[hotfix] ddl-auto=update로 변경 #21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PROD Deploy | |
| on: # 운영 브랜치 push | |
| push: | |
| branches: [prod] | |
| env: | |
| APP_HOST: 10.0.2.63 # 운영 App EC2 | |
| NGINX_HOST: 10.0.1.18 | |
| TZ: Asia/Seoul | |
| concurrency: # 같은 브랜치 두 번 배포 중복 금지 | |
| group: prod-deploy | |
| cancel-in-progress: true | |
| jobs: | |
| deploy: | |
| runs-on: ubuntu-latest | |
| environment: production # GitHub “production” Environment | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: 17 | |
| cache: gradle | |
| - name: Build JAR # 러너에서 JAR 생성 | |
| run: | | |
| chmod +x ./gradlew | |
| ./gradlew clean build -x test | |
| - name: 🗂️ Prepare target directory on Nginx EC2 | |
| uses: appleboy/ssh-action@v1.0.3 | |
| with: | |
| host: ${{ env.NGINX_HOST }} | |
| username: ubuntu | |
| key: ${{ secrets.SSH_KEY }} | |
| proxy_host: ${{ secrets.BASTION_IP }} | |
| proxy_username: ubuntu | |
| proxy_key: ${{ secrets.SSH_KEY }} | |
| script_stop: true | |
| script: | | |
| set -e | |
| sudo mkdir -p /home/ubuntu/nginx | |
| sudo chown -R ubuntu:ubuntu /home/ubuntu/nginx | |
| grep -E '^Subsystem' /etc/ssh/sshd_config || true | |
| ls -al /home/ubuntu/nginx | |
| - name: 📦 Copy NGINX bundle to Nginx EC2 | |
| uses: appleboy/scp-action@v0.1.6 | |
| with: | |
| host: ${{ env.NGINX_HOST }} | |
| proxy_host: ${{ secrets.BASTION_IP }} | |
| proxy_username: ubuntu | |
| proxy_key: ${{ secrets.SSH_KEY }} | |
| username: ubuntu | |
| key: ${{ secrets.SSH_KEY }} | |
| source: "nginx/*" | |
| target: "/home/ubuntu/nginx/" | |
| strip_components: 1 | |
| debug: true | |
| - name: 🧾 List files on Nginx EC2 | |
| uses: appleboy/ssh-action@v1.0.3 | |
| with: | |
| host: ${{ env.NGINX_HOST }} | |
| username: ubuntu | |
| key: ${{ secrets.SSH_KEY }} | |
| proxy_host: ${{ secrets.BASTION_IP }} | |
| proxy_username: ubuntu | |
| proxy_key: ${{ secrets.SSH_KEY }} | |
| script_stop: true | |
| script: | | |
| set -e | |
| ls -al /home/ubuntu | |
| echo "----" | |
| ls -al /home/ubuntu/nginx | |
| - name: 🔧 Ensure Nginx container is up (PROD) | |
| uses: appleboy/ssh-action@v1.0.3 | |
| with: | |
| host: ${{ env.NGINX_HOST }} | |
| username: ubuntu | |
| key: ${{ secrets.SSH_KEY }} | |
| proxy_host: ${{ secrets.BASTION_IP }} | |
| proxy_username: ubuntu | |
| proxy_key: ${{ secrets.SSH_KEY }} | |
| script_stop: true | |
| script: | | |
| set -e | |
| cd ~/nginx | |
| sudo systemctl start docker | |
| sudo systemctl enable docker >/dev/null 2>&1 || true | |
| sudo docker compose -p hilingual up -d --remove-orphans nginx | |
| - name: 📦 Copy JAR to Target # 러너 → Target 전송 | |
| uses: appleboy/scp-action@v0.1.6 | |
| with: | |
| host: ${{ env.APP_HOST }} # ← prod App EC2 | |
| proxy_host: ${{ secrets.BASTION_IP }} # ← Bastion | |
| proxy_username: ubuntu | |
| proxy_key: ${{ secrets.SSH_KEY }} | |
| username: ubuntu | |
| key: ${{ secrets.SSH_KEY }} | |
| source: "build/libs/*.jar" | |
| target: "/home/ubuntu/artifacts/" | |
| strip_components: 2 | |
| - name: 🔑 Prepare upstream-switch key on App EC2 | |
| uses: appleboy/ssh-action@v1.0.3 | |
| with: | |
| host: ${{ env.APP_HOST }} | |
| username: ubuntu | |
| key: ${{ secrets.SSH_KEY }} | |
| proxy_host: ${{ secrets.BASTION_IP }} | |
| proxy_username: ubuntu | |
| proxy_key: ${{ secrets.SSH_KEY }} | |
| script_stop: true | |
| script: | | |
| set -e | |
| mkdir -p ~/.ssh | |
| chmod 700 ~/.ssh | |
| # 프라이빗 키 저장 | |
| cat > ~/.ssh/hilingual_actions <<'EOF' | |
| ${{ secrets.SSH_KEY }} | |
| EOF | |
| # 🔧 잡음 제거 (Drone 등에서 섞여든 행, BOM 등) | |
| LC_ALL=C sed -i -e '1s/^\xEF\xBB\xBF//' -e '/^DRONE_/d' ~/.ssh/hilingual_actions | |
| # 🔒 BEGIN~END 블록만 남기고 나머지 잡음 제거 (재발 방지 핵심) | |
| awk 'f||/-----BEGIN .* PRIVATE KEY-----/{f=1;print} /-----END .* PRIVATE KEY-----/{exit}' \ | |
| ~/.ssh/hilingual_actions > ~/.ssh/hilingual_actions.clean && mv ~/.ssh/hilingual_actions.clean ~/.ssh/hilingual_actions | |
| # 윈도우 개행 제거 + 권한 | |
| sed -i 's/\r$//' ~/.ssh/hilingual_actions | |
| chmod 600 ~/.ssh/hilingual_actions | |
| # 키 유효성 검사 (깨진 키면 즉시 실패 지점 명확화) | |
| ssh-keygen -y -f ~/.ssh/hilingual_actions >/dev/null || { echo "Invalid SSH private key in secrets.SSH_KEY"; exit 1; } | |
| # bastion에서 Nginx로 넘어갈 때 호스트 키 확인 프롬프트 방지 | |
| ssh-keyscan -H ${{ env.NGINX_HOST }} >> ~/.ssh/known_hosts 2>/dev/null || true | |
| - name: 🔐 Deploy via Bastion (PROD) # deploy.sh 실행 | |
| uses: appleboy/ssh-action@v1.0.3 | |
| env: | |
| APP_HOST: ${{ env.APP_HOST }} | |
| NGINX_HOST: ${{ env.NGINX_HOST }} | |
| UPSTREAM_ENV: prod | |
| with: | |
| host: ${{ env.APP_HOST }} # prod App EC2 | |
| username: ubuntu | |
| key: ${{ secrets.SSH_KEY }} | |
| proxy_host: ${{ secrets.BASTION_IP }} | |
| proxy_username: ubuntu | |
| proxy_key: ${{ secrets.SSH_KEY }} | |
| script_stop: true | |
| envs: APP_HOST,NGINX_HOST,UPSTREAM_ENV | |
| script: | | |
| set -e | |
| mkdir -p /home/ubuntu/artifacts | |
| cd ~/project | |
| if [ ! -d .git ]; then | |
| git init | |
| git remote add origin https://github.com/${{ github.repository }} | |
| fi | |
| git fetch --depth 1 origin | |
| git reset --hard ${{ github.sha }} | |
| mkdir -p build/libs | |
| mv /home/ubuntu/artifacts/*.jar build/libs/ | |
| chmod +x deploy.sh | |
| UPSTREAM_ENV=${UPSTREAM_ENV} APP_HOST=${APP_HOST} NGINX_HOST=${NGINX_HOST} ./deploy.sh | |
| - name: 📢 Discord notify | |
| if: always() | |
| uses: sarisia/actions-status-discord@v1 | |
| with: | |
| webhook: ${{ secrets.DISCORD_WEBHOOK }} | |
| title: "${{ github.workflow }} – ${{ job.status }}" | |
| description: "**Ref**: ${{ github.ref_name }}\n**SHA**: ${{ github.sha }}" | |
| color: ${{ job.status == 'success' && '0x57F287' || '0xED4245' }} |