOCKER_TAG: 'latest' - SERVICE_NAME: 'blccu' - BLUE_PORT: '3000' - GREEN_PORT: '3001' - NGINX_CONFIG: '/etc/nginx/nginx.conf' - steps: - name: Checkout code uses: actions/checkout@v2 @@ -48,6 +30,18 @@ jobs: - name: Set PEM file permissions run: chmod 400 deploy_key.pem + - name: Save artifact + uses: actions/upload-artifact@v2 + with: + name: deploy-key + path: deploy_key.pem + + configure_aws: + runs-on: ubuntu-latest + + needs: checkout_and_build + + steps: - name: Install AWS CLI uses: unfor19/install-aws-cli-action@v1 with: @@ -55,22 +49,63 @@ jobs: - name: Configure AWS CLI run: | - aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID - aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY - aws configure set region $AWS_DEFAULT_REGION + aws configure set aws_access_key_id ${{ secrets.AWS_PRODUCTION_ACCESS_KEY }} + aws configure set aws_secret_access_key ${{ secrets.AWS_PRODUCTION_SECRET_ACCESS_KEY }} + aws configure set region ${{ secrets.AWS_REGION }} - name: Test AWS Credentials run: aws sts get-caller-identity + docker_build_and_push: + runs-on: ubuntu-latest + + needs: [checkout_and_build, configure_aws] + + steps: + - name: Checkout code + uses: actions/checkout@v2 + + - name: Restore PEM file + uses: actions/download-artifact@v2 + with: + name: deploy-key + path: deploy_key.pem + - name: Log in to ECR run: | - aws ecr get-login-password --region $AWS_DEFAULT_REGION | docker login --username AWS --password-stdin $ECR_URL + aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | docker login --username AWS --password-stdin ${{ secrets.AWS_PRODUCTION_ECR_URL }} - name: Build and push Docker image run: | docker buildx build --platform linux/amd64 -t $SERVICE_NAME . --load - docker tag $SERVICE_NAME:$DOCKER_TAG $ECR_URL/$SERVICE_NAME:$DOCKER_TAG - docker push $ECR_URL/$SERVICE_NAME:$DOCKER_TAG + docker tag $SERVICE_NAME:$DOCKER_TAG ${{ secrets.AWS_PRODUCTION_ECR_URL }}/$SERVICE_NAME:$DOCKER_TAG + docker push ${{ secrets.AWS_PRODUCTION_ECR_URL }}/$SERVICE_NAME:$DOCKER_TAG + + deploy_to_servers: + runs-on: ubuntu-latest + + needs: [docker_build_and_push] + + env: + ECR_URL: ${{ secrets.AWS_PRODUCTION_ECR_URL }} + HOSTS: ${{ secrets.AWS_PRODUCTUON_HOSTS }} + AWS_DEFAULT_REGION: ${{ secrets.AWS_REGION }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_PRODUCTION_ACCESS_KEY }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_PRODUCTION_SECRET_ACCESS_KEY }} + AWS_PROFILE: production + ACCOUNT: 'ubuntu' + DOCKER_TAG: 'latest' + SERVICE_NAME: 'blccu' + BLUE_PORT: '3000' + GREEN_PORT: '3001' + NGINX_CONFIG: '/etc/nginx/nginx.conf' + + steps: + - name: Restore PEM file + uses: actions/download-artifact@v2 + with: + name: deploy-key + path: deploy_key.pem - name: Deploy to servers run: |