Skip to content

Commit

Permalink
Merge pull request #31 from gooiman/feat/prod-deploy
Browse files Browse the repository at this point in the history 
feat: 프로덕션 환경 배포 설정
  • Loading branch information
@EATSTEAK
EATSTEAK authored Sep 28, 2024
2 parents 9901f75 + 537242a commit 049e9af
Show file tree
Hide file tree
Showing 5 changed files with 213 additions and 20 deletions.
173 changes: 173 additions & 0 deletions .github/workflows/publish-prod.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,173 @@
name: 프로덕션 서비스 배포

on:
push:
branches: [ master ]
env:
ENVIRONMENT: prod
TF_WORKSPACE: prod
jobs:
apply-terraform:
name: 'Terraform 리소스 적용'
runs-on: ubuntu-latest
outputs:
rds_endpoint: ${{ steps.generate_output.outputs.rdx_endpoint }}
steps:
- name: 레포지토리 체크아웃
uses: actions/checkout@v4
- name: Terraform 설치
uses: hashicorp/setup-terraform@v3
with:
cli_config_credentials_token: ${{ secrets.TF_API_TOKEN }}
- name: Terraform 초기화
run: terraform init
- name: AWS 인증 설정
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2
- name: Terraform 적용
run: |
terraform apply -auto-approve \
-var 'environment=${{ env.ENVIRONMENT }}' \
-var 'aws_region=ap-northeast-2' \
-var 'database_user=${{ secrets.PROD_DATABASE_USER }}' \
-var 'database_password=${{ secrets.PROD_DATABASE_PASSWORD }}'
- name: 출력 생성
id: generate_output
run: echo "rdx_endpoint=$(terraform output -raw rds_endpoint)" >> "$GITHUB_OUTPUT"
build-server:
name: '서버 빌드'
runs-on: ubuntu-latest
steps:
- name: 레포지토리 체크아웃
uses: actions/checkout@v4
- name: JDK 설치
uses: actions/setup-java@v4
with:
distribution: 'corretto'
java-version: '17'
- name: 서버 빌드
run: |
sudo chmod +x ./gradlew
./gradlew clean build -x test
- name: 서버 실행 파일 아티펙트 업로드
uses: actions/upload-artifact@v4
with:
name: server
path: build/libs/*.jar
docker-build:
name: 'Docker 이미지 빌드'
needs: [ apply-terraform, build-server ]
runs-on: ubuntu-latest
steps:
- name: 레포지토리 체크아웃
uses: actions/checkout@v4
- name: 빌드 폴더 생성
run: mkdir -p build/libs
- name: 서버 실행 파일 다운로드
uses: actions/download-artifact@v4
with:
name: server
path: build/libs
- name: 도커 이미지 빌드
run: |
docker buildx build \
--build-arg SPRING_PROFILES_ACTIVE=${{ env.ENVIRONMENT }} \
--build-arg DATABASE_ADDRESS=${{ needs.apply-terraform.outputs.rds_endpoint }} \
--build-arg DATABASE_USERNAME=${{ secrets.PROD_DATABASE_USER }} \
--build-arg DATABASE_PASSWORD=${{ secrets.PROD_DATABASE_PASSWORD }} \
--build-arg JWT_SECRET=${{ secrets.JWT_SECRET }} \
--build-arg JWT_TOKEN_VALIDITY_TIME=${{ secrets.JWT_TOKEN_VALIDITY_TIME }} \
--build-arg KEYSTORE_PASSWORD=${{ secrets.KEYSTORE_PASSWORD }} \
-t gooiman-api:${{ github.sha }} .
- name: 도커 이미지 저장
run: docker save gooiman-api:${{ github.sha }} > image.tar

- name: 도커 이미지 아티펙트 업로드
uses: actions/upload-artifact@v4
with:
name: docker-image
path: image.tar

ecr-push:
name: 'ECR 푸시'
needs: [ apply-terraform, docker-build ]
runs-on: ubuntu-latest
outputs:
ecr_registry: ${{ steps.login-ecr.outputs.registry }}
ecr_repository: gooiman_${{ env.ENVIRONMENT }}
image_tag: ${{ github.sha }}
steps:
- name: 레포지토리 체크아웃
uses: actions/checkout@v4

- name: 도커 이미지 아티펙트 다운로드
uses: actions/download-artifact@v4
with:
name: docker-image

- name: 도커 이미지 로드
run: docker load < image.tar

- name: AWS 인증 설정
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2

- name: Amazon ECR 로그인
id: login-ecr
uses: aws-actions/amazon-ecr-login@v2

- name: Amazon ECR에 이미지 푸시
env:
ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
ECR_REPOSITORY: gooiman_${{ env.ENVIRONMENT }}
IMAGE_TAG: ${{ github.sha }}
run: |
docker tag gooiman-api:$IMAGE_TAG $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
codedeploy:
name: 'CodeDeploy 배포'
needs: ecr-push
runs-on: ubuntu-latest
steps:
- name: 레포지토리 체크아웃
uses: actions/checkout@v4

- name: AWS 인증 설정
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: ap-northeast-2
- name: 배포 파일 업로드
env:
ECR_REGISTRY: ${{ needs.ecr-push.outputs.ecr_registry }}
ECR_REPOSITORY: ${{ needs.ecr-push.outputs.ecr_repository }}
IMAGE_TAG: ${{ needs.ecr-push.outputs.image_tag }}
run: |
cd ./codedeploy/${{ env.ENVIRONMENT }}
mkdir scripts
touch scripts/deploy.sh
echo "aws ecr get-login-password --region ap-northeast-2 | docker login --username AWS --password-stdin $ECR_REGISTRY" >> scripts/deploy.sh
echo "export ECR_REGISTRY=$ECR_REGISTRY" >> scripts/deploy.sh
echo "export ECR_REPOSITORY=$ECR_REPOSITORY" >> scripts/deploy.sh
echo "export IMAGE_TAG=$IMAGE_TAG" >> scripts/deploy.sh
echo "docker-compose -f /var/deployment/docker-compose.yml up -d" >> scripts/deploy.sh
zip -r ${{ github.sha }}.zip .
aws s3 cp ${{ github.sha }}.zip s3://gooiman-${{ env.ENVIRONMENT }}-deploy-bucket/${{ github.sha }}.zip
- name: CodeDeploy 배포 생성
run: |
aws deploy create-deployment \
--application-name gooiman_${{ env.ENVIRONMENT }}_deploy \
--deployment-group-name gooiman_${{ env.ENVIRONMENT }}_deploy_group \
--deployment-config-name CodeDeployDefault.OneAtATime \
--s3-location bucket=gooiman-${{ env.ENVIRONMENT }}-deploy-bucket,bundleType=zip,key=${{ github.sha }}.zip
11 changes: 11 additions & 0 deletions codedeploy/prod/appspec.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,11 @@
version: 0.0
os: linux
files:
- source: /
destination: /var/deployment
overwrite: yes
hooks:
BeforeInstall:
- location: scripts/deploy.sh
timeout: 300
runas: root
6 changes: 6 additions & 0 deletions codedeploy/prod/docker-compose.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,6 @@
name: gooiman-server
services:
api:
image: ${ECR_REGISTRY}/${ECR_REPOSITORY}:${IMAGE_TAG}
ports:
- "8080:8080"
35 changes: 16 additions & 19 deletions main.tf
View file
Original file line number Diff line number Diff line change
Expand Up @@ -121,7 +121,7 @@ resource "aws_db_instance" "db" {
password = var.database_password
vpc_security_group_ids = [aws_security_group.rds_sg.id]
db_subnet_group_name = aws_db_subnet_group.db_subnet.id
skip_final_snapshot = true
skip_final_snapshot = true
tags = {
Name = "gooiman_db_${var.environment}"
}
Expand Down Expand Up @@ -207,28 +207,25 @@ resource "aws_security_group" "ec2_sg" {
cidr_blocks = ["0.0.0.0/0"]
}

ingress {
from_port = 80
to_port = 80
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}

ingress {
from_port = 443
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}

// 개발 환경 8080 포트 허용
dynamic "ingress" {
for_each = (var.environment == "dev") ? [1] : []
content {
from_port = 8080
to_port = 8080
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
from_port = 8080
to_port = 8080
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}

// 운영 환경 8080 리다이렉트
dynamic "ingress" {
for_each = (var.environment == "prod") ? [1] : []
content {
from_port = 8080
to_port = 443
protocol = "tcp"
cidr_blocks = ["0.0.0.0/0"]
}
}

Expand Down
8 changes: 7 additions & 1 deletion src/main/resources/application-prod.yml
View file
Original file line number Diff line number Diff line change
@@ -1,6 +1,12 @@
server:
port: 8080
ssl:
enabled: true
key-store: classpath:keystore.p12
key-store-password: ${KEYSTORE_PASSWORD}
key-store-type: PKCS12
key-store-type: PKCS12
springdoc:
swagger-ui:
enabled: false
api-docs:
enabled: false

0 comments on commit 049e9af

Please sign in to comment.