#51 - ssl certbot 컨테이너화 #61
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build, Push, and Deploy Docker images | |
| on: | |
| push: | |
| branches: [ main ] | |
| pull_request: | |
| branches: [ main ] | |
| jobs: | |
| build_and_push: | |
| name: Build and Push Docker images | |
| runs-on: ubuntu-22.04 | |
| outputs: | |
| VERSION: ${{ steps.set_version.outputs.VERSION }} | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v3 | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v2 | |
| with: | |
| username: ${{ secrets.DOCKER_USERNAME }} | |
| password: ${{ secrets.DOCKER_PASSWORD }} | |
| - name: Set version to current date | |
| id: set_version | |
| shell: bash | |
| run: | | |
| VERSION=$(TZ=Asia/Seoul date +'%Y%m%d%H%M%S') | |
| echo "VERSION=$VERSION" >> $GITHUB_ENV | |
| echo "VERSION=$VERSION" >> $GITHUB_OUTPUT | |
| - name: Build, tag, and push backend image | |
| run: | | |
| IMAGE_TAG=$VERSION | |
| docker build -t ${{ secrets.DOCKER_USERNAME }}/${{ secrets.REPO_NAME }}-backend:$IMAGE_TAG ./backend | |
| echo "Pushing backend image to Docker Hub..." | |
| docker push ${{ secrets.DOCKER_USERNAME }}/${{ secrets.REPO_NAME }}-backend:$IMAGE_TAG | |
| echo "backend_image=${{ secrets.DOCKER_USERNAME }}/${{ secrets.REPO_NAME }}-backend:$IMAGE_TAG" | |
| - name: Build, tag, and push frontend image | |
| run: | | |
| IMAGE_TAG=$VERSION | |
| docker build --no-cache -t ${{ secrets.DOCKER_USERNAME }}/${{ secrets.REPO_NAME }}-frontend:$IMAGE_TAG --build-arg DOMAIN=${{ secrets.DOMAIN }} ./frontend | |
| echo "Pushing frontend image to Docker Hub..." | |
| docker push ${{ secrets.DOCKER_USERNAME }}/${{ secrets.REPO_NAME }}-frontend:$IMAGE_TAG | |
| echo "frontend_image=${{ secrets.DOCKER_USERNAME }}/${{ secrets.REPO_NAME }}-frontend:$IMAGE_TAG" | |
| deploy: | |
| name: Deploy to personal server | |
| runs-on: ubuntu-latest | |
| needs: build_and_push | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| - name: Setup SSH | |
| uses: webfactory/ssh-agent@v0.5.3 | |
| with: | |
| ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }} | |
| - name: Create .env file | |
| run: | | |
| VERSION="${{ needs.build_and_push.outputs.VERSION }}" | |
| echo "BACKEND_PORT=${{ secrets.BACKEND_PORT }}" >> .env | |
| echo "FRONTEND_PORT=${{ secrets.FRONTEND_PORT }}" >> .env | |
| echo "POSTGIS_PORT=${{ secrets.POSTGIS_PORT }}" >> .env | |
| echo "PGADMIN_PORT=${{ secrets.PGADMIN_PORT }}" >> .env | |
| echo "GEOSERVER_PORT=${{ secrets.GEOSERVER_PORT }}" >> .env | |
| echo "POSTGRES_USER=${{ secrets.POSTGRES_USER }}" >> .env | |
| echo "POSTGRES_PASSWORD=${{ secrets.POSTGRES_PASSWORD }}" >> .env | |
| echo "POSTGRES_DB=${{ secrets.POSTGRES_DB }}" >> .env | |
| echo "POSTGRES_HOST=${{ secrets.POSTGRES_HOST }}" >> .env | |
| echo "PGADMIN_DEFAULT_EMAIL=${{ secrets.PGADMIN_DEFAULT_EMAIL }}" >> .env | |
| echo "PGADMIN_DEFAULT_PASSWORD=${{ secrets.PGADMIN_DEFAULT_PASSWORD }}" >> .env | |
| echo "GEOSERVER_ADMIN_PASSWORD=${{ secrets.GEOSERVER_ADMIN_PASSWORD }}" >> .env | |
| echo "VWORLD_KEY=${{ secrets.VWORLD_KEY }}" >> .env | |
| echo "FRCN_RENT_INFO_KEY=${{ secrets.FRCN_RENT_INFO_KEY }}" >> .env | |
| echo "VITE_BACKEND_URL=${{ secrets.VITE_BACKEND_URL }}" >> .env | |
| echo "VITE_GEOSERVER_URL=${{ secrets.VITE_GEOSERVER_URL }}" >> .env | |
| echo "VITE_PGADMIN_URL=${{ secrets.VITE_PGADMIN_URL }}" >> .env | |
| echo "DOCKER_USERNAME=${{ secrets.DOCKER_USERNAME }}" >> .env | |
| echo "REPO_NAME=${{ secrets.REPO_NAME }}" >> .env | |
| echo "VERSION=$VERSION" >> .env | |
| echo "DOMAIN=${{ secrets.DOMAIN }}" >> .env | |
| echo "VITE_DOMAIN=${{ secrets.DOMAIN }}" >> .env | |
| - name: Copy files via SSH | |
| run: | | |
| scp -P ${{ secrets.SSH_PORT }} -o StrictHostKeyChecking=no docker-compose.yml .env init-letsencrypt.sh ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_HOST }}:/home/${{ secrets.SSH_USERNAME }}/ | |
| - name: Make init-letsencrypt.sh executable via SSH | |
| run: | | |
| ssh -p ${{ secrets.SSH_PORT }} -o StrictHostKeyChecking=no ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_HOST }} "chmod +x /home/${{ secrets.SSH_USERNAME }}/init-letsencrypt.sh" | |
| - name: Create remote script via SSH | |
| run: | | |
| ssh -p ${{ secrets.SSH_PORT }} -o StrictHostKeyChecking=no ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_HOST }} << 'EOF' | |
| echo '#!/bin/bash | |
| set -e | |
| cd /home/${{ secrets.SSH_USERNAME }} | |
| ./init-letsencrypt.sh ${{ secrets.DOMAIN }} | |
| docker-compose pull | |
| docker-compose up -d --remove-orphans | |
| docker image prune -f | |
| docker images --format "{{.Repository}}:{{.Tag}}" | grep "${{ secrets.DOCKER_USERNAME }}/${{ secrets. REPO_NAME }}-frontend" | sort -t: -k2 -r | tail -n +2 | awk -F: "{print \$1 \\":\" \$2}" | xargs -r docker rmi -f | |
| docker images --format "{{.Repository}}:{{.Tag}}" | grep "${{ secrets.DOCKER_USERNAME }}/${{ secrets.REPO_NAME }}-backend" | sort -t: -k2 -r | tail -n +2 | awk -F: "{print \$1 \\":\" \$2}" | xargs -r docker rmi -f | |
| ' > /home/${{ secrets.SSH_USERNAME }}/remote-script.sh | |
| chmod +x /home/${{ secrets.SSH_USERNAME }}/remote-script.sh | |
| EOF | |
| - name: Run remote script via SSH | |
| run: | | |
| ssh -T -p ${{ secrets.SSH_PORT }} -o StrictHostKeyChecking=no ${{ secrets.SSH_USERNAME }}@${{ secrets.SSH_HOST }} "/home/${{ secrets.SSH_USERNAME }}/remote-script.sh" |