Merge pull request #65 from Joseonpaldo/minseok #93
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Docker React App | |
on: | |
push: | |
branches: [ "main" ] | |
jobs: | |
build-and-deploy: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
- name: Get public IP address | |
id: get_ip | |
run: | | |
PUBLIC_IP=$(curl -s https://api.ipify.org) | |
echo "PUBLIC_IP=$PUBLIC_IP" >> $GITHUB_ENV | |
- name: Get Hash | |
id: get_hash | |
run: | | |
COMMIT_HASH=$(git rev-parse --short HEAD) | |
echo "COMMIT_HASH=${COMMIT_HASH}" >> $GITHUB_ENV | |
- name: Set up Node.js | |
uses: actions/setup-node@v3 | |
with: | |
node-version: '20' | |
- name: Install pnpm | |
run: npm install -g pnpm | |
- name: Install dependencies | |
run: pnpm install | |
- name: Build Next.js app | |
run: pnpm build | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v1 | |
- name: Login to Docker registry | |
uses: docker/login-action@v1 | |
with: | |
registry: ${{ secrets.REGISTRY_URL }} | |
username: ${{ secrets.NAVER_ACESSKEY }} | |
password: ${{ secrets.NAVER_SECRETKEY }} | |
- name: Build and push Docker image | |
uses: docker/build-push-action@v3 | |
with: | |
context: . | |
push: true | |
tags: ${{ secrets.REGISTRY_URL }}/joseonpaldo-react:${{ env.COMMIT_HASH }} | |
- name: Set up Naver CLI | |
run: | | |
cd ~ | |
curl -L https://www.ncloud.com/api/support/download/files/cli/CLI_1.1.20_20240620.zip -o CLI_1.1.20_20240620.zip | |
unzip CLI_1.1.20_20240620.zip | |
cd ./CLI_1.1.20_20240620/cli_linux | |
chmod +x ncloud | |
echo "${{ secrets.NAVER_ACESSKEY }}" > input.txt | |
echo "${{ secrets.NAVER_SECRETKEY }}" >> input.txt | |
echo "" >> input.txt | |
cat input.txt | ./ncloud configure | |
- name: Add ACG rule for deploy server | |
run: | | |
cd ~/CLI_1.1.20_20240620/cli_linux | |
./ncloud vserver addAccessControlGroupInboundRule --regionCode KR --vpcNo ${{ secrets.NAVER_VPC }} --accessControlGroupNo ${{ secrets.NAVER_ACG_NO }} --accessControlGroupRuleList "protocolTypeCode='TCP', ipBlock='${{ env.PUBLIC_IP }}/32', portRange='22'" | |
- name: SSH and deploy 001 | |
uses: appleboy/ssh-action@master | |
with: | |
host: ${{ secrets.SERVER_IP_001 }} | |
username: ${{ secrets.SERVER_USERNAME }} | |
password: ${{ secrets.SERVER_PASSWORD }} | |
script: | | |
docker login -u ${{ secrets.NAVER_ACESSKEY }} -p ${{ secrets.NAVER_SECRETKEY }} ${{ secrets.REGISTRY_URL }} | |
docker pull ${{ secrets.REGISTRY_URL }}/joseonpaldo-react:${{ env.COMMIT_HASH }} | |
docker stop joseonpaldo-front || true | |
docker rm joseonpaldo-front || true | |
docker run -d -p 3000:3000 --name joseonpaldo-front ${{ secrets.REGISTRY_URL }}/joseonpaldo-react:${{ env.COMMIT_HASH }} | |
docker images --format '{{.Repository}}:{{.Tag}}' | grep joseonpaldo-react | grep -v "${{ env.COMMIT_HASH }}" | xargs -r docker rmi || true | |
# - name: Wait for 90sec | |
# run: sleep 90 | |
- name: SSH and deploy 002 | |
uses: appleboy/ssh-action@master | |
with: | |
host: ${{ secrets.SERVER_IP_002 }} | |
username: ${{ secrets.SERVER_USERNAME }} | |
password: ${{ secrets.SERVER_PASSWORD }} | |
script: | | |
docker login -u ${{ secrets.NAVER_ACESSKEY }} -p ${{ secrets.NAVER_SECRETKEY }} ${{ secrets.REGISTRY_URL }} | |
docker pull ${{ secrets.REGISTRY_URL }}/joseonpaldo-react:${{ env.COMMIT_HASH }} | |
docker stop joseonpaldo-front || true | |
docker rm joseonpaldo-front || true | |
docker run -d -p 3000:3000 --name joseonpaldo-front ${{ secrets.REGISTRY_URL }}/joseonpaldo-react:${{ env.COMMIT_HASH }} | |
docker images --format '{{.Repository}}:{{.Tag}}' | grep joseonpaldo-react | grep -v "${{ env.COMMIT_HASH }}" | xargs -r docker rmi || true | |
- name: Remove ACG inbound rule created | |
run: | | |
cd ~/CLI_1.1.20_20240620/cli_linux | |
./ncloud vserver removeAccessControlGroupInboundRule --regionCode KR --vpcNo ${{ secrets.NAVER_VPC }} --accessControlGroupNo ${{ secrets.NAVER_ACG_NO }} --accessControlGroupRuleList "protocolTypeCode='TCP', ipBlock='${{ env.PUBLIC_IP }}/32', portRange='22'" |