deploy-prod #1
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to OnPremise | |
| on: | |
| repository_dispatch: | |
| types: [deploy-prod] | |
| jobs: | |
| deploy: | |
| name: Deploy to OnPremise Server | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Deploy to OnPremise Server | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.PROD_SERVER_IP }} | |
| username: ubuntu | |
| key: ${{ secrets.PROD_SERVER_PRIVATE_KEY }} | |
| script: | | |
| cd /home/ubuntu/my-memory | |
| echo "π Logging into AWS ECR..." | |
| aws ecr get-login-password --region ap-northeast-2 | docker login --username AWS --password-stdin 228749872437.dkr.ecr.ap-northeast-2.amazonaws.com | |
| echo "π Creating project directory..." | |
| mkdir -p ~/my-memory/memory-backend | |
| cd ~/my-memory/memory-backend | |
| echo "π₯ Cloning or pulling latest code..." | |
| if [ ! -d ".git" ]; then | |
| git clone -b main https://github.com/${{ github.repository }}.git . | |
| else | |
| git fetch origin main | |
| git reset --hard origin/main | |
| fi | |
| echo "π Navigating to Docker directory..." | |
| cd memory-infra/docker/prod/onPromise | |
| echo "π¦ Checking and installing required tools..." | |
| if ! command -v jq &> /dev/null; then | |
| echo "Installing jq..." | |
| sudo apt-get update | |
| sudo apt-get install -y jq | |
| else | |
| echo "jq is already installed" | |
| fi | |
| echo "π Creating .env file..." | |
| SECRET_VALUES=$(aws secretsmanager get-secret-value --secret-id "prod/my-memory" --region ap-northeast-2 --query 'SecretString' --output text) | |
| cat << EOF > .env | |
| DB_URL=$(echo $SECRET_VALUES | jq -r '.DB_URL') | |
| DB_USERNAME=$(echo $SECRET_VALUES | jq -r '.DB_USERNAME') | |
| DB_PASSWORD=$(echo $SECRET_VALUES | jq -r '.DB_PASSWORD') | |
| SPRING_JPA_DDL_AUTO=$(echo $SECRET_VALUES | jq -r '.SPRING_JPA_DDL_AUTO') | |
| AWS_S3_ACCESS_KEY=$(echo $SECRET_VALUES | jq -r '.AWS_S3_ACCESS_KEY') | |
| AWS_S3_SECRET_KEY=$(echo $SECRET_VALUES | jq -r '.AWS_S3_SECRET_KEY') | |
| AWS_S3_BUCKET=$(echo $SECRET_VALUES | jq -r '.AWS_S3_BUCKET') | |
| AWS_S3_REGION=$(echo $SECRET_VALUES | jq -r '.AWS_S3_REGION') | |
| AWS_S3_ENDPOINT=$(echo $SECRET_VALUES | jq -r '.AWS_S3_ENDPOINT') | |
| JWT_TOKEN_SECRET=$(echo $SECRET_VALUES | jq -r '.JWT_TOKEN_SECRET') | |
| ELASTIC_URIS=$(echo $SECRET_VALUES | jq -r '.ELASTIC_URIS') | |
| ELASTIC_PASSWORD=$(echo $SECRET_VALUES | jq -r '.ELASTIC_PASSWORD') | |
| KIBANA_PASSWORD=$(echo $SECRET_VALUES | jq -r '.KIBANA_PASSWORD') | |
| EOF | |
| echo "π Stopping existing containers..." | |
| docker compose down || true | |
| echo "ποΈ Removing old images..." | |
| docker rmi 228749872437.dkr.ecr.ap-northeast-2.amazonaws.com/my_memory/memory:latest || true | |
| echo "π¦ Pulling latest image..." | |
| docker compose pull | |
| echo "π Setting up Elasticsearch data directory..." | |
| sudo mkdir -p data/elasticsearch-data | |
| sudo chown -R ubuntu:ubuntu data/elasticsearch-data | |
| sudo chmod -R 777 data/elasticsearch-data | |
| echo "π Starting new containers..." | |
| docker compose up -d | |
| echo "π Setting Kibana system user password..." | |
| docker exec memory-elasticsearch-prod curl -X POST "localhost:9200/_security/user/kibana_system/_password" \ | |
| -H "Content-Type: application/json" \ | |
| -u elastic:$(echo $SECRET_VALUES | jq -r '.ELASTIC_PASSWORD') \ | |
| -d "{\"password\": \"$(echo $SECRET_VALUES | jq -r '.KIBANA_PASSWORD')\"}" | |
| # Kibana μ¬μμ | |
| docker compose restart kibana | |
| echo "π₯ Health check..." | |
| for i in {1..30}; do | |
| if curl -f http://localhost:8080/health; then | |
| echo "β Application is healthy!" | |
| exit 0 | |
| fi | |
| echo "β³ Waiting for application to start... ($i/30)" | |
| sleep 10 | |
| done | |
| echo "β Application health check failed" | |
| exit 1 |