[#13] CICD 개선 #95
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ci/cd action | |
| on: | |
| push: | |
| branches: ['dev'] | |
| pull_request: | |
| branches: ['dev'] | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| with: | |
| buildkitd-flags: --debug | |
| - name: Cache Docker layers | |
| uses: actions/cache@v3 | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-docker-${{ hashFiles('Dockerfile', 'Dockerfile.base', 'docker-compose.yml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-docker- | |
| - name: Set BE .env | |
| run: | | |
| echo "MONGO_URI=${{ secrets.DEPLOY_MONGO_URI }}" > apps/server/.env | |
| echo "IS_LOCAL=false" >> apps/server/.env | |
| echo "SERVER_CORS_ACCEPT=${{ secrets.DEPLOY_SERVER_CORS_ACCEPT }}" >> apps/server/.env | |
| echo "S3_ACCESS_KEY=${{ secrets.S3_ACCESS_KEY }}" >> apps/server/.env | |
| echo "S3_SECRET_KEY=${{ secrets.S3_SECRET_KEY }}" >> apps/server/.env | |
| echo "S3_BUCKET_NAME=${{ secrets.S3_BUCKET_NAME }}" >> apps/server/.env | |
| echo "NODE_ENV=production" >> apps/server/.env | |
| - name: Set FE .env | |
| run: | | |
| echo "VITE_SERVER_URL=${{ secrets.DEPLOY_VITE_SERVER_URL }}" > apps/client/.env | |
| echo "VITE_MIXPANEL_TOKEN=${{ secrets.VITE_MIXPANEL_TOKEN }}" >> apps/client/.env | |
| echo "VITE_STATIC_STORAGE_URL=${{ secrets.VITE_STATIC_STORAGE_URL }}" >> apps/client/.env | |
| - name: Set Nginx SSL files | |
| run: | | |
| mkdir -p apps/client/ssl | |
| echo "${{ secrets.SSL_FULLCHAIN }}" > apps/client/ssl/fullchain.pem | |
| echo "${{ secrets.SSL_PRIVKEY }}" > apps/client/ssl/privkey.pem | |
| # - name: Clear Docker Cache | |
| # run: | | |
| # docker builder prune --all --force | |
| # docker image prune --all --force | |
| # - name: Build and Push Base Image | |
| # uses: docker/build-push-action@v4 | |
| # with: | |
| # context: . | |
| # file: Dockerfile.base | |
| # push: true | |
| # tags: ${{ secrets.DOCKERHUB_USERNAME }}/base-image:latest | |
| # cache-from: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/base-image:latest,mode=max | |
| # cache-to: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/base-image:latest,mode=max | |
| # outputs: type=docker | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_PASSWORD }} | |
| - name: Build and Save Base Image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| file: Dockerfile.base | |
| push: true | |
| tags: | | |
| ${{ secrets.DOCKERHUB_USERNAME }}/base-image:latest | |
| cache-from: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/base-image:latest,mode=max | |
| cache-to: | | |
| type=inline | |
| type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/base-image:latest,mode=max | |
| - name: Authenticate with Docker Hub | |
| run: | | |
| TOKEN=$(curl -s -u "${{ secrets.DOCKERHUB_USERNAME }}:${{ secrets.DOCKERHUB_PASSWORD }}" \ | |
| "https://auth.docker.io/token?service=registry.docker.io&scope=repository:${{ secrets.DOCKERHUB_USERNAME }}/base-image:pull,push" | jq -r .token) | |
| echo "Token: $TOKEN" | |
| curl -H "Authorization: Bearer $TOKEN" -v https://registry-1.docker.io/v2/${{ secrets.DOCKERHUB_USERNAME }}/base-image/manifests/latest | |
| - name: Pull Base Image (Remote) | |
| run: docker pull docker.io/${{ secrets.DOCKERHUB_USERNAME }}/base-image:latest | |
| - name: Verify Base Image | |
| run: docker images ${{ secrets.DOCKERHUB_USERNAME }}/base-image:latest | |
| - name: Retag Base Image Locally | |
| run: docker tag ${{ secrets.DOCKERHUB_USERNAME }}/base-image:latest base-image:latest | |
| - name: Save Base Image to File | |
| run: docker save base-image:latest -o base-image.tar | |
| - name: Load Base Image from File | |
| run: docker load -i base-image.tar | |
| - name: Build and Push Frontend Image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| file: apps/client/Dockerfile | |
| push: true | |
| tags: ${{ secrets.DOCKERHUB_USERNAME }}/boolock_client_test:latest | |
| cache-from: | | |
| type=inline | |
| type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/boolock_client_test:latest,mode=max | |
| cache-to: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/boolock_client_test:latest,mode=max | |
| build-args: | | |
| DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }} | |
| - name: Build and Push Backend Image | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: . | |
| file: apps/server/Dockerfile | |
| push: true | |
| tags: ${{ secrets.DOCKERHUB_USERNAME }}/boolock_server_test:latest | |
| cache-from: | | |
| type=inline | |
| type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/boolock_server_test:latest,mode=max | |
| cache-to: type=registry,ref=${{ secrets.DOCKERHUB_USERNAME }}/boolock_server_test:latest,mode=max | |
| build-args: | | |
| DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }} | |
| # - name: Build and Push Base Image | |
| # uses: docker/build-push-action@v4 | |
| # with: | |
| # context: . | |
| # file: Dockerfile.base | |
| # push: true | |
| # tags: ${{ secrets.DOCKERHUB_USERNAME }}/base-image:latest | |
| # cache-from: type=local,src=/tmp/.buildx-cache | |
| # cache-to: type=local,dest=/tmp/.buildx-cache | |
| # - name: Build and Push Frontend Image | |
| # uses: docker/build-push-action@v4 | |
| # with: | |
| # context: . | |
| # file: apps/client/Dockerfile | |
| # push: true | |
| # tags: ${{ secrets.DOCKERHUB_USERNAME }}/boolock_client_test:latest | |
| # cache-from: type=local,src=/tmp/.buildx-cache | |
| # cache-to: type=local,dest=/tmp/.buildx-cache | |
| # build-args: | | |
| # DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }} | |
| # - name: Build and Push Backend Image | |
| # uses: docker/build-push-action@v4 | |
| # with: | |
| # context: . | |
| # file: apps/server/Dockerfile | |
| # push: true | |
| # tags: ${{ secrets.DOCKERHUB_USERNAME }}/boolock_server_test:latest | |
| # cache-from: type=local,src=/tmp/.buildx-cache | |
| # cache-to: type=local,dest=/tmp/.buildx-cache | |
| # build-args: | | |
| # DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }} | |
| deploy: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Deploy with docker | |
| uses: appleboy/[email protected] | |
| with: | |
| host: ${{ secrets.SSH_HOST }} | |
| username: ${{ secrets.SSH_USER }} | |
| password: ${{ secrets.SSH_PASSWORD }} | |
| port: ${{ secrets.SSH_PORT }} | |
| script: | | |
| cd boolock/refactor-web31-BooLock | |
| git fetch origin | |
| git checkout refactor/13 | |
| git pull origin refactor/13 | |
| echo "DOCKERHUB_USERNAME=${{ secrets.DOCKERHUB_USERNAME }}" > .env | |
| echo "${{ secrets.DOCKERHUB_ACCESS_TOKEN }}" | docker login -u ${{ secrets.DOCKERHUB_USERNAME }} --password-stdin | |
| sudo docker compose pull | |
| sudo docker compose down | |
| sudo docker compose up -d |