chore: github secret으로 환경변수 관리 #11
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Docker CI/CD Pipeline | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - develop | |
| jobs: | |
| build-and-push: | |
| name: 도커 이미지화 | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: 리포지토리 코드 체크아웃 | |
| uses: actions/checkout@v3 | |
| - name: Docker Buildx 설정 | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Docker Hub 로그인 | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_HUB_USERNAME }} | |
| password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} | |
| - name: Docker 이미지 빌드 및 푸시 | |
| uses: docker/build-push-action@v4 | |
| with: | |
| context: ./ | |
| file: ./Dockerfile.product | |
| push: true | |
| tags: ${{ secrets.DOCKER_HUB_USERNAME }}/nestjs-app:${{ github.sha }} | |
| deploy: | |
| name: 서버 배포 | |
| needs: build-and-push | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Configure AWS Credentials | |
| uses: aws-actions/configure-aws-credentials@v2 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| - name: 서버 배포 및 상태 확인 | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.SERVER_HOST }} | |
| username: ${{ secrets.SERVER_USER }} | |
| key: ${{ secrets.SSH_PRIVATE_KEY }} | |
| script: | | |
| cd /home/ubuntu | |
| docker pull ${{ secrets.DOCKER_HUB_USERNAME }}/nestjs-app:latest | |
| echo "=== 환경변수 기반 docker-compose 실행 ===" | |
| export PORT=${{ secrets.PORT }} | |
| export MYSQL_HOST=${{ secrets.MYSQL_HOST }} | |
| export MYSQL_PORT=${{ secrets.MYSQL_PORT }} | |
| export MYSQL_DATABASE=${{ secrets.MYSQL_DATABASE }} | |
| export MYSQL_USER=${{ secrets.MYSQL_USER }} | |
| export MYSQL_PASSWORD=${{ secrets.MYSQL_PASSWORD }} | |
| export MYSQL_ROOT_PASSWORD=${{ secrets.MYSQL_ROOT_PASSWORD }} | |
| export MONGO_HOST=${{ secrets.MONGO_HOST }} | |
| export MONGO_PORT=${{ secrets.MONGO_PORT }} | |
| export MONGO_INITDB_ROOT_USERNAME=${{ secrets.MONGO_INITDB_ROOT_USERNAME }} | |
| export MONGO_INITDB_ROOT_PASSWORD=${{ secrets.MONGO_INITDB_ROOT_PASSWORD }} | |
| export MONGO_INITDB_DATABASE=${{ secrets.MONGO_INITDB_DATABASE }} | |
| export REDIS_HOST=${{ secrets.REDIS_HOST }} | |
| export REDIS_PORT=${{ secrets.REDIS_PORT }} | |
| export REDIS_PASSWORD=${{ secrets.REDIS_PASSWORD }} | |
| sudo docker-compose down | |
| sudo docker-compose up -d --remove-orphans | |
| docker image prune —f | |
| echo "=== Docker 컨테이너 상태 ===" | |
| sudo docker-compose ps |