solid-connect-server/.github/workflows/dev-cd.yml at 898d594f40332ef6f69698dd5710084f6f301e64 · Hexeong/solid-connect-server · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
name: "[DEV] Build Gradle and Deploy"

on:
  push:
    branches: [ "develop" ]
  workflow_dispatch:

jobs:
  build-gradle:
    runs-on: ubuntu-latest
    permissions:
      contents: read
      packages: write

    steps:
      - name: Checkout the code
        uses: actions/checkout@v4
        with:
          token: ${{ secrets.SUBMODULE_ACCESS_TOKEN }}
          submodules: true

      # --- Java, Gradle 설정 ---
      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: 'temurin'
      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@v3
      - name: Grant execute permission for Gradle wrapper(gradlew)
        run: chmod +x ./gradlew
      - name: Build with Gradle
        run: ./gradlew bootJar

      # --- Docker 설정 ---
      - name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v3
        with:
          platforms: linux/arm64
      - name: Log in to GitHub Container Registry (GHCR)
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ github.repository_owner }}
          password: ${{ secrets.GITHUB_TOKEN }}

      # --- 2. 이미지 메타데이터(이름, 태그) 정의 ---
      # 빌드/푸시 단계와 SSH 단계에서 공통으로 사용할 변수를 미리 정의합니다.
      - name: Define image name and tag
        id: image_meta
        run: |
          OWNER_LOWERCASE=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')
          IMAGE_TAG=$(date +'%Y%m%d-%H%M%S')
          echo "image_name=ghcr.io/${OWNER_LOWERCASE}/solid-connection-dev" >> $GITHUB_OUTPUT
          echo "image_tag=${IMAGE_TAG}" >> $GITHUB_OUTPUT

      # --- 3. Docker 이미지 빌드, 푸시, 캐시 ---
      # 'docker/build-push-action'을 사용하여 캐시 옵션을 적용합니다.
      - name: Build, push, and cache Docker image
        uses: docker/build-push-action@v5
        with:
          context: .
          platforms: linux/arm64
          push: true
          tags: ${{ format('{0}:{1}', steps.image_meta.outputs.image_name, steps.image_meta.outputs.image_tag) }}
          cache-from: type=registry,ref=${{ steps.image_meta.outputs.image_name }}:buildcache
          cache-to: type=registry,ref=${{ steps.image_meta.outputs.image_name }}:buildcache,mode=max

      # --- 4. 설정 파일들만 scp로 전송 ---
      - name: Copy config files to remote
        run: |
          echo "${{ secrets.DEV_PRIVATE_KEY }}" > deploy_key.pem
          chmod 600 deploy_key.pem

          scp -i deploy_key.pem \
            -o StrictHostKeyChecking=no \
            ./docker-compose.dev.yml \
            ./docs/infra-config/config.alloy \
            ./docs/infra-config/nginx.dev.conf \
            ${{ secrets.DEV_USERNAME }}@${{ secrets.DEV_HOST }}:/home/${{ secrets.DEV_USERNAME }}/solid-connection-dev/

      # --- 5. 서버에서 'docker pull' 및 서비스 재시작 ---
      - name: Run docker compose and apply nginx config
        run: |
          echo "${{ secrets.DEV_PRIVATE_KEY }}" > deploy_key_ssh.pem
          chmod 600 deploy_key_ssh.pem

          ssh -i deploy_key_ssh.pem \
           -o StrictHostKeyChecking=no \
           ${{ secrets.DEV_USERNAME }}@${{ secrets.DEV_HOST }} \
           '
            set -e

            # [수정] 1. 변수를 'image_meta' 단계의 출력값에서 가져옴
            export OWNER_LOWERCASE=$(echo "${{ github.repository_owner }}" | tr '[:upper:]' '[:lower:]')
            export IMAGE_TAG_ONLY=${{ steps.image_meta.outputs.image_tag }}
            export FULL_IMAGE_NAME="ghcr.io/${OWNER_LOWERCASE}/solid-connection-dev:${IMAGE_TAG_ONLY}"

            # 2. 서버가 GHCR에 로그인 (pull 받기 위해)
            echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u ${{ github.repository_owner }} --password-stdin

            # 3. docker pull (전체 이미지 이름 사용)
            echo "Pulling new image layer from GHCR..."
            docker pull $FULL_IMAGE_NAME

            # 4. 작업 디렉토리로 이동 및 Nginx 설정 이동
            cd /home/${{ secrets.DEV_USERNAME }}/solid-connection-dev
            mkdir -p ./nginx
            mv ./nginx.dev.conf ./nginx/default.conf

            # 5. Nginx 재시작
            sudo cp ./nginx/default.conf /etc/nginx/conf.d/default.conf
            sudo nginx -t
            sudo nginx -s reload

            # 6. Docker Compose 재시작
            echo "Restarting Docker Compose with tag: $IMAGE_TAG_ONLY"
            docker compose -f docker-compose.dev.yml down
            OWNER_LOWERCASE=$OWNER_LOWERCASE IMAGE_TAG=$IMAGE_TAG_ONLY docker compose -f docker-compose.dev.yml up -d

            # 7. <none> 이미지 정리
            echo "Pruning dangling docker images..."
            docker image prune -f

            echo "Deploy and Docker Compose restart finished."
           '

      # --- 6. 이미지 정리 ---
      - name: Clean up old image versions from GHCR
        if: success()
        uses: snok/container-retention-policy@v2
        with:
          token: ${{ secrets.GITHUB_TOKEN }}
          image-names: solid-connection
          delete-untagged: true
          keep-n-tags: 5
          account-type: org
          org-name: ${{ github.repository_owner }}
          cut-off: '7 days ago UTC'