htlee
db8334b08e
Some checks failed
Deploy KCG / deploy (push) Failing after 1m6s
Co-authored-by: htlee <htlee@gcsc.co.kr> Co-committed-by: htlee <htlee@gcsc.co.kr>
132 lines
5.0 KiB
YAML
132 lines
5.0 KiB
YAML
name: Deploy KCG
|
|
|
|
on:
|
|
push:
|
|
branches: [main]
|
|
|
|
jobs:
|
|
deploy:
|
|
runs-on: ubuntu-latest
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
# ═══ Frontend ═══
|
|
- name: Configure npm registry
|
|
run: |
|
|
echo "registry=https://nexus.gc-si.dev/repository/npm-public/" > frontend/.npmrc
|
|
echo "//nexus.gc-si.dev/repository/npm-public/:_auth=${{ secrets.NEXUS_NPM_AUTH }}" >> frontend/.npmrc
|
|
|
|
- name: Build frontend
|
|
working-directory: frontend
|
|
env:
|
|
VITE_GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
|
|
run: |
|
|
npm ci
|
|
npx vite build
|
|
|
|
- name: Deploy frontend
|
|
run: |
|
|
rm -rf /deploy/kcg/*
|
|
cp -r frontend/dist/* /deploy/kcg/
|
|
echo "Frontend deployed at $(date '+%Y-%m-%d %H:%M:%S')"
|
|
|
|
# ═══ Backend ═══
|
|
- name: Install JDK 21 + Maven
|
|
run: |
|
|
apt-get update -qq
|
|
apt-get install -y -qq wget apt-transport-https gpg maven openssh-client > /dev/null 2>&1
|
|
wget -qO - https://packages.adoptium.net/artifactory/api/gpg/key/public | gpg --dearmor -o /usr/share/keyrings/adoptium.gpg
|
|
echo "deb [signed-by=/usr/share/keyrings/adoptium.gpg] https://packages.adoptium.net/artifactory/deb bookworm main" > /etc/apt/sources.list.d/adoptium.list
|
|
apt-get update -qq
|
|
apt-get install -y -qq temurin-21-jdk > /dev/null 2>&1
|
|
echo "JAVA_HOME=/usr/lib/jvm/temurin-21-jdk-amd64" >> $GITHUB_ENV
|
|
echo "/usr/lib/jvm/temurin-21-jdk-amd64/bin" >> $GITHUB_PATH
|
|
/usr/lib/jvm/temurin-21-jdk-amd64/bin/java -version
|
|
mvn --version
|
|
|
|
- name: Build backend
|
|
working-directory: backend
|
|
run: mvn -B clean package -DskipTests
|
|
|
|
- name: Deploy backend files
|
|
env:
|
|
GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }}
|
|
JWT_SECRET: ${{ secrets.JWT_SECRET }}
|
|
DB_PASSWORD: ${{ secrets.DB_PASSWORD }}
|
|
run: |
|
|
DEPLOY_DIR=/deploy/kcg-backend
|
|
mkdir -p $DEPLOY_DIR/backup
|
|
|
|
# JAR 백업 (최근 5개 유지)
|
|
if [ -f $DEPLOY_DIR/kcg.jar ]; then
|
|
cp $DEPLOY_DIR/kcg.jar $DEPLOY_DIR/backup/kcg-$(date +%Y%m%d%H%M%S).jar
|
|
ls -t $DEPLOY_DIR/backup/*.jar | tail -n +6 | xargs -r rm
|
|
fi
|
|
|
|
# Secrets → 환경변수 파일
|
|
: > $DEPLOY_DIR/.env
|
|
[ -n "$GOOGLE_CLIENT_ID" ] && echo "GOOGLE_CLIENT_ID=${GOOGLE_CLIENT_ID}" >> $DEPLOY_DIR/.env
|
|
[ -n "$JWT_SECRET" ] && echo "JWT_SECRET=${JWT_SECRET}" >> $DEPLOY_DIR/.env
|
|
[ -n "$DB_PASSWORD" ] && echo "DB_PASSWORD=${DB_PASSWORD}" >> $DEPLOY_DIR/.env
|
|
|
|
# JAR 내부에 application-prod.yml이 있으면 외부 파일 제거
|
|
if unzip -l backend/target/kcg.jar | grep -q 'application-prod.yml$'; then
|
|
rm -f $DEPLOY_DIR/application-prod.yml
|
|
echo "JAR 내부 application-prod.yml 감지 → 외부 파일 제거"
|
|
fi
|
|
|
|
# systemd 서비스 파일 배포
|
|
cp deploy/kcg-backend.service $DEPLOY_DIR/kcg-backend.service
|
|
|
|
# JAR 교체
|
|
cp backend/target/kcg.jar $DEPLOY_DIR/kcg.jar
|
|
echo "Backend files deployed at $(date '+%Y-%m-%d %H:%M:%S')"
|
|
|
|
- name: Restart backend via SSH
|
|
env:
|
|
DEPLOY_KEY: ${{ secrets.DEPLOY_SSH_KEY }}
|
|
run: |
|
|
mkdir -p ~/.ssh
|
|
echo "$DEPLOY_KEY" > ~/.ssh/id_deploy
|
|
chmod 600 ~/.ssh/id_deploy
|
|
# Docker 컨테이너 → 호스트: services_devnet gateway 경유
|
|
DOCKER_HOST_IP=$(ip route | awk '/default/ {print $3}')
|
|
ssh-keyscan $DOCKER_HOST_IP >> ~/.ssh/known_hosts 2>/dev/null || true
|
|
|
|
SSH_CMD="ssh -i ~/.ssh/id_deploy -o StrictHostKeyChecking=no root@$DOCKER_HOST_IP"
|
|
|
|
$SSH_CMD bash -s << 'RESTART'
|
|
set -e
|
|
DEPLOY_DIR=/devdata/services/kcg/backend
|
|
SYSTEMD_DIR=/etc/systemd/system
|
|
|
|
# systemd 서비스 파일 갱신
|
|
CHANGED=0
|
|
if [ -f "$DEPLOY_DIR/kcg-backend.service" ] && ! diff -q "$DEPLOY_DIR/kcg-backend.service" "$SYSTEMD_DIR/kcg-backend.service" >/dev/null 2>&1; then
|
|
cp "$DEPLOY_DIR/kcg-backend.service" "$SYSTEMD_DIR/kcg-backend.service"
|
|
CHANGED=1
|
|
fi
|
|
[ "$CHANGED" = "1" ] && systemctl daemon-reload
|
|
|
|
# 백엔드 재시작
|
|
echo "--- Restarting kcg-backend ---"
|
|
systemctl restart kcg-backend
|
|
|
|
# 기동 확인 (최대 60초, 401=인증필요=정상 기동)
|
|
for i in $(seq 1 60); do
|
|
HTTP=$(curl -s -o /dev/null -w '%{http_code}' http://localhost:8080/api/aircraft 2>/dev/null)
|
|
if [ "$HTTP" = "200" ] || [ "$HTTP" = "401" ] || [ "$HTTP" = "403" ]; then
|
|
echo "Backend started successfully (${i}s, HTTP $HTTP)"
|
|
exit 0
|
|
fi
|
|
sleep 1
|
|
done
|
|
echo "WARNING: Startup timeout. Recent logs:"
|
|
journalctl -u kcg-backend --no-pager -n 20
|
|
exit 1
|
|
RESTART
|
|
|
|
- name: Cleanup
|
|
if: always()
|
|
run: rm -f ~/.ssh/id_deploy
|