From 05081f08ce9122abe116748d6abdd3ed8d7eeb38 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EA=B9=80=EB=AA=85=EC=A4=80?= <86913355+mjj111@users.noreply.github.com> Date: Fri, 9 May 2025 13:38:07 +0900 Subject: [PATCH 1/3] =?UTF-8?q?[IDLE-572]=20prod=208081,=20dev=208082?= =?UTF-8?q?=EB=A1=9C=20=ED=8F=AC=ED=8A=B8=20=EB=B3=80=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/prod-server-deployer.yaml | 2 +- idle-presentation/compose-dev.yaml | 2 +- idle-presentation/src/main/resources/application.yml | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/prod-server-deployer.yaml b/.github/workflows/prod-server-deployer.yaml index 6c9880f8..fb333b8a 100644 --- a/.github/workflows/prod-server-deployer.yaml +++ b/.github/workflows/prod-server-deployer.yaml @@ -134,7 +134,7 @@ jobs: fi sudo docker run --name caremeet_server_prod --env-file ./app/docker/.env \ -e SPRING_PROFILES_ACTIVE=prod \ - -d -p 8080:8080 public.ecr.aws/e4z1s9l7/caremeet:latest + -d -p 8081:8081 public.ecr.aws/e4z1s9l7/caremeet:latest EOF ssh -S my-cicd-socket -O exit ec2-user@${{ vars.BASTION_HOST }} rm -f private_key.pem diff --git a/idle-presentation/compose-dev.yaml b/idle-presentation/compose-dev.yaml index c3ce62df..0934a0e8 100644 --- a/idle-presentation/compose-dev.yaml +++ b/idle-presentation/compose-dev.yaml @@ -11,7 +11,7 @@ services: env_file: - .env ports: - - "8080:8080" + - "8082:8082" depends_on: - mysql - redis diff --git a/idle-presentation/src/main/resources/application.yml b/idle-presentation/src/main/resources/application.yml index 24f292d7..8cdc458d 100644 --- a/idle-presentation/src/main/resources/application.yml +++ b/idle-presentation/src/main/resources/application.yml @@ -1,5 +1,5 @@ server: - port: 8080 + port: ${SERVER_PORT:8080} shutdown: graceful spring: From b0a1000c9edfa2bd798b068ee8ae7267c42c0933 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EA=B9=80=EB=AA=85=EC=A4=80?= <86913355+mjj111@users.noreply.github.com> Date: Fri, 9 May 2025 13:38:55 +0900 Subject: [PATCH 2/3] =?UTF-8?q?[IDLE-572]=20mysql=20=EC=BB=A8=ED=85=8C?= =?UTF-8?q?=EC=9D=B4=EB=84=88=20=EC=83=9D=EC=84=B1=EC=8B=9C,=20dev?= =?UTF-8?q?=EC=9A=A9=20=EB=8D=B0=EC=9D=B4=ED=84=B0=EB=B2=A0=EC=9D=B4?= =?UTF-8?q?=EC=8A=A4=20=EC=83=9D=EC=84=B1=20=EC=BB=A4=EB=A7=A8=EB=93=9C=20?= =?UTF-8?q?=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- idle-presentation/compose-dev.yaml | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/idle-presentation/compose-dev.yaml b/idle-presentation/compose-dev.yaml index 0934a0e8..e33b7bca 100644 --- a/idle-presentation/compose-dev.yaml +++ b/idle-presentation/compose-dev.yaml @@ -1,4 +1,5 @@ version: '3.8' + services: spring: image: public.ecr.aws/${ECR_REGISTRY_ALIAS}/caremeet:${VERSION:-latest} @@ -16,20 +17,26 @@ services: - mysql - redis networks: - - redis-caremeet-net - - mysql-caremeet-net + - caremeet-net mysql: image: mysql:8.0.33 container_name: mysql_dev environment: - MYSQL_DATABASE: caremeet MYSQL_ROOT_PASSWORD: ${DB_PASSWORD} TZ: Asia/Seoul + command: > + bash -c "docker-entrypoint.sh mysqld & + sleep 10 && + mysql -u root -p${DB_PASSWORD} -e 'CREATE DATABASE IF NOT EXISTS \`caremeet\`;' && + mysql -u root -p${DB_PASSWORD} -e 'CREATE DATABASE IF NOT EXISTS \`caremeet-dev\`;' && + wait" ports: - "3306:3306" + volumes: + - mysql-volume:/var/lib/mysql networks: - - mysql-caremeet-net + - caremeet-net redis: image: redis:7.2.5 @@ -43,12 +50,10 @@ services: - redis-volume:/data restart: unless-stopped networks: - - redis-caremeet-net + - caremeet-net networks: - mysql-caremeet-net: - driver: bridge - redis-caremeet-net: + caremeet-net: driver: bridge volumes: From 1e8ed024fb75e5b191a120e788e5ed3728775fd9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EA=B9=80=EB=AA=85=EC=A4=80?= <86913355+mjj111@users.noreply.github.com> Date: Fri, 9 May 2025 14:30:53 +0900 Subject: [PATCH 3/3] =?UTF-8?q?[IDLE-572]=20=ED=99=88=EC=84=9C=EB=B2=84=20?= =?UTF-8?q?=EB=B0=B0=ED=8F=AC=EB=A1=9C=20=EC=8A=A4=ED=81=AC=EB=A6=BD?= =?UTF-8?q?=ED=8A=B8=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/dev-server-deployer.yaml | 23 ---- .github/workflows/prod-server-deployer.yaml | 139 ++++++-------------- 2 files changed, 37 insertions(+), 125 deletions(-) diff --git a/.github/workflows/dev-server-deployer.yaml b/.github/workflows/dev-server-deployer.yaml index 1250645d..eefac28b 100644 --- a/.github/workflows/dev-server-deployer.yaml +++ b/.github/workflows/dev-server-deployer.yaml @@ -28,21 +28,6 @@ jobs: response=$(curl -s canhazip.com) echo "ip=$response" >> "$GITHUB_OUTPUT" - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: 'ap-northeast-2' - - - name: Add GitHub Actions IP - run: | - aws ec2 authorize-security-group-ingress \ - --group-id ${{ secrets.SECURITY_GROUP_ID }} \ - --protocol tcp \ - --port 22 \ - --cidr ${{ steps.publicip.outputs.ip }}/32 - - name: Copy Docker Compose file to server uses: appleboy/scp-action@master with: @@ -100,11 +85,3 @@ jobs: echo "${{ secrets.DOCKER_PASSWORD }}" | sudo docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin sudo docker-compose -f ~/app/docker/idle-presentation/compose-dev.yaml pull sudo docker-compose -f ~/app/docker/idle-presentation/compose-dev.yaml up -d --force-recreate - - - name: Remove GitHub Actions IP - run: | - aws ec2 revoke-security-group-ingress \ - --group-id ${{ secrets.SECURITY_GROUP_ID }} \ - --protocol tcp \ - --port 22 \ - --cidr ${{ steps.publicip.outputs.ip }}/32 diff --git a/.github/workflows/prod-server-deployer.yaml b/.github/workflows/prod-server-deployer.yaml index fb333b8a..ecf5d0ce 100644 --- a/.github/workflows/prod-server-deployer.yaml +++ b/.github/workflows/prod-server-deployer.yaml @@ -1,9 +1,6 @@ name: Production Server Deployer (CD) -on: - push: - branches: - - main +on: workflow_dispatch jobs: deploy: runs-on: ubuntu-latest @@ -31,118 +28,56 @@ jobs: response=$(curl -s canhazip.com) echo "ip=$response" >> "$GITHUB_OUTPUT" - - name: Configure AWS Credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} - aws-region: 'ap-northeast-2' - - - name: Add GitHub Actions IP - run: | - aws ec2 authorize-security-group-ingress \ - --group-id ${{ secrets.SECURITY_GROUP_ID }} \ - --protocol tcp \ - --port 22 \ - --cidr ${{ steps.publicip.outputs.ip }}/32 - - - name: SSH to Bastion and Install Docker if not present on Production server + - name: Install Docker if not present uses: appleboy/ssh-action@v1.0.3 with: - host: ${{ vars.BASTION_HOST }} - username: ${{ vars.BASTION_USERNAME }} + host: ${{ vars.INSTANCE_HOST }} + username: ${{ vars.INSTANCE_USERNAME }} key: ${{ secrets.INSTANCE_PEM_KEY }} script: | - if [ ! -f private_key.pem ]; then - echo "${{ secrets.INSTANCE_PEM_KEY }}" > private_key.pem - chmod 600 private_key.pem + if ! command -v docker >/dev/null 2>&1; then + echo "Installing Docker..." + sudo apt-get update + sudo apt-get install -y docker.io + else + echo "Docker already installed." + fi + if ! command -v docker-compose >/dev/null 2>&1; then + echo "Installing Docker Compose..." + sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose + sudo chmod +x /usr/local/bin/docker-compose + else + echo "Docker Compose already installed." fi - ssh -f -N -M -S my-cicd-socket -o StrictHostKeyChecking=no -i private_key.pem -L 2222:${{ vars.INSTANCE_HOST }}:22 ec2-user@${{ vars.BASTION_HOST }} - ssh -o StrictHostKeyChecking=no -i private_key.pem -p 2222 ubuntu@localhost << 'EOF' - echo "Connected to Private Subnet productionServer via SSH Tunneling" - if ! command -v docker >/dev/null 2>&1; then - echo "Installing Docker..." - sudo apt-get update - sudo apt-get install -y docker.io - else - echo "Docker already installed." - fi - if ! command -v docker-compose >/dev/null 2>&1; then - echo "Installing Docker Compose..." - sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose - sudo chmod +x /usr/local/bin/docker-compose - else - echo "Docker Compose already installed." - fi - EOF - ssh -S my-cicd-socket -O exit ec2-user@${{ vars.BASTION_HOST }} - rm -f private_key.pem - name: Configuration Env file uses: appleboy/ssh-action@master + env: + VARS_CONTEXT: ${{ toJson(vars) }} + SECRETS_CONTEXT: ${{ toJson(secrets) }} with: - host: ${{ vars.BASTION_HOST }} - username: ${{ vars.BASTION_USERNAME }} + host: ${{ vars.INSTANCE_HOST }} + username: ${{ vars.INSTANCE_USERNAME }} key: ${{ secrets.INSTANCE_PEM_KEY }} + envs: VARS_CONTEXT,SECRETS_CONTEXT script: | - if [ ! -f private_key.pem ]; then - echo "${{ secrets.INSTANCE_PEM_KEY }}" > private_key.pem - chmod 600 private_key.pem - fi - ssh -f -N -M -S my-cicd-socket -o StrictHostKeyChecking=no -i private_key.pem -L 2222:${{ vars.INSTANCE_HOST }}:22 ec2-user@${{ vars.BASTION_HOST }} - ssh -o StrictHostKeyChecking=no -i private_key.pem -p 2222 ubuntu@localhost << 'EOF' - echo "Connected to Private Subnet productionServer via SSH Tunneling" - cd ~/app/docker - - echo "VARS_CONTEXT: ${{ toJson(vars) }}" - echo "SECRETS_CONTEXT: ${{ toJson(secrets) }}" + cd ~/app/docker/idle-presentation + jq -s '.[0] * .[1]' <(echo "$VARS_CONTEXT") <(echo "$SECRETS_CONTEXT") \ + | jq -r 'to_entries | map(select(.key != "INSTANCE_PEM_KEY")) | map("\(.key)=\(.value)") | .[]' > .env - VARS_CONTEXT_JSON='${{ toJson(vars) }}' - SECRETS_CONTEXT_JSON='${{ toJson(secrets) }}' - - echo "$VARS_CONTEXT_JSON" > vars_context.json - echo "$SECRETS_CONTEXT_JSON" > secrets_context.json - - jq -s '.[0] * .[1]' vars_context.json secrets_context.json \ - | jq -r 'to_entries | map(select(.key != "INSTANCE_PEM_KEY")) | map("\(.key)=\(.value)") | .[]' > .env - - echo ".env file generated:" - cat .env - EOF - ssh -S my-cicd-socket -O exit ec2-user@${{ vars.BASTION_HOST }} - rm -f private_key.pem - - - name: SSH to Bastion and deploy to Production server + - name: Deploy to Production server uses: appleboy/ssh-action@master with: - host: ${{ vars.BASTION_HOST }} - username: ${{ vars.BASTION_USERNAME }} + host: ${{ vars.INSTANCE_HOST }} + username: ${{ vars.INSTANCE_USERNAME }} key: ${{ secrets.INSTANCE_PEM_KEY }} script: | - if [ ! -f private_key.pem ]; then - echo "${{ secrets.INSTANCE_PEM_KEY }}" > private_key.pem - chmod 600 private_key.pem + sudo docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} + sudo docker pull public.ecr.aws/e4z1s9l7/caremeet:latest + if [ $(sudo docker ps -q -f name=caremeet_server_prod) ]; then + sudo docker stop caremeet_server_prod + sudo docker rm caremeet_server_prod fi - ssh -f -N -M -S my-cicd-socket -o StrictHostKeyChecking=no -i private_key.pem -L 2222:${{ vars.INSTANCE_HOST }}:22 ec2-user@${{ vars.BASTION_HOST }} - ssh -o StrictHostKeyChecking=no -i private_key.pem -p 2222 ubuntu@localhost << 'EOF' - echo "Connected to Private Subnet productionServer via SSH Tunneling" - sudo docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }} - sudo docker pull public.ecr.aws/e4z1s9l7/caremeet:latest - if [ $(sudo docker ps -q -f name=caremeet_server_prod) ]; then - sudo docker stop caremeet_server_prod - sudo docker rm caremeet_server_prod - fi - sudo docker run --name caremeet_server_prod --env-file ./app/docker/.env \ - -e SPRING_PROFILES_ACTIVE=prod \ - -d -p 8081:8081 public.ecr.aws/e4z1s9l7/caremeet:latest - EOF - ssh -S my-cicd-socket -O exit ec2-user@${{ vars.BASTION_HOST }} - rm -f private_key.pem - - - name: Remove GitHub Actions IP - run: | - aws ec2 revoke-security-group-ingress \ - --group-id ${{ secrets.SECURITY_GROUP_ID }} \ - --protocol tcp \ - --port 22 \ - --cidr ${{ steps.publicip.outputs.ip }}/32 \ No newline at end of file + sudo docker run --name caremeet_server_prod --env-file ./app/docker/.env \ + -e SPRING_PROFILES_ACTIVE=prod \ + -d -p 8081:8081 public.ecr.aws/e4z1s9l7/caremeet:latest \ No newline at end of file