From e57580fed235da5819120a76df1b053157328a97 Mon Sep 17 00:00:00 2001
From: CHAN <150508884+zerochani@users.noreply.github.com>
Date: Thu, 22 Jan 2026 16:31:00 +0900
Subject: [PATCH] =?UTF-8?q?[FIX]:=20GitHub=20Actions=20SSH=20=ED=8F=AC?=
 =?UTF-8?q?=ED=8A=B8=20=EC=9E=84=EC=8B=9C=20=EC=98=A4=ED=94=88/=ED=9A=8C?=
 =?UTF-8?q?=EC=88=98=20=EB=A1=9C=EC=A7=81=20=EC=A0=95=EB=A6=AC?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .github/workflows/deploy.yml | 44 +++++++++++++++++++++++++++++-------
 1 file changed, 36 insertions(+), 8 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 79f60cb..ccd1ff9 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -48,17 +48,38 @@ jobs:
       - name: 도커 이미지 푸시
         run: docker push ${{ secrets.DOCKERHUB_USERNAME }}/eatsfine-be:latest
 
-      - name: EC2 배포
+      - name: GitHub Actions 실행자 IP 얻어오기
+        id: GITHUB_ACTIONS_IP
+        uses: haythem/public-ip@v1.3
+
+      - name: AWS CLI 설정
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: GitHub Actions - SSH 포트 임시 오픈
+        run: |
+          aws ec2 authorize-security-group-ingress \
+            --group-id ${{ secrets.EC2_SECURITY_GROUP_ID }} \
+            --ip-permissions \
+            'IpProtocol=tcp,FromPort=${{ secrets.EC2_SSH_PORT }},ToPort=${{ secrets.EC2_SSH_PORT }},IpRanges=[{CidrIp=${{ steps.GITHUB_ACTIONS_IP.outputs.ipv4 }}/32}]'
+
+      - name: SSH Key 설정
         run: |
-          
           mkdir -p ~/.ssh
           echo "${{ secrets.EC2_SSH_KEY }}" > ~/.ssh/eatsfine-ec2-key.pem
           chmod 600 ~/.ssh/eatsfine-ec2-key.pem
-          
-          ssh -o StrictHostKeyChecking=no \
-            -i <(echo "${{ secrets.EC2_SSH_KEY }}") \
-            ${{ secrets.EC2_USERNAME }}@${{ secrets.LIVE_SERVER_IP }} << 'EOF'
-          
+          echo "Host eatsfine-ec2" >> ~/.ssh/config
+          echo "  HostName ${{ secrets.LIVE_SERVER_IP }}" >> ~/.ssh/config
+          echo "  User ${{ secrets.EC2_USERNAME }}" >> ~/.ssh/config
+          echo "  IdentityFile ~/.ssh/eatsfine-ec2-key.pem" >> ~/.ssh/config
+          echo "  StrictHostKeyChecking no" >> ~/.ssh/config
+
+      - name: EC2 배포
+        run: |
+          ssh eatsfine-ec2 << 'EOF'
             set -e
             cd /home/ec2-user/deploy
           
@@ -68,4 +89,11 @@ jobs:
             docker compose up -d
           
             docker ps
-          EOF
\ No newline at end of file
+          EOF
+      - name: GitHub Actions - SSH 및 컨테이너 실제 포트 접근 권한 제거
+        if: always()
+        run: |
+            aws ec2 revoke-security-group-ingress \
+              --group-id ${{ secrets.EC2_SECURITY_GROUP_ID }} \
+              --ip-permissions \
+                'IpProtocol=tcp,FromPort=${{ secrets.EC2_SSH_PORT }},ToPort=${{ secrets.EC2_SSH_PORT }},IpRanges=[{CidrIp=${{ steps.GITHUB_ACTIONS_IP.outputs.ipv4 }}/32}]'
\ No newline at end of file