AIBE5_FinalProject_Team7_JackPot/.github/workflows/deploy.yml at main · prgrms-aibe-devcourse/AIBE5_FinalProject_Team7_JackPot · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: Deploy (ECR + EC2)

on:
  push:
    branches: [main]

concurrency:
  group: deploy-main
  cancel-in-progress: true

env:
  AWS_REGION: ap-northeast-2
  ECR_REGISTRY: 495264909330.dkr.ecr.ap-northeast-2.amazonaws.com
  BACKEND_IMAGE: team7/whiskeynote-backend
  FRONTEND_IMAGE: team7/whiskeynote-frontend

jobs:
  build-and-push:
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v4
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ${{ env.AWS_REGION }}

      - name: Login to Amazon ECR
        uses: aws-actions/amazon-ecr-login@v2

      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3

      - name: Set up JDK 21
        uses: actions/setup-java@v4
        with:
          distribution: temurin
          java-version: "21"

      - name: Set up Gradle
        uses: gradle/actions/setup-gradle@v4
        with:
          gradle-version: "9.4.1"

      - name: Build backend JAR
        working-directory: backend
        run: |
          for attempt in 1 2 3 4 5; do
            echo "bootJar attempt ${attempt}"
            gradle bootJar -x test --no-daemon && exit 0
            sleep $((attempt * 20))
          done
          exit 1

      - name: Build and push backend
        uses: docker/build-push-action@v6
        with:
          context: ./backend
          platforms: linux/amd64
          push: true
          tags: |
            ${{ env.ECR_REGISTRY }}/${{ env.BACKEND_IMAGE }}:latest
            ${{ env.ECR_REGISTRY }}/${{ env.BACKEND_IMAGE }}:${{ github.sha }}

      - name: Build and push frontend
        uses: docker/build-push-action@v6
        with:
          context: .
          file: ./frontend/Dockerfile
          platforms: linux/amd64
          push: true
          tags: |
            ${{ env.ECR_REGISTRY }}/${{ env.FRONTEND_IMAGE }}:latest
            ${{ env.ECR_REGISTRY }}/${{ env.FRONTEND_IMAGE }}:${{ github.sha }}

  deploy-ec2:
    needs: build-and-push
    runs-on: ubuntu-latest
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: Copy deploy files to EC2
        uses: appleboy/scp-action@v0.1.7
        with:
          host: ${{ secrets.EC2_HOST }}
          username: ubuntu
          key: ${{ secrets.EC2_SSH_PRIVATE_KEY }}
          source: "deploy/docker-compose.ec2.yml,deploy/verify-deploy.sh,deploy/run-backend-test.sh,deploy/test-db-bulk-seed.sh,deploy/monitoring/**"
          target: /home/ubuntu/whiskeynote/deploy/
          strip_components: 1

      - name: Deploy on EC2
        uses: appleboy/ssh-action@v1.2.0
        with:
          host: ${{ secrets.EC2_HOST }}
          username: ubuntu
          key: ${{ secrets.EC2_SSH_PRIVATE_KEY }}
          script: |
            set -e
            cd ~/whiskeynote
            chmod +x deploy/verify-deploy.sh
            mv -f deploy/docker-compose.ec2.yml docker-compose.yml
            aws ecr get-login-password --region ap-northeast-2 | docker login --username AWS --password-stdin 495264909330.dkr.ecr.ap-northeast-2.amazonaws.com
            docker compose pull
            docker compose up -d --force-recreate backend frontend
            docker image prune -af

      - name: Verify backend & RDS schema
        id: verify
        env:
          EC2_HOST: ${{ secrets.EC2_HOST }}
          EC2_KEY: ${{ secrets.EC2_SSH_PRIVATE_KEY }}
        run: |
          mkdir -p ~/.ssh
          printf '%s\n' "$EC2_KEY" > ~/.ssh/deploy_key
          chmod 600 ~/.ssh/deploy_key
          set +e
          OUT="$(ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no "ubuntu@${EC2_HOST}" \
            'bash ~/whiskeynote/deploy/verify-deploy.sh' 2>&1)"
          CODE=$?
          echo "$OUT"
          if [[ "$CODE" -ne 0 ]]; then
            if echo "$OUT" | grep -q 'RDS_SCHEMA_OUTDATED'; then
              TABLE="$(echo "$OUT" | sed -n 's/^누락 테이블: //p' | head -1)"
              echo "::error title=RDS 스키마 미최신화 — backend 기동 실패::RDS에 테이블 [${TABLE:-unknown}] 이(가) 없습니다. backend/src/main/resources/db/migration/V*__*.sql Flyway migration 을 추가하고 main merge 후 Deploy workflow 를 다시 실행하세요."
            else
              echo "::error title=백엔드 배포 검증 실패::backend 기동 또는 API smoke test 실패. 위 로그 및 EC2: docker compose logs backend --tail 50"
            fi
            exit 1
          fi
          echo "::notice title=배포 검증 성공::backend healthy · RDS 스키마 OK · API 200"