Skip to content

[IDLE-572] 케어밋 서버를 홈 서버로 이전 #273

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
mjj111 merged 3 commits into from
May 9, 2025
Merged

[IDLE-572] 케어밋 서버를 홈 서버로 이전 #273

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
05081f0
[IDLE-572] prod 8081, dev 8082로 포트 변경
mjj111 May 9, 2025
b0a1000
[IDLE-572] mysql 컨테이너 생성시, dev용 데이터베이스 생성 커맨드 추가
mjj111 May 9, 2025
1e8ed02
[IDLE-572] 홈서버 배포로 스크립트 수정
mjj111 May 9, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
23 changes: 0 additions & 23 deletions .github/workflows/dev-server-deployer.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,21 +28,6 @@ jobs:
response=$(curl -s canhazip.com)
echo "ip=$response" >> "$GITHUB_OUTPUT"

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: 'ap-northeast-2'

- name: Add GitHub Actions IP
run: |
aws ec2 authorize-security-group-ingress \
--group-id ${{ secrets.SECURITY_GROUP_ID }} \
--protocol tcp \
--port 22 \
--cidr ${{ steps.publicip.outputs.ip }}/32

- name: Copy Docker Compose file to server
uses: appleboy/scp-action@master
with:
Expand Down Expand Up @@ -100,11 +85,3 @@ jobs:
echo "${{ secrets.DOCKER_PASSWORD }}" | sudo docker login -u ${{ secrets.DOCKER_USERNAME }} --password-stdin
sudo docker-compose -f ~/app/docker/idle-presentation/compose-dev.yaml pull
sudo docker-compose -f ~/app/docker/idle-presentation/compose-dev.yaml up -d --force-recreate

- name: Remove GitHub Actions IP
run: |
aws ec2 revoke-security-group-ingress \
--group-id ${{ secrets.SECURITY_GROUP_ID }} \
--protocol tcp \
--port 22 \
--cidr ${{ steps.publicip.outputs.ip }}/32
139 changes: 37 additions & 102 deletions .github/workflows/prod-server-deployer.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,9 +1,6 @@
name: Production Server Deployer (CD)

on:
push:
branches:
- main
on: workflow_dispatch
jobs:
deploy:
runs-on: ubuntu-latest
Expand Down Expand Up @@ -31,118 +28,56 @@ jobs:
response=$(curl -s canhazip.com)
echo "ip=$response" >> "$GITHUB_OUTPUT"

- name: Configure AWS Credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
aws-region: 'ap-northeast-2'

- name: Add GitHub Actions IP
run: |
aws ec2 authorize-security-group-ingress \
--group-id ${{ secrets.SECURITY_GROUP_ID }} \
--protocol tcp \
--port 22 \
--cidr ${{ steps.publicip.outputs.ip }}/32

- name: SSH to Bastion and Install Docker if not present on Production server
- name: Install Docker if not present
uses: appleboy/ssh-action@v1.0.3
with:
host: ${{ vars.BASTION_HOST }}
username: ${{ vars.BASTION_USERNAME }}
host: ${{ vars.INSTANCE_HOST }}
username: ${{ vars.INSTANCE_USERNAME }}
key: ${{ secrets.INSTANCE_PEM_KEY }}
script: |
if [ ! -f private_key.pem ]; then
echo "${{ secrets.INSTANCE_PEM_KEY }}" > private_key.pem
chmod 600 private_key.pem
if ! command -v docker >/dev/null 2>&1; then
echo "Installing Docker..."
sudo apt-get update
sudo apt-get install -y docker.io
else
echo "Docker already installed."
fi
if ! command -v docker-compose >/dev/null 2>&1; then
echo "Installing Docker Compose..."
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
else
echo "Docker Compose already installed."
fi
ssh -f -N -M -S my-cicd-socket -o StrictHostKeyChecking=no -i private_key.pem -L 2222:${{ vars.INSTANCE_HOST }}:22 ec2-user@${{ vars.BASTION_HOST }}
ssh -o StrictHostKeyChecking=no -i private_key.pem -p 2222 ubuntu@localhost << 'EOF'
echo "Connected to Private Subnet productionServer via SSH Tunneling"
if ! command -v docker >/dev/null 2>&1; then
echo "Installing Docker..."
sudo apt-get update
sudo apt-get install -y docker.io
else
echo "Docker already installed."
fi
if ! command -v docker-compose >/dev/null 2>&1; then
echo "Installing Docker Compose..."
sudo curl -L "https://github.com/docker/compose/releases/download/1.29.2/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
else
echo "Docker Compose already installed."
fi
EOF
ssh -S my-cicd-socket -O exit ec2-user@${{ vars.BASTION_HOST }}
rm -f private_key.pem

- name: Configuration Env file
uses: appleboy/ssh-action@master
env:
VARS_CONTEXT: ${{ toJson(vars) }}
SECRETS_CONTEXT: ${{ toJson(secrets) }}
with:
host: ${{ vars.BASTION_HOST }}
username: ${{ vars.BASTION_USERNAME }}
host: ${{ vars.INSTANCE_HOST }}
username: ${{ vars.INSTANCE_USERNAME }}
key: ${{ secrets.INSTANCE_PEM_KEY }}
envs: VARS_CONTEXT,SECRETS_CONTEXT
script: |
if [ ! -f private_key.pem ]; then
echo "${{ secrets.INSTANCE_PEM_KEY }}" > private_key.pem
chmod 600 private_key.pem
fi
ssh -f -N -M -S my-cicd-socket -o StrictHostKeyChecking=no -i private_key.pem -L 2222:${{ vars.INSTANCE_HOST }}:22 ec2-user@${{ vars.BASTION_HOST }}
ssh -o StrictHostKeyChecking=no -i private_key.pem -p 2222 ubuntu@localhost << 'EOF'
echo "Connected to Private Subnet productionServer via SSH Tunneling"
cd ~/app/docker

echo "VARS_CONTEXT: ${{ toJson(vars) }}"
echo "SECRETS_CONTEXT: ${{ toJson(secrets) }}"
cd ~/app/docker/idle-presentation
jq -s '.[0] * .[1]' <(echo "$VARS_CONTEXT") <(echo "$SECRETS_CONTEXT") \
| jq -r 'to_entries | map(select(.key != "INSTANCE_PEM_KEY")) | map("\(.key)=\(.value)") | .[]' > .env

VARS_CONTEXT_JSON='${{ toJson(vars) }}'
SECRETS_CONTEXT_JSON='${{ toJson(secrets) }}'

echo "$VARS_CONTEXT_JSON" > vars_context.json
echo "$SECRETS_CONTEXT_JSON" > secrets_context.json

jq -s '.[0] * .[1]' vars_context.json secrets_context.json \
| jq -r 'to_entries | map(select(.key != "INSTANCE_PEM_KEY")) | map("\(.key)=\(.value)") | .[]' > .env

echo ".env file generated:"
cat .env
EOF
ssh -S my-cicd-socket -O exit ec2-user@${{ vars.BASTION_HOST }}
rm -f private_key.pem

- name: SSH to Bastion and deploy to Production server
- name: Deploy to Production server
uses: appleboy/ssh-action@master
with:
host: ${{ vars.BASTION_HOST }}
username: ${{ vars.BASTION_USERNAME }}
host: ${{ vars.INSTANCE_HOST }}
username: ${{ vars.INSTANCE_USERNAME }}
key: ${{ secrets.INSTANCE_PEM_KEY }}
script: |
if [ ! -f private_key.pem ]; then
echo "${{ secrets.INSTANCE_PEM_KEY }}" > private_key.pem
chmod 600 private_key.pem
sudo docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
sudo docker pull public.ecr.aws/e4z1s9l7/caremeet:latest
if [ $(sudo docker ps -q -f name=caremeet_server_prod) ]; then
sudo docker stop caremeet_server_prod
sudo docker rm caremeet_server_prod
fi
ssh -f -N -M -S my-cicd-socket -o StrictHostKeyChecking=no -i private_key.pem -L 2222:${{ vars.INSTANCE_HOST }}:22 ec2-user@${{ vars.BASTION_HOST }}
ssh -o StrictHostKeyChecking=no -i private_key.pem -p 2222 ubuntu@localhost << 'EOF'
echo "Connected to Private Subnet productionServer via SSH Tunneling"
sudo docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
sudo docker pull public.ecr.aws/e4z1s9l7/caremeet:latest
if [ $(sudo docker ps -q -f name=caremeet_server_prod) ]; then
sudo docker stop caremeet_server_prod
sudo docker rm caremeet_server_prod
fi
sudo docker run --name caremeet_server_prod --env-file ./app/docker/.env \
-e SPRING_PROFILES_ACTIVE=prod \
-d -p 8080:8080 public.ecr.aws/e4z1s9l7/caremeet:latest
EOF
ssh -S my-cicd-socket -O exit ec2-user@${{ vars.BASTION_HOST }}
rm -f private_key.pem

- name: Remove GitHub Actions IP
run: |
aws ec2 revoke-security-group-ingress \
--group-id ${{ secrets.SECURITY_GROUP_ID }} \
--protocol tcp \
--port 22 \
--cidr ${{ steps.publicip.outputs.ip }}/32
sudo docker run --name caremeet_server_prod --env-file ./app/docker/.env \
-e SPRING_PROFILES_ACTIVE=prod \
-d -p 8081:8081 public.ecr.aws/e4z1s9l7/caremeet:latest
23 changes: 14 additions & 9 deletions idle-presentation/compose-dev.yaml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,4 +1,5 @@
version: '3.8'

services:
spring:
image: public.ecr.aws/${ECR_REGISTRY_ALIAS}/caremeet:${VERSION:-latest}
Expand All @@ -11,25 +12,31 @@ services:
env_file:
- .env
ports:
- "8080:8080"
- "8082:8082"
depends_on:
- mysql
- redis
networks:
- redis-caremeet-net
- mysql-caremeet-net
- caremeet-net

mysql:
image: mysql:8.0.33
container_name: mysql_dev
environment:
MYSQL_DATABASE: caremeet
MYSQL_ROOT_PASSWORD: ${DB_PASSWORD}
TZ: Asia/Seoul
command: >
bash -c "docker-entrypoint.sh mysqld &
sleep 10 &&
mysql -u root -p${DB_PASSWORD} -e 'CREATE DATABASE IF NOT EXISTS \`caremeet\`;' &&
mysql -u root -p${DB_PASSWORD} -e 'CREATE DATABASE IF NOT EXISTS \`caremeet-dev\`;' &&
wait"
ports:
- "3306:3306"
volumes:
- mysql-volume:/var/lib/mysql
networks:
- mysql-caremeet-net
- caremeet-net

redis:
image: redis:7.2.5
Expand All @@ -43,12 +50,10 @@ services:
- redis-volume:/data
restart: unless-stopped
networks:
- redis-caremeet-net
- caremeet-net

networks:
mysql-caremeet-net:
driver: bridge
redis-caremeet-net:
caremeet-net:
driver: bridge

volumes:
Expand Down
2 changes: 1 addition & 1 deletion idle-presentation/src/main/resources/application.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,5 @@
server:
port: 8080
port: ${SERVER_PORT:8080}
shutdown: graceful

spring:
Expand Down
Loading