Snack/.github/workflows/cd-main.yml at develop · LABYRINTH3/Snack · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: CD on main (spring+python → prod, prune)

on:
  push:
    branches: [ main ]
  workflow_dispatch: {}

permissions:
  id-token: write
  contents: read

jobs:
  build_and_push:
    runs-on: ubuntu-latest
    env:
      AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
      AWS_REGION:     ${{ secrets.AWS_REGION }}
      SPRING_REPO:    spring
      PY_REPO:        python
      ENV_TAG:        prod-latest
      KEEP_N:         "5"
      EXTRA_PROTECT:  ""
    steps:
      - uses: actions/checkout@v4

      - name: Set up JDK 21
        uses: actions/setup-java@v3
        with:
          java-version: '21'
          distribution: 'temurin'

      - name: Set up Python (for optional python build)
        uses: actions/setup-python@v4
        with:
          python-version: '3.11'

      - uses: aws-actions/configure-aws-credentials@v4
        with:
          role-to-assume:    ${{ secrets.AWS_ROLE_TO_ASSUME }}
          aws-region:        ${{ secrets.AWS_REGION }}
          role-session-name: snacknews-cd

      - name: Who am I?
        run: aws sts get-caller-identity

      - uses: aws-actions/amazon-ecr-login@v2

      # ---------------- 스프링 JAR 빌드(필수) ----------------
      - name: Build Spring JAR
        run: |
          chmod +x ./gradlew
          ./gradlew clean bootJar -x test

      - name: Show Spring build artifacts
        run: ls -la build/libs || true

      # ---------------- 파이썬 빌드(선택적) ----------------
      - name: Build Python package if applicable
        run: |
          if [ -f python-nlp-service/pyproject.toml ] || [ -f python-nlp-service/setup.py ]; then
            python -m pip install --upgrade pip setuptools wheel build
            (cd python-nlp-service && python -m build) || true
            ls -la python-nlp-service/dist || true
          else
            echo "No python build file found, skipping python packaging step"
          fi

      # ---------------- Docker 이미지 빌드 ----------------
      - name: Build spring image
        run: |
          URI=${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${SPRING_REPO}
          docker build -f src/Dockerfile -t ${URI}:${{ github.sha }} -t ${URI}:${ENV_TAG} .

      - name: Build python image
        run: |
          URI=${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${PY_REPO}
          docker build -t ${URI}:${{ github.sha }} -t ${URI}:${ENV_TAG} ./python-nlp-service

      - name: Push spring
        run: |
          URI=${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${SPRING_REPO}
          docker push ${URI}:${{ github.sha }}
          docker push ${URI}:${ENV_TAG}

      - name: Push python
        run: |
          URI=${AWS_ACCOUNT_ID}.dkr.ecr.${AWS_REGION}.amazonaws.com/${PY_REPO}
          docker push ${URI}:${{ github.sha }}
          docker push ${URI}:${ENV_TAG}

      - name: Install jq
        run: sudo apt-get update && sudo apt-get install -y jq

  deploy:
    runs-on: ubuntu-latest
    needs: build_and_push
    env:
      REMOTE_DIR: /home/ubuntu/Back-end
      ENV_TAG:    prod-latest
    steps:
      - name: SSH & deploy (prod)
        uses: appleboy/ssh-action@v1
        with:
          host:     ${{ secrets.SSH_HOST_STG }}
          username: ${{ secrets.SSH_USER }}
          key:      ${{ secrets.SSH_PRIVATE_KEY }}
          script_stop: true
          script: |
            set -e
            cd "${{ env.REMOTE_DIR }}"
            AWS_REGION="${{ secrets.AWS_REGION }}"
            AWS_ACCOUNT_ID="${{ secrets.AWS_ACCOUNT_ID }}"
            TAG="${{ env.ENV_TAG }}"

            if ! command -v aws >/dev/null 2>&1; then
              sudo apt update && sudo apt install -y unzip curl
              ARCH=$(uname -m)
              if [ "$ARCH" = "x86_64" ]; then URL="https://awscli.amazonaws.com/awscli-exe-linux-x86_64.zip"; else URL="https://awscli.amazonaws.com/awscli-exe-linux-aarch64.zip"; fi
              curl -fsSL "$URL" -o awscliv2.zip
              unzip -q awscliv2.zip
              sudo ./aws/install
            fi

            aws ecr get-login-password --region "$AWS_REGION" \
              | docker login --username AWS --password-stdin "$AWS_ACCOUNT_ID.dkr.ecr.$AWS_REGION.amazonaws.com"

            touch .deploy.env
            grep -q '^AWS_ACCOUNT_ID=' .deploy.env || echo "AWS_ACCOUNT_ID=$AWS_ACCOUNT_ID" >> .deploy.env
            grep -q '^AWS_REGION='     .deploy.env || echo "AWS_REGION=$AWS_REGION"         >> .deploy.env
            if grep -q '^IMAGE_TAG=' .deploy.env; then sed -i "s/^IMAGE_TAG=.*/IMAGE_TAG=$TAG/" .deploy.env; else echo "IMAGE_TAG=$TAG" >> .deploy.env; fi
            if grep -q '^PYTHON_IMAGE_TAG=' .deploy.env; then sed -i "s/^PYTHON_IMAGE_TAG=.*/PYTHON_IMAGE_TAG=$TAG/" .deploy.env; else echo "PYTHON_IMAGE_TAG=$TAG" >> .deploy.env; fi

            docker compose --env-file .deploy.env pull
            docker compose --env-file .deploy.env up -d --no-deps --force-recreate spring python
            docker image prune -f