deploy-on-selfhosted #96
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: deploy-on-selfhosted | |
| on: | |
| workflow_run: | |
| workflows: ["build-and-push-image"] | |
| types: [completed] | |
| permissions: | |
| contents: read | |
| packages: read | |
| jobs: | |
| deploy: | |
| if: ${{ github.event.workflow_run.conclusion == 'success' }} | |
| runs-on: self-hosted | |
| steps: | |
| - name: Checkout (exact commit that triggered the build) | |
| uses: actions/checkout@v4 | |
| with: | |
| ref: ${{ github.event.workflow_run.head_sha }} | |
| - name: Debug - show checked out commit and compose | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| echo "GITHUB_WORKSPACE=$GITHUB_WORKSPACE" | |
| git rev-parse HEAD | |
| git log -1 --oneline | |
| ls -al | |
| echo "---- docker-compose.yml (first 80 lines) ----" | |
| sed -n '1,80p' docker-compose.yml | |
| - name: Login to GHCR (PAT) | |
| run: echo "${{ secrets.GHCR_PAT }}" | docker login ghcr.io -u "${{ secrets.GHCR_ID }}" --password-stdin | |
| - name: Write .env, copy docker-compose.yml, deploy | |
| shell: bash | |
| run: | | |
| set -euo pipefail | |
| DEPLOY_DIR="${HOME}/bllsoneshot" | |
| mkdir -p "$DEPLOY_DIR" | |
| cd "$DEPLOY_DIR" | |
| cp "${GITHUB_WORKSPACE}/docker-compose.yml" ./docker-compose.yml | |
| # latest 기준 이미지 | |
| IMAGE="ghcr.io/$(echo "$GITHUB_REPOSITORY" | tr '[:upper:]' '[:lower:]'):${{ github.event.workflow_run.head_sha }}" | |
| printf '%s\n' \ | |
| "APP_PORT=${{ secrets.APP_PORT }}" \ | |
| "SPRING_PROFILES_ACTIVE=${{ secrets.SPRING_PROFILES_ACTIVE }}" \ | |
| "" \ | |
| "MYSQL_ROOT_PASSWORD=${{ secrets.MYSQL_ROOT_PASSWORD }}" \ | |
| "MYSQL_DATABASE=${{ secrets.MYSQL_DATABASE }}" \ | |
| "MYSQL_USER=${{ secrets.MYSQL_USER }}" \ | |
| "MYSQL_PASSWORD=${{ secrets.MYSQL_PASSWORD }}" \ | |
| "" \ | |
| "SPRING_DATASOURCE_URL=${{ secrets.SPRING_DATASOURCE_URL }}" \ | |
| "SPRING_DATASOURCE_USERNAME=${{ secrets.SPRING_DATASOURCE_USERNAME }}" \ | |
| "SPRING_DATASOURCE_PASSWORD=${{ secrets.SPRING_DATASOURCE_PASSWORD }}" \ | |
| "" \ | |
| "SPRING_DATA_REDIS_HOST=${{ secrets.SPRING_DATA_REDIS_HOST }}" \ | |
| "SPRING_DATA_REDIS_PORT=${{ secrets.SPRING_DATA_REDIS_PORT }}" \ | |
| "" \ | |
| "KEYS_JWT_SECRET=${{ secrets.KEYS_JWT_SECRET }}" \ | |
| "CLOUD_AWS_CREDENTIALS_ACCESS_KEY=${{ secrets.CLOUD_AWS_CREDENTIALS_ACCESS_KEY }}" \ | |
| "CLOUD_AWS_CREDENTIALS_SECRET_KEY=${{ secrets.CLOUD_AWS_CREDENTIALS_SECRET_KEY }}" \ | |
| "CLOUD_AWS_BUCKET=${{ secrets.CLOUD_AWS_BUCKET }}" \ | |
| "CLOUD_AWS_CDN_URL=${{ secrets.CLOUD_AWS_CDN_URL }}" \ | |
| "" \ | |
| "SPRING_SERVLET_MULTIPART_MAX_FILE_SIZE=${{ secrets.SPRING_SERVLET_MULTIPART_MAX_FILE_SIZE }}" \ | |
| "SPRING_SERVLET_MULTIPART_MAX_REQUEST_SIZE=${{ secrets.SPRING_SERVLET_MULTIPART_MAX_REQUEST_SIZE }}" \ | |
| "APP_FILE_MAX_BYTES=${{ secrets.APP_FILE_MAX_BYTES }}" \ | |
| "" \ | |
| "CF_TUNNEL_TOKEN=${{ secrets.CF_TUNNEL_TOKEN }}" \ | |
| "APP_IMAGE=$IMAGE" \ | |
| > .env | |
| chmod 600 .env | |
| docker compose pull app | |
| docker compose up -d --pull always mysql redis | |
| docker compose up -d --force-recreate --pull always app | |
| docker compose ps | |
| docker compose logs --no-color --tail=120 app |