Fix: GCP 키 파일 생성 방식을 Base64 디코딩으로 변경 및 키 파일 권한 설정 추가 #14
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy | |
| on: | |
| push: | |
| branches: [main] | |
| workflow_dispatch: | |
| env: | |
| GCP_REGION: asia-northeast3 | |
| AR_HOSTNAME: asia-northeast3-docker.pkg.dev | |
| AR_REPOSITORY: bitcoin-pipeline | |
| jobs: | |
| build-and-push: | |
| name: Build and Push Docker Images | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| id-token: write | |
| strategy: | |
| matrix: | |
| service: [collector, processor] | |
| outputs: | |
| image_tag: ${{ steps.meta.outputs.tags }} | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Google Auth | |
| id: auth | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| credentials_json: ${{ secrets.GCP_SA_KEY }} | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v2 | |
| - name: Configure Docker for Artifact Registry | |
| run: gcloud auth configure-docker ${{ env.AR_HOSTNAME }} --quiet | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Extract metadata | |
| id: meta | |
| run: | | |
| echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT | |
| echo "timestamp=$(date +%Y%m%d%H%M%S)" >> $GITHUB_OUTPUT | |
| - name: Build and push ${{ matrix.service }} | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./${{ matrix.service }}/Dockerfile | |
| push: true | |
| tags: | | |
| ${{ env.AR_HOSTNAME }}/${{ secrets.GCP_PROJECT_ID }}/${{ env.AR_REPOSITORY }}/${{ matrix.service }}:latest | |
| ${{ env.AR_HOSTNAME }}/${{ secrets.GCP_PROJECT_ID }}/${{ env.AR_REPOSITORY }}/${{ matrix.service }}:${{ steps.meta.outputs.sha_short }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| deploy: | |
| name: Deploy to GCE | |
| needs: build-and-push | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Google Auth | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| credentials_json: ${{ secrets.GCP_SA_KEY }} | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v2 | |
| - name: Deploy to GCE | |
| run: | | |
| gcloud compute ssh ${{ secrets.GCE_INSTANCE_NAME }} \ | |
| --zone=${{ secrets.GCP_ZONE }} \ | |
| --project=${{ secrets.GCP_PROJECT_ID }} \ | |
| --tunnel-through-iap \ | |
| --command=" | |
| cd ~/BitCoin_DataPipeline && \ | |
| git pull origin main && \ | |
| # .env 파일 생성 | |
| echo \"${{ secrets.ENV_FILE }}\" > .env && \ | |
| # GCP 키 파일 생성 (Base64 디코딩 방식) | |
| mkdir -p keys && \ | |
| rm -rf keys/gcp-key.json && \ | |
| echo '${{ secrets.GCP_SA_KEY }}' | base64 -d > keys/gcp-key.json && \ | |
| chmod 600 keys/gcp-key.json && \ | |
| sudo gcloud auth configure-docker ${{ env.AR_HOSTNAME }} --quiet && \ | |
| sudo docker compose pull && \ | |
| sudo docker compose down && \ | |
| sudo docker compose up -d | |
| " | |
| - name: Verify deployment | |
| run: | | |
| sleep 10 | |
| gcloud compute ssh ${{ secrets.GCE_INSTANCE_NAME }} \ | |
| --zone=${{ secrets.GCP_ZONE }} \ | |
| --project=${{ secrets.GCP_PROJECT_ID }} \ | |
| --tunnel-through-iap \ | |
| --command="cd ~/BitCoin_DataPipeline && sudo docker compose ps" |