Merge pull request #170 from FunD-StockProject/fix/docker-port-443-co… #21
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to EC2 (DockerHub) | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| concurrency: | |
| group: deploy | |
| cancel-in-progress: true | |
| jobs: | |
| build-and-deploy: | |
| runs-on: ubuntu-latest | |
| env: | |
| IMAGE_NAME: muuigong/stock-app | |
| DEPLOY_DIR: /srv/stock | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Login to Docker Hub | |
| uses: docker/login-action@v3 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| - name: Build & Push image | |
| run: | | |
| docker build -t "$IMAGE_NAME:latest" . | |
| docker push "$IMAGE_NAME:latest" | |
| - name: SSH Agent | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ secrets.EC2_SSH_KEY }} | |
| - name: Add known_hosts (robust) | |
| shell: bash | |
| env: | |
| EC2_HOST: ${{ secrets.EC2_HOST }} | |
| run: | | |
| set -euo pipefail | |
| mkdir -p ~/.ssh | |
| HOST="${EC2_HOST#*@}" # strip user@ | |
| HOST="${HOST%%:*}" # strip :port if any | |
| HOST="$(printf '%s' "$HOST" | tr -d '\r\n')" | |
| if [ -z "$HOST" ]; then | |
| echo "❌ EC2_HOST invalid. Expected 'user@host'." >&2 | |
| exit 1 | |
| fi | |
| echo "→ adding $HOST to known_hosts" | |
| ssh-keyscan -T 15 -H "$HOST" >> ~/.ssh/known_hosts 2>/dev/null | |
| chmod 644 ~/.ssh/known_hosts | |
| - name: Upload compose & optional .env (first-time friendly) | |
| shell: bash | |
| env: | |
| EC2_HOST: ${{ secrets.EC2_HOST }} | |
| DEPLOY_DIR: /srv/stock | |
| APP_ENV_FILE: ${{ secrets.APP_ENV_FILE }} # optional | |
| run: | | |
| set -euo pipefail | |
| # 로그 디렉토리 생성 (볼륨 마운트용) | |
| ssh -o StrictHostKeyChecking=no "$EC2_HOST" "mkdir -p $DEPLOY_DIR/logs" | |
| # config 디렉토리 생성 | |
| ssh -o StrictHostKeyChecking=no "$EC2_HOST" "mkdir -p $DEPLOY_DIR/config" | |
| # 항상 최신 docker-compose.yml 업로드 (로그 볼륨 설정 등 최신 변경사항 반영) | |
| scp -o StrictHostKeyChecking=no docker-compose.yml "$EC2_HOST:$DEPLOY_DIR/docker-compose.yml" | |
| # upload .env if provided via secret | |
| if [ -n "${APP_ENV_FILE:-}" ]; then | |
| printf "%s" "$APP_ENV_FILE" | ssh -o StrictHostKeyChecking=no "$EC2_HOST" "cat > $DEPLOY_DIR/config/.env && chmod 600 $DEPLOY_DIR/config/.env" | |
| fi | |
| - name: Pull & Restart on EC2 | |
| env: | |
| EC2_HOST: ${{ secrets.EC2_HOST }} | |
| DEPLOY_DIR: /srv/stock | |
| run: | | |
| ssh -o StrictHostKeyChecking=no "$EC2_HOST" " | |
| set -e | |
| cd $DEPLOY_DIR | |
| # 기존 컨테이너 중지 및 제거 (orphan 포함) | |
| docker compose down --remove-orphans || true | |
| # 443 포트를 사용하는 다른 컨테이너가 있다면 종료 | |
| docker stop \$(docker ps -q --filter 'publish=443') 2>/dev/null || true | |
| # 최신 이미지 pull | |
| docker compose pull | |
| # 컨테이너 시작 | |
| docker compose up -d | |
| # 사용하지 않는 이미지 정리 | |
| docker image prune -f | |
| # 상태 확인 | |
| docker ps | |
| " |