Fix: .env 파일에 Secret 저장 내용 추가 및 Docker 명령어에 sudo 적용 #12
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | |
| on: | |
| push: | |
| branches: [main] | |
| workflow_dispatch: | |
| env: | |
| GCP_REGION: asia-northeast3 | |
| AR_HOSTNAME: asia-northeast3-docker.pkg.dev | |
| AR_REPOSITORY: bitcoin-pipeline | |
| jobs: | |
| build-and-push: | |
| name: Build and Push Docker Images | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| strategy: | |
| matrix: | |
| service: [collector, processor] | |
| outputs: | |
| image_tag: ${{ steps.meta.outputs.tags }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Google Auth | |
| id: auth | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| credentials_json: ${{ secrets.GCP_SA_KEY }} | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v2 | |
| - name: Configure Docker for Artifact Registry | |
| run: gcloud auth configure-docker ${{ env.AR_HOSTNAME }} --quiet | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Extract metadata | |
| id: meta | |
| run: | | |
| echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
| echo "timestamp=$(date +%Y%m%d%H%M%S)" >> $GITHUB_OUTPUT | |
| - name: Build and push ${{ matrix.service }} | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./${{ matrix.service }}/Dockerfile | |
| push: true | |
| tags: | | |
| ${{ env.AR_HOSTNAME }}/${{ secrets.GCP_PROJECT_ID }}/${{ env.AR_REPOSITORY }}/${{ matrix.service }}:latest | |
| ${{ env.AR_HOSTNAME }}/${{ secrets.GCP_PROJECT_ID }}/${{ env.AR_REPOSITORY }}/${{ matrix.service }}:${{ steps.meta.outputs.sha_short }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| deploy: | |
| name: Deploy to GCE | |
| needs: build-and-push | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Google Auth | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| credentials_json: ${{ secrets.GCP_SA_KEY }} | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v2 | |
| - name: Deploy to GCE | |
| run: | | |
| gcloud compute ssh ${{ secrets.GCE_INSTANCE_NAME }} \ | |
| --zone=${{ secrets.GCP_ZONE }} \ | |
| --project=${{ secrets.GCP_PROJECT_ID }} \ | |
| --tunnel-through-iap \ | |
| --command=" | |
| if [ ! -d '~/BitCoin_DataPipeline' ]; then | |
| git clone https://github.com/${{ github.repository }}.git ~/BitCoin_DataPipeline | |
| fi | |
| cd ~/BitCoin_DataPipeline && \ | |
| git pull origin main && \ | |
| # Secret에 저장된 전체 내용을 .env 파일로 저장 | |
| echo \"${{ secrets.ENV_FILE }}\" > .env && \ | |
| sudo gcloud auth configure-docker ${{ env.AR_HOSTNAME }} --quiet && \ | |
| sudo docker compose pull && \ | |
| sudo docker compose down && \ | |
| sudo docker compose up -d | |
| " | |
| - name: Verify deployment | |
| run: | | |
| sleep 10 | |
| gcloud compute ssh ${{ secrets.GCE_INSTANCE_NAME }} \ | |
| --zone=${{ secrets.GCP_ZONE }} \ | |
| --project=${{ secrets.GCP_PROJECT_ID }} \ | |
| --tunnel-through-iap \ | |
| --command="cd ~/BitCoin_DataPipeline && sudo docker compose ps" |