From c6c7caba7bc7d2d91a26eb38b8dff2c94087a6bc Mon Sep 17 00:00:00 2001 From: ksee1230 Date: Thu, 19 Jun 2025 14:00:04 +0900 Subject: [PATCH 01/12] =?UTF-8?q?ci:=20CI/CD=20=EC=84=A4=EC=A0=95=20?= =?UTF-8?q?=ED=8C=8C=EC=9D=BC=20=EC=83=9D=EC=84=B1?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CI/CD 설정 파일 생성 --- .github/workflows/ci-cd.yml | 159 ++++++++++++++++++++++++++++++++++++ 1 file changed, 159 insertions(+) create mode 100644 .github/workflows/ci-cd.yml diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml new file mode 100644 index 0000000..448c191 --- /dev/null +++ b/.github/workflows/ci-cd.yml @@ -0,0 +1,159 @@ +name: CI/CD for highfive-frontend-service + +on: + push: + branches: + - develop + tags: + - '*.*.*' + - '!*.*.*-*' # 정식 버전 태그에만 반응 + pull_request: + branches: + - develop + +permissions: + contents: write + pull-requests: read + +jobs: + # ========================================= + # JOB 1: 버전 계산 및 Git 태그 생성 + # ========================================= + calculate-version: + if: github.event_name == 'push' && !startsWith(github.ref, 'refs/tags/') + runs-on: ubuntu-latest + outputs: + new_version: ${{ steps.tagger.outputs.new_tag }} + changelog: ${{ steps.tagger.outputs.changelog }} + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Calculate next version and create tag + id: tagger + uses: anothrNick/github-tag-action@1.67.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + WITH_V: false + DEFAULT_BUMP: patch + CUSTOM_TAG_SCHEME: "feat:minor" + + # ======================================================= + # JOB 2: 이미지 빌드 및 1차 승인 요청 (ECR 푸시 전) + # ======================================================= + build-and-request-push: + needs: calculate-version + if: success() || (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) + runs-on: ubuntu-latest + environment: + name: ecr-push-approval + outputs: + new_version: ${{ github.ref_name || needs.calculate-version.outputs.new_version }} + changelog: ${{ needs.calculate-version.outputs.changelog }} + steps: + - uses: actions/checkout@v4 + - name: Set up QEMU & Docker Buildx + uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + + - name: Build Docker image for logging + run: | + # ▼▼▼ [수정됨] ECR 이미지 경로 변경 ▼▼▼ + docker buildx build --platform linux/amd64 -t 326536620954.dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:${{ github.ref_name || needs.calculate-version.outputs.new_version }} . --load > build_log.txt 2>&1 || true + + - name: Upload build log as artifact + uses: actions/upload-artifact@v4 + with: + name: build-log + path: build_log.txt + + - name: Send Discord Notification for ECR Push Approval + uses: sarisia/actions-status-discord@v1 + with: + webhook: ${{ secrets.DISCORD_WEBHOOK_URL }} + title: "🔎 [1차 승인] ECR Push 승인 요청: ${{ github.ref_name || needs.calculate-version.outputs.new_version }}" + description: | + Docker 이미지 빌드가 완료되었습니다. ECR에 이미지를 Push 하려면 아래 링크에서 승인해주세요. + [➡️ 빌드 로그 확인 및 승인하기](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) + color: 0x00BFFF + + # ===================================== + # JOB 3: ECR에 멀티 아키텍처 이미지 푸시 + # ===================================== + push-to-ecr: + needs: build-and-request-push + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + - name: Set up QEMU & Docker Buildx + uses: docker/setup-qemu-action@v3 + - uses: docker/setup-buildx-action@v3 + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + aws-region: ap-northeast-2 + - name: Login to Amazon ECR + uses: aws-actions/amazon-ecr-login@v2 + + - name: Build and push Multi-Arch Docker image to ECR + uses: docker/build-push-action@v5 + with: + context: . + push: true + platforms: linux/amd64,linux/arm64 + tags: 326536620954.dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:${{ needs.build-and-request-push.outputs.new_version }} + # ▼ 빌드 캐시 설정 + cache-from: type=registry,ref=326536620954.dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:buildcache + cache-to: type=registry,ref=326536620954.dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:buildcache,mode=max + + # =============================================== + # JOB 4: EKS 배포 전 2차 승인 요청 + # =============================================== + request-deployment: + needs: push-to-ecr + runs-on: ubuntu-latest + environment: + name: production-deploy + outputs: + new_version: ${{ needs.build-and-request-push.outputs.new_version }} + steps: + - name: Send Discord Notification for Deployment Approval + uses: sarisia/actions-status-discord@v1 + with: + webhook: ${{ secrets.DISCORD_WEBHOOK_URL }} + title: "🚀 [2차 승인] EKS 배포 승인 요청: ${{ needs.build-and-request-push.outputs.new_version }}" + description: | + 이미지가 ECR에 준비되었습니다. 배포를 진행하려면 아래 링크에서 승인해주세요. + [➡️ 배포 승인하기](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) + color: 0xFF4500 + + # ================================================== + # JOB 5: Config Repo 업데이트 (ArgoCD 트리거) + # ================================================== + deploy-to-eks: + needs: request-deployment + runs-on: ubuntu-latest + steps: + - name: Checkout Configuration Repo + uses: actions/checkout@v4 + with: + # ▼▼▼ [수정됨] Config Repo 경로 변경 ▼▼▼ + repository: highfive-goorm/hf-eks-config + token: ${{ secrets.CONFIG_REPO_PAT }} + path: 'config-repo' + + - name: Update Kubernetes manifest image tag + run: | + # ▼▼▼ [수정됨] 이미지 경로 및 매니페스트 파일 이름 변경 ▼▼▼ + sed -i -E "s|^(\s*image:\s*).*|\1326536620954.dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:${{ needs.request-deployment.outputs.new_version }}|" config-repo/highfive-frontend-service.yaml + + - name: Commit and push changes + uses: stefanzweifel/git-auto-commit-action@v5 + with: + commit_message: "Deploy image version ${{ needs.request-deployment.outputs.new_version }} for highfive-frontend-service" + repository: 'config-repo' + # ▼▼▼ [수정됨] 매니페스트 파일 이름 변경 ▼▼▼ + file_pattern: 'highfive-frontend-service.yaml' \ No newline at end of file From 0f60aece9f8b4b5b8f45547848f4892d949944b7 Mon Sep 17 00:00:00 2001 From: ksee1230 Date: Thu, 19 Jun 2025 14:22:48 +0900 Subject: [PATCH 02/12] =?UTF-8?q?ci:=20CI=20=EC=84=A4=EC=A0=95=20=ED=8C=8C?= =?UTF-8?q?=EC=9D=BC=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CI 설정 파일 수정 --- .github/workflows/ci-cd.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 448c191..24bb73d 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -49,7 +49,7 @@ jobs: environment: name: ecr-push-approval outputs: - new_version: ${{ github.ref_name || needs.calculate-version.outputs.new_version }} + new_version: ${{ startsWith(github.ref, 'refs/tags/') && github.ref_name || needs.calculate-version.outputs.new_version }} changelog: ${{ needs.calculate-version.outputs.changelog }} steps: - uses: actions/checkout@v4 From 393dce3b6185a818efc66b236c48b552c3c76ba0 Mon Sep 17 00:00:00 2001 From: ksee1230 Date: Thu, 19 Jun 2025 14:29:40 +0900 Subject: [PATCH 03/12] =?UTF-8?q?ci:=20CI=20=EC=84=A4=EC=A0=95=20=ED=8C=8C?= =?UTF-8?q?=EC=9D=BC=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CI 설정 파일 수정 --- .github/workflows/ci-cd.yml | 132 ++++++++++++++++-------------------- 1 file changed, 60 insertions(+), 72 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 24bb73d..05fab8c 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -1,4 +1,4 @@ -name: CI/CD for highfive-frontend-service +name: CI/CD Pipeline with Dual Approval Gates on: push: @@ -6,7 +6,7 @@ on: - develop tags: - '*.*.*' - - '!*.*.*-*' # 정식 버전 태그에만 반응 + - '!*.*.*-*' pull_request: branches: - develop @@ -17,143 +17,131 @@ permissions: jobs: # ========================================= - # JOB 1: 버전 계산 및 Git 태그 생성 + # JOB 1: 버전 계산 및 빌드 준비 # ========================================= - calculate-version: - if: github.event_name == 'push' && !startsWith(github.ref, 'refs/tags/') + build: + if: github.event_name == 'push' runs-on: ubuntu-latest + permissions: + contents: write outputs: - new_version: ${{ steps.tagger.outputs.new_tag }} - changelog: ${{ steps.tagger.outputs.changelog }} + version_tag: ${{ steps.version.outputs.tag }} steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - - - name: Calculate next version and create tag - id: tagger - uses: anothrNick/github-tag-action@1.67.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - WITH_V: false - DEFAULT_BUMP: patch - CUSTOM_TAG_SCHEME: "feat:minor" - - # ======================================================= - # JOB 2: 이미지 빌드 및 1차 승인 요청 (ECR 푸시 전) - # ======================================================= - build-and-request-push: - needs: calculate-version - if: success() || (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) - runs-on: ubuntu-latest - environment: - name: ecr-push-approval - outputs: - new_version: ${{ startsWith(github.ref, 'refs/tags/') && github.ref_name || needs.calculate-version.outputs.new_version }} - changelog: ${{ needs.calculate-version.outputs.changelog }} - steps: - - uses: actions/checkout@v4 - - name: Set up QEMU & Docker Buildx - uses: docker/setup-qemu-action@v3 - - uses: docker/setup-buildx-action@v3 - - - name: Build Docker image for logging + - uses: actions/setup-node@v4 + - name: Determine Version Tag + id: version run: | - # ▼▼▼ [수정됨] ECR 이미지 경로 변경 ▼▼▼ - docker buildx build --platform linux/amd64 -t 326536620954.dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:${{ github.ref_name || needs.calculate-version.outputs.new_version }} . --load > build_log.txt 2>&1 || true - + if [[ "${{ github.ref_type }}" == "tag" ]]; then + echo "tag=${{ github.ref_name }}" >> $GITHUB_OUTPUT + else + npm install anothr-github-tag-action + git_tag=$(npx anothr-github-tag-action --dry_run --no-v --custom_tag_scheme="feat:minor") + echo "tag=${git_tag}" >> $GITHUB_OUTPUT + fi + - name: Create Git tag for develop build + if: github.ref_type != 'tag' + run: | + git tag ${{ steps.version.outputs.tag }} + git push origin ${{ steps.version.outputs.tag }} + - name: Build image just for logging + run: | + docker build . -t temp-image > build_log.txt 2>&1 || true - name: Upload build log as artifact uses: actions/upload-artifact@v4 with: - name: build-log + name: build-log-${{ steps.version.outputs.tag }} path: build_log.txt + # ======================================================= + # JOB 2: 1차 승인 알림 발송 (ECR 푸시) + # ======================================================= + notify-for-push-approval: + needs: build + runs-on: ubuntu-latest + steps: - name: Send Discord Notification for ECR Push Approval uses: sarisia/actions-status-discord@v1 with: webhook: ${{ secrets.DISCORD_WEBHOOK_URL }} - title: "🔎 [1차 승인] ECR Push 승인 요청: ${{ github.ref_name || needs.calculate-version.outputs.new_version }}" + title: "🔎 [1차 승인] ECR Push 승인 요청: ${{ needs.build.outputs.version_tag }}" description: | Docker 이미지 빌드가 완료되었습니다. ECR에 이미지를 Push 하려면 아래 링크에서 승인해주세요. [➡️ 빌드 로그 확인 및 승인하기](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) color: 0x00BFFF # ===================================== - # JOB 3: ECR에 멀티 아키텍처 이미지 푸시 + # JOB 3: ECR 푸시 실행 (1차 승인 게이트) # ===================================== push-to-ecr: - needs: build-and-request-push + needs: notify-for-push-approval runs-on: ubuntu-latest + # ▼▼▼ 실제 승인 대기는 이 잡에서 일어납니다 ▼▼▼ + environment: + name: ecr-push-approval steps: - uses: actions/checkout@v4 - name: Set up QEMU & Docker Buildx uses: docker/setup-qemu-action@v3 - uses: docker/setup-buildx-action@v3 - - name: Configure AWS credentials + - name: Configure AWS credentials & Login to ECR uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ap-northeast-2 - - name: Login to Amazon ECR - uses: aws-actions/amazon-ecr-login@v2 - - - name: Build and push Multi-Arch Docker image to ECR + - uses: aws-actions/amazon-ecr-login@v2 + - name: Build and push Multi-Arch Docker image uses: docker/build-push-action@v5 with: context: . push: true platforms: linux/amd64,linux/arm64 - tags: 326536620954.dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:${{ needs.build-and-request-push.outputs.new_version }} - # ▼ 빌드 캐시 설정 - cache-from: type=registry,ref=326536620954.dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:buildcache - cache-to: type=registry,ref=326536620954.dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:buildcache,mode=max + tags: YOUR_ECR_URI/YOUR_SERVICE_NAME:${{ needs.build.outputs.version_tag }} + cache-from: type=registry,ref=YOUR_ECR_URI/YOUR_SERVICE_NAME:buildcache + cache-to: type=registry,ref=YOUR_ECR_URI/YOUR_SERVICE_NAME:buildcache,mode=max - # =============================================== - # JOB 4: EKS 배포 전 2차 승인 요청 - # =============================================== - request-deployment: + # ================================================== + # JOB 4: 2차 승인 알림 발송 (EKS 배포) + # ================================================== + notify-for-deploy-approval: needs: push-to-ecr runs-on: ubuntu-latest - environment: - name: production-deploy - outputs: - new_version: ${{ needs.build-and-request-push.outputs.new_version }} steps: - name: Send Discord Notification for Deployment Approval uses: sarisia/actions-status-discord@v1 with: webhook: ${{ secrets.DISCORD_WEBHOOK_URL }} - title: "🚀 [2차 승인] EKS 배포 승인 요청: ${{ needs.build-and-request-push.outputs.new_version }}" + title: "🚀 [2차 승인] EKS 배포 승인 요청: ${{ needs.build.outputs.version_tag }}" description: | 이미지가 ECR에 준비되었습니다. 배포를 진행하려면 아래 링크에서 승인해주세요. [➡️ 배포 승인하기](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) color: 0xFF4500 # ================================================== - # JOB 5: Config Repo 업데이트 (ArgoCD 트리거) + # JOB 5: 최종 배포 실행 (2차 승인 게이트) # ================================================== deploy-to-eks: - needs: request-deployment + needs: [build, notify-for-deploy-approval] # build 잡의 버전 정보가 필요합니다 runs-on: ubuntu-latest + # ▼▼▼ 실제 승인 대기는 이 잡에서 일어납니다 ▼▼▼ + environment: + name: production-deploy steps: - name: Checkout Configuration Repo uses: actions/checkout@v4 with: - # ▼▼▼ [수정됨] Config Repo 경로 변경 ▼▼▼ - repository: highfive-goorm/hf-eks-config + repository: YOUR_ORG/YOUR_CONFIG_REPO_NAME token: ${{ secrets.CONFIG_REPO_PAT }} path: 'config-repo' - - - name: Update Kubernetes manifest image tag + - name: Update manifest file run: | - # ▼▼▼ [수정됨] 이미지 경로 및 매니페스트 파일 이름 변경 ▼▼▼ - sed -i -E "s|^(\s*image:\s*).*|\1326536620954.dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:${{ needs.request-deployment.outputs.new_version }}|" config-repo/highfive-frontend-service.yaml - + sed -i -E "s|^(\s*image:\s*).*|\1YOUR_ECR_URI/YOUR_SERVICE_NAME:${{ needs.build.outputs.version_tag }}|" config-repo/highfive-frontend-service.yaml - name: Commit and push changes uses: stefanzweifel/git-auto-commit-action@v5 with: - commit_message: "Deploy image version ${{ needs.request-deployment.outputs.new_version }} for highfive-frontend-service" + commit_message: "Deploy image ${{ needs.build.outputs.version_tag }} for highfive-frontend-service" repository: 'config-repo' - # ▼▼▼ [수정됨] 매니페스트 파일 이름 변경 ▼▼▼ file_pattern: 'highfive-frontend-service.yaml' \ No newline at end of file From 2c29aad49387496b852bdb555a62f61edc82674d Mon Sep 17 00:00:00 2001 From: ksee1230 Date: Thu, 19 Jun 2025 14:32:55 +0900 Subject: [PATCH 04/12] =?UTF-8?q?ci:=20CI=20=EC=84=A4=EC=A0=95=20=ED=8C=8C?= =?UTF-8?q?=EC=9D=BC=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CI 설정 파일 수정 --- .github/workflows/ci-cd.yml | 47 +++++++++++++++++++------------------ 1 file changed, 24 insertions(+), 23 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 05fab8c..a4794de 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -25,34 +25,35 @@ jobs: permissions: contents: write outputs: - version_tag: ${{ steps.version.outputs.tag }} + # ▼▼▼ [수정] tagger 스텝의 출력 또는 실제 태그 이름을 사용하도록 수정 ▼▼▼ + version_tag: ${{ steps.tagger.outputs.new_tag || github.ref_name }} + steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - - uses: actions/setup-node@v4 - - name: Determine Version Tag - id: version - run: | - if [[ "${{ github.ref_type }}" == "tag" ]]; then - echo "tag=${{ github.ref_name }}" >> $GITHUB_OUTPUT - else - npm install anothr-github-tag-action - git_tag=$(npx anothr-github-tag-action --dry_run --no-v --custom_tag_scheme="feat:minor") - echo "tag=${git_tag}" >> $GITHUB_OUTPUT - fi - - name: Create Git tag for develop build - if: github.ref_type != 'tag' - run: | - git tag ${{ steps.version.outputs.tag }} - git push origin ${{ steps.version.outputs.tag }} + + # ▼▼▼ [수정] NPM/NPX 명령어를 삭제하고 원래의 올바른 Action 방식으로 복원 ▼▼▼ + - name: Calculate and Create Git Tag for Develop + id: tagger + # develop 브랜치 푸시일 때만 이 단계를 실행 + if: github.ref_type == 'branch' + uses: anothrNick/github-tag-action@1.67.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + WITH_V: false + DEFAULT_BUMP: patch + CUSTOM_TAG_SCHEME: "feat:minor" + - name: Build image just for logging run: | + # ▼▼▼ [수정] 버전 값을 올바른 출력 변수에서 가져오도록 수정 ▼▼▼ docker build . -t temp-image > build_log.txt 2>&1 || true + - name: Upload build log as artifact uses: actions/upload-artifact@v4 with: - name: build-log-${{ steps.version.outputs.tag }} + name: build-log-${{ steps.tagger.outputs.new_tag || github.ref_name }} path: build_log.txt # ======================================================= @@ -66,6 +67,7 @@ jobs: uses: sarisia/actions-status-discord@v1 with: webhook: ${{ secrets.DISCORD_WEBHOOK_URL }} + # ▼▼▼ [수정] 버전 값을 build 잡의 최종 출력에서 가져옴 ▼▼▼ title: "🔎 [1차 승인] ECR Push 승인 요청: ${{ needs.build.outputs.version_tag }}" description: | Docker 이미지 빌드가 완료되었습니다. ECR에 이미지를 Push 하려면 아래 링크에서 승인해주세요. @@ -76,9 +78,8 @@ jobs: # JOB 3: ECR 푸시 실행 (1차 승인 게이트) # ===================================== push-to-ecr: - needs: notify-for-push-approval + needs: [build, notify-for-push-approval] runs-on: ubuntu-latest - # ▼▼▼ 실제 승인 대기는 이 잡에서 일어납니다 ▼▼▼ environment: name: ecr-push-approval steps: @@ -99,6 +100,7 @@ jobs: context: . push: true platforms: linux/amd64,linux/arm64 + # ▼▼▼ [수정] 버전 값을 build 잡의 최종 출력에서 가져옴 ▼▼▼ tags: YOUR_ECR_URI/YOUR_SERVICE_NAME:${{ needs.build.outputs.version_tag }} cache-from: type=registry,ref=YOUR_ECR_URI/YOUR_SERVICE_NAME:buildcache cache-to: type=registry,ref=YOUR_ECR_URI/YOUR_SERVICE_NAME:buildcache,mode=max @@ -107,7 +109,7 @@ jobs: # JOB 4: 2차 승인 알림 발송 (EKS 배포) # ================================================== notify-for-deploy-approval: - needs: push-to-ecr + needs: [build, push-to-ecr] runs-on: ubuntu-latest steps: - name: Send Discord Notification for Deployment Approval @@ -124,9 +126,8 @@ jobs: # JOB 5: 최종 배포 실행 (2차 승인 게이트) # ================================================== deploy-to-eks: - needs: [build, notify-for-deploy-approval] # build 잡의 버전 정보가 필요합니다 + needs: [build, notify-for-deploy-approval] runs-on: ubuntu-latest - # ▼▼▼ 실제 승인 대기는 이 잡에서 일어납니다 ▼▼▼ environment: name: production-deploy steps: From 67468c430860293c24d188ac192c2bec0d36a922 Mon Sep 17 00:00:00 2001 From: ksee1230 Date: Thu, 19 Jun 2025 14:57:49 +0900 Subject: [PATCH 05/12] =?UTF-8?q?ci:=20CI=20=EC=84=A4=EC=A0=95=20=ED=8C=8C?= =?UTF-8?q?=EC=9D=BC=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit CI 설정 파일 수정 --- .github/workflows/ci-cd.yml | 57 ++++++++++++++++++------------------- 1 file changed, 28 insertions(+), 29 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index a4794de..422c3f1 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -25,35 +25,34 @@ jobs: permissions: contents: write outputs: - # ▼▼▼ [수정] tagger 스텝의 출력 또는 실제 태그 이름을 사용하도록 수정 ▼▼▼ - version_tag: ${{ steps.tagger.outputs.new_tag || github.ref_name }} - + version_tag: ${{ steps.version.outputs.tag }} steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - - # ▼▼▼ [수정] NPM/NPX 명령어를 삭제하고 원래의 올바른 Action 방식으로 복원 ▼▼▼ - - name: Calculate and Create Git Tag for Develop - id: tagger - # develop 브랜치 푸시일 때만 이 단계를 실행 - if: github.ref_type == 'branch' - uses: anothrNick/github-tag-action@1.67.0 - env: - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} - WITH_V: false - DEFAULT_BUMP: patch - CUSTOM_TAG_SCHEME: "feat:minor" - + - uses: actions/setup-node@v4 + - name: Determine Version Tag + id: version + run: | + if [[ "${{ github.ref_type }}" == "tag" ]]; then + echo "tag=${{ github.ref_name }}" >> $GITHUB_OUTPUT + else + npm install anothr-github-tag-action + git_tag=$(npx anothr-github-tag-action --dry_run --no-v --custom_tag_scheme="feat:minor") + echo "tag=${git_tag}" >> $GITHUB_OUTPUT + fi + - name: Create Git tag for develop build + if: github.ref_type != 'tag' + run: | + git tag ${{ steps.version.outputs.tag }} + git push origin ${{ steps.version.outputs.tag }} - name: Build image just for logging run: | - # ▼▼▼ [수정] 버전 값을 올바른 출력 변수에서 가져오도록 수정 ▼▼▼ docker build . -t temp-image > build_log.txt 2>&1 || true - - name: Upload build log as artifact uses: actions/upload-artifact@v4 with: - name: build-log-${{ steps.tagger.outputs.new_tag || github.ref_name }} + name: build-log-${{ steps.version.outputs.tag }} path: build_log.txt # ======================================================= @@ -67,8 +66,7 @@ jobs: uses: sarisia/actions-status-discord@v1 with: webhook: ${{ secrets.DISCORD_WEBHOOK_URL }} - # ▼▼▼ [수정] 버전 값을 build 잡의 최종 출력에서 가져옴 ▼▼▼ - title: "🔎 [1차 승인] ECR Push 승인 요청: ${{ needs.build.outputs.version_tag }}" + title: "🔎 [1차 승인] ECR Push 승인 요청 테스트:" description: | Docker 이미지 빌드가 완료되었습니다. ECR에 이미지를 Push 하려면 아래 링크에서 승인해주세요. [➡️ 빌드 로그 확인 및 승인하기](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) @@ -78,8 +76,9 @@ jobs: # JOB 3: ECR 푸시 실행 (1차 승인 게이트) # ===================================== push-to-ecr: - needs: [build, notify-for-push-approval] + needs: notify-for-push-approval runs-on: ubuntu-latest + # ▼▼▼ 실제 승인 대기는 이 잡에서 일어납니다 ▼▼▼ environment: name: ecr-push-approval steps: @@ -100,16 +99,15 @@ jobs: context: . push: true platforms: linux/amd64,linux/arm64 - # ▼▼▼ [수정] 버전 값을 build 잡의 최종 출력에서 가져옴 ▼▼▼ - tags: YOUR_ECR_URI/YOUR_SERVICE_NAME:${{ needs.build.outputs.version_tag }} - cache-from: type=registry,ref=YOUR_ECR_URI/YOUR_SERVICE_NAME:buildcache - cache-to: type=registry,ref=YOUR_ECR_URI/YOUR_SERVICE_NAME:buildcache,mode=max + tags: 326536620954dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:${{ needs.build.outputs.version_tag }} + cache-from: type=registry,ref=326536620954dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:buildcache + cache-to: type=registry,ref=326536620954dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:buildcache,mode=max # ================================================== # JOB 4: 2차 승인 알림 발송 (EKS 배포) # ================================================== notify-for-deploy-approval: - needs: [build, push-to-ecr] + needs: push-to-ecr runs-on: ubuntu-latest steps: - name: Send Discord Notification for Deployment Approval @@ -126,8 +124,9 @@ jobs: # JOB 5: 최종 배포 실행 (2차 승인 게이트) # ================================================== deploy-to-eks: - needs: [build, notify-for-deploy-approval] + needs: [build, notify-for-deploy-approval] # build 잡의 버전 정보가 필요합니다 runs-on: ubuntu-latest + # ▼▼▼ 실제 승인 대기는 이 잡에서 일어납니다 ▼▼▼ environment: name: production-deploy steps: @@ -139,7 +138,7 @@ jobs: path: 'config-repo' - name: Update manifest file run: | - sed -i -E "s|^(\s*image:\s*).*|\1YOUR_ECR_URI/YOUR_SERVICE_NAME:${{ needs.build.outputs.version_tag }}|" config-repo/highfive-frontend-service.yaml + sed -i -E "s|^(\s*image:\s*).*|\1326536620954dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:${{ needs.build.outputs.version_tag }}|" config-repo/highfive-frontend-service.yaml - name: Commit and push changes uses: stefanzweifel/git-auto-commit-action@v5 with: From 58a8973ebb856c99ad4734a18bff7c86e5b95fd7 Mon Sep 17 00:00:00 2001 From: ksee1230 Date: Thu, 19 Jun 2025 15:00:25 +0900 Subject: [PATCH 06/12] =?UTF-8?q?ci:=20CI=20=EC=84=A4=EC=A0=95=20=ED=8C=8C?= =?UTF-8?q?=EC=9D=BC=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/ci-cd.yml | 38 +++++++++++++++++++------------------ 1 file changed, 20 insertions(+), 18 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 422c3f1..bd06ff4 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -25,36 +25,38 @@ jobs: permissions: contents: write outputs: - version_tag: ${{ steps.version.outputs.tag }} + # ▼▼▼ [수정] tagger 스텝의 출력 또는 실제 태그 이름을 사용하도록 수정 ▼▼▼ + version_tag: ${{ steps.tagger.outputs.new_tag || github.ref_name }} + steps: - uses: actions/checkout@v4 with: fetch-depth: 0 - - uses: actions/setup-node@v4 - - name: Determine Version Tag - id: version - run: | - if [[ "${{ github.ref_type }}" == "tag" ]]; then - echo "tag=${{ github.ref_name }}" >> $GITHUB_OUTPUT - else - npm install anothr-github-tag-action - git_tag=$(npx anothr-github-tag-action --dry_run --no-v --custom_tag_scheme="feat:minor") - echo "tag=${git_tag}" >> $GITHUB_OUTPUT - fi - - name: Create Git tag for develop build - if: github.ref_type != 'tag' - run: | - git tag ${{ steps.version.outputs.tag }} - git push origin ${{ steps.version.outputs.tag }} + + # ▼▼▼ [수정] NPM/NPX 명령어를 삭제하고 원래의 올바른 Action 방식으로 복원 ▼▼▼ + - name: Calculate and Create Git Tag for Develop + id: tagger + # develop 브랜치 푸시일 때만 이 단계를 실행 + if: github.ref_type == 'branch' + uses: anothrNick/github-tag-action@1.67.0 + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + WITH_V: false + DEFAULT_BUMP: patch + CUSTOM_TAG_SCHEME: "feat:minor" + - name: Build image just for logging run: | + # ▼▼▼ [수정] 버전 값을 올바른 출력 변수에서 가져오도록 수정 ▼▼▼ docker build . -t temp-image > build_log.txt 2>&1 || true + - name: Upload build log as artifact uses: actions/upload-artifact@v4 with: - name: build-log-${{ steps.version.outputs.tag }} + name: build-log-${{ steps.tagger.outputs.new_tag || github.ref_name }} path: build_log.txt + # ======================================================= # JOB 2: 1차 승인 알림 발송 (ECR 푸시) # ======================================================= From aeb427cb081bd43f2e8202204acf77dfb39453f0 Mon Sep 17 00:00:00 2001 From: ksee1230 Date: Thu, 19 Jun 2025 15:11:01 +0900 Subject: [PATCH 07/12] =?UTF-8?q?ci:=20CI=20=EC=84=A4=EC=A0=95=20=ED=8C=8C?= =?UTF-8?q?=EC=9D=BC=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/ci-cd.yml | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index bd06ff4..ebf025d 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -25,7 +25,6 @@ jobs: permissions: contents: write outputs: - # ▼▼▼ [수정] tagger 스텝의 출력 또는 실제 태그 이름을 사용하도록 수정 ▼▼▼ version_tag: ${{ steps.tagger.outputs.new_tag || github.ref_name }} steps: @@ -33,7 +32,6 @@ jobs: with: fetch-depth: 0 - # ▼▼▼ [수정] NPM/NPX 명령어를 삭제하고 원래의 올바른 Action 방식으로 복원 ▼▼▼ - name: Calculate and Create Git Tag for Develop id: tagger # develop 브랜치 푸시일 때만 이 단계를 실행 @@ -56,7 +54,6 @@ jobs: name: build-log-${{ steps.tagger.outputs.new_tag || github.ref_name }} path: build_log.txt - # ======================================================= # JOB 2: 1차 승인 알림 발송 (ECR 푸시) # ======================================================= @@ -66,9 +63,10 @@ jobs: steps: - name: Send Discord Notification for ECR Push Approval uses: sarisia/actions-status-discord@v1 + if: always() with: webhook: ${{ secrets.DISCORD_WEBHOOK_URL }} - title: "🔎 [1차 승인] ECR Push 승인 요청 테스트:" + title: "🔎 [1차 승인] ECR Push 승인 요청: ${{ needs.build.outputs.version_tag }}" description: | Docker 이미지 빌드가 완료되었습니다. ECR에 이미지를 Push 하려면 아래 링크에서 승인해주세요. [➡️ 빌드 로그 확인 및 승인하기](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) @@ -78,7 +76,7 @@ jobs: # JOB 3: ECR 푸시 실행 (1차 승인 게이트) # ===================================== push-to-ecr: - needs: notify-for-push-approval + needs: [build, notify-for-push-approval] runs-on: ubuntu-latest # ▼▼▼ 실제 승인 대기는 이 잡에서 일어납니다 ▼▼▼ environment: @@ -109,7 +107,7 @@ jobs: # JOB 4: 2차 승인 알림 발송 (EKS 배포) # ================================================== notify-for-deploy-approval: - needs: push-to-ecr + needs: [build, push-to-ecr] runs-on: ubuntu-latest steps: - name: Send Discord Notification for Deployment Approval From cc7b62153f973565548d9a68be434e50c65f1458 Mon Sep 17 00:00:00 2001 From: ksee1230 Date: Thu, 19 Jun 2025 16:12:19 +0900 Subject: [PATCH 08/12] =?UTF-8?q?ci:=20CI=20=EC=84=A4=EC=A0=95=20=ED=8C=8C?= =?UTF-8?q?=EC=9D=BC=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/ci-cd.yml | 37 +++++++++++++++++++++++++++++++++---- 1 file changed, 33 insertions(+), 4 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index ebf025d..1c9e77f 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -61,16 +61,45 @@ jobs: needs: build runs-on: ubuntu-latest steps: + - name: Download build log artifact + uses: actions/download-artifact@v4 + with: + name: build-log-${{ needs.build.outputs.version_tag }} + + # ▼▼▼ [1단계] 로그를 필터링하여 보낼 메시지를 준비하는 단계 ▼▼▼ + - name: Prepare Notification Message + id: prepare_message # 이 스텝의 출력을 참조하기 위해 id 지정 + run: | + KEYWORDS="error|failed|warning|deprecated" + LOG_ISSUES=$(grep -i -E -C 2 "$KEYWORDS" build_log.txt || true) + + if [[ -z "$LOG_ISSUES" ]]; then + SUMMARY="✅ 빌드 로그에서 특별한 경고나 에러가 발견되지 않았습니다." + else + TRUNCATED_LOGS=$(echo "$LOG_ISSUES" | head -c 1500) + SUMMARY="⚠️ 빌드 로그에서 잠재적인 문제가 발견되었습니다. 아래 요약을 확인해주세요.\\n\\n**Log Issues Summary:**\\n\`\`\`\\n${TRUNCATED_LOGS}\\n\`\`\`" + fi + + # 다음 스텝에서 사용할 수 있도록 summary 내용을 output으로 설정 + # EOF를 사용하여 여러 줄의 문자열을 안정적으로 전달 + { + echo "summary<> "$GITHUB_OUTPUT" + + # ▼▼▼ [2단계] 준비된 메시지를 담아 Discord 알림을 보내는 단계 ▼▼▼ - name: Send Discord Notification for ECR Push Approval uses: sarisia/actions-status-discord@v1 - if: always() with: webhook: ${{ secrets.DISCORD_WEBHOOK_URL }} title: "🔎 [1차 승인] ECR Push 승인 요청: ${{ needs.build.outputs.version_tag }}" + # description에 바로 앞 스텝의 'summary' output을 사용 description: | - Docker 이미지 빌드가 완료되었습니다. ECR에 이미지를 Push 하려면 아래 링크에서 승인해주세요. - [➡️ 빌드 로그 확인 및 승인하기](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) - color: 0x00BFFF + ${{ steps.prepare_message.outputs.summary }} + + [➡️ 전체 로그 및 승인 페이지로 이동](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) + color: 49151 # 16진수 0x00BFFF # ===================================== # JOB 3: ECR 푸시 실행 (1차 승인 게이트) From 6c17acf8ff95f088018f552ebe5d32e80e275985 Mon Sep 17 00:00:00 2001 From: ksee1230 Date: Thu, 19 Jun 2025 16:34:10 +0900 Subject: [PATCH 09/12] =?UTF-8?q?ci:=20CI=20=EC=84=A4=EC=A0=95=20=ED=8C=8C?= =?UTF-8?q?=EC=9D=BC=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/ci-cd.yml | 84 +++++++++++++++++++++++-------------- 1 file changed, 53 insertions(+), 31 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index 1c9e77f..cf72102 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -1,4 +1,4 @@ -name: CI/CD Pipeline with Dual Approval Gates +name: CI/CD Pipeline for frontend-service on: push: @@ -66,40 +66,41 @@ jobs: with: name: build-log-${{ needs.build.outputs.version_tag }} - # ▼▼▼ [1단계] 로그를 필터링하여 보낼 메시지를 준비하는 단계 ▼▼▼ - - name: Prepare Notification Message - id: prepare_message # 이 스텝의 출력을 참조하기 위해 id 지정 + - name: Send Discord Notification with Correctly Formatted Log run: | + # 1. 이전과 같이 로그에서 문제 라인을 필터링합니다. KEYWORDS="error|failed|warning|deprecated" LOG_ISSUES=$(grep -i -E -C 2 "$KEYWORDS" build_log.txt || true) + # 2. 결과에 따라 요약 메시지를 준비합니다. if [[ -z "$LOG_ISSUES" ]]; then - SUMMARY="✅ 빌드 로그에서 특별한 경고나 에러가 발견되지 않았습니다." + SUMMARY_CONTENT="✅ 빌드 로그에서 특별한 경고나 에러가 발견되지 않았습니다." else - TRUNCATED_LOGS=$(echo "$LOG_ISSUES" | head -c 1500) - SUMMARY="⚠️ 빌드 로그에서 잠재적인 문제가 발견되었습니다. 아래 요약을 확인해주세요.\\n\\n**Log Issues Summary:**\\n\`\`\`\\n${TRUNCATED_LOGS}\\n\`\`\`" + # JSON에 넣기 전에 " 와 \ 문자만 이스케이프 처리합니다. (줄바꿈 \n은 처리하지 않음) + ESCAPED_LOGS=$(echo "$LOG_ISSUES" | head -c 1500 | sed 's/\\/\\\\/g' | sed 's/"/\\"/g') + SUMMARY_CONTENT="⚠️ 빌드 로그에서 잠재적인 문제가 발견되었습니다. 아래 요약을 확인해주세요.\n\n**Log Issues Summary:**\n\`\`\`\n${ESCAPED_LOGS}\n\`\`\`" fi - # 다음 스텝에서 사용할 수 있도록 summary 내용을 output으로 설정 - # EOF를 사용하여 여러 줄의 문자열을 안정적으로 전달 - { - echo "summary<> "$GITHUB_OUTPUT" + # 3. 최종 description 내용을 만듭니다. + FINAL_DESCRIPTION="${SUMMARY_CONTENT}\n\n[➡️ 전체 로그 및 승인 페이지로 이동](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})" - # ▼▼▼ [2단계] 준비된 메시지를 담아 Discord 알림을 보내는 단계 ▼▼▼ - - name: Send Discord Notification for ECR Push Approval - uses: sarisia/actions-status-discord@v1 - with: - webhook: ${{ secrets.DISCORD_WEBHOOK_URL }} - title: "🔎 [1차 승인] ECR Push 승인 요청: ${{ needs.build.outputs.version_tag }}" - # description에 바로 앞 스텝의 'summary' output을 사용 - description: | - ${{ steps.prepare_message.outputs.summary }} - - [➡️ 전체 로그 및 승인 페이지로 이동](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) - color: 49151 # 16진수 0x00BFFF + # 4. JSON에 넣기 위해 다시 한번 전체 description의 특수문자를 이스케이프 합니다. + JSON_FRIENDLY_DESCRIPTION=$(echo "$FINAL_DESCRIPTION" | sed 's/\\/\\\\/g' | sed 's/"/\\"/g' | sed ':a;N;$!ba;s/\n/\\n/g') + + # 5. heredoc을 사용하여 JSON 페이로드를 생성하고 curl로 바로 전송합니다. + curl -X POST -H "Content-Type: application/json" \ + -d @- \ + "${{ secrets.DISCORD_WEBHOOK_URL }}" < Date: Thu, 19 Jun 2025 16:46:15 +0900 Subject: [PATCH 10/12] =?UTF-8?q?ci:=20CI=20=EC=84=A4=EC=A0=95=20=ED=8C=8C?= =?UTF-8?q?=EC=9D=BC=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/ci-cd.yml | 175 ++++++++++++++++-------------------- 1 file changed, 75 insertions(+), 100 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index cf72102..c7c02c2 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -17,16 +17,15 @@ permissions: jobs: # ========================================= - # JOB 1: 버전 계산 및 빌드 준비 + # JOB 1: 버전 계산 및 Git 태그 생성 # ========================================= - build: - if: github.event_name == 'push' + calculate-version: + if: github.event_name == 'push' && !startsWith(github.ref, 'refs/tags/') runs-on: ubuntu-latest - permissions: - contents: write outputs: - version_tag: ${{ steps.tagger.outputs.new_tag || github.ref_name }} - + # ▼▼▼ [수정 2] 올바른 출력 변수 이름(new_tag)을 사용합니다. ▼▼▼ + new_version: ${{ steps.tagger.outputs.new_tag }} + changelog: ${{ steps.tagger.outputs.changelog }} steps: - uses: actions/checkout@v4 with: @@ -34,8 +33,6 @@ jobs: - name: Calculate and Create Git Tag for Develop id: tagger - # develop 브랜치 푸시일 때만 이 단계를 실행 - if: github.ref_type == 'branch' uses: anothrNick/github-tag-action@1.67.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -43,156 +40,134 @@ jobs: DEFAULT_BUMP: patch CUSTOM_TAG_SCHEME: "feat:minor" - - name: Build image just for logging - run: | - # ▼▼▼ [수정] 버전 값을 올바른 출력 변수에서 가져오도록 수정 ▼▼▼ - docker build . -t temp-image > build_log.txt 2>&1 || true - - - name: Upload build log as artifact - uses: actions/upload-artifact@v4 - with: - name: build-log-${{ steps.tagger.outputs.new_tag || github.ref_name }} - path: build_log.txt - # ======================================================= - # JOB 2: 1차 승인 알림 발송 (ECR 푸시) + # JOB 2: 이미지 빌드 및 1차 승인 요청 # ======================================================= - notify-for-push-approval: - needs: build + build-and-request-push: + needs: calculate-version + if: success() || (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) runs-on: ubuntu-latest + environment: + name: ecr-push-approval + outputs: + # ▼▼▼ [수정 1] 태그 푸시일 때만 ref_name을 사용하도록 로직 수정 (가장 중요) ▼▼▼ + new_version: ${{ startsWith(github.ref, 'refs/tags/') && github.ref_name || needs.calculate-version.outputs.new_version }} + changelog: ${{ needs.calculate-version.outputs.changelog }} steps: - - name: Download build log artifact - uses: actions/download-artifact@v4 - with: - name: build-log-${{ needs.build.outputs.version_tag }} + - uses: actions/checkout@v4 + - name: Set up QEMU + uses: docker/setup-qemu-action@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v3 - - name: Send Discord Notification with Correctly Formatted Log + - name: Build Docker image for logging run: | - # 1. 이전과 같이 로그에서 문제 라인을 필터링합니다. - KEYWORDS="error|failed|warning|deprecated" - LOG_ISSUES=$(grep -i -E -C 2 "$KEYWORDS" build_log.txt || true) - - # 2. 결과에 따라 요약 메시지를 준비합니다. - if [[ -z "$LOG_ISSUES" ]]; then - SUMMARY_CONTENT="✅ 빌드 로그에서 특별한 경고나 에러가 발견되지 않았습니다." - else - # JSON에 넣기 전에 " 와 \ 문자만 이스케이프 처리합니다. (줄바꿈 \n은 처리하지 않음) - ESCAPED_LOGS=$(echo "$LOG_ISSUES" | head -c 1500 | sed 's/\\/\\\\/g' | sed 's/"/\\"/g') - SUMMARY_CONTENT="⚠️ 빌드 로그에서 잠재적인 문제가 발견되었습니다. 아래 요약을 확인해주세요.\n\n**Log Issues Summary:**\n\`\`\`\n${ESCAPED_LOGS}\n\`\`\`" - fi - - # 3. 최종 description 내용을 만듭니다. - FINAL_DESCRIPTION="${SUMMARY_CONTENT}\n\n[➡️ 전체 로그 및 승인 페이지로 이동](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})" + docker buildx build --platform linux/amd64 -t YOUR_ECR_URI/YOUR_SERVICE_NAME:${{ startsWith(github.ref, 'refs/tags/') && github.ref_name || needs.calculate-version.outputs.new_version }} . --load > build_log.txt 2>&1 || true - # 4. JSON에 넣기 위해 다시 한번 전체 description의 특수문자를 이스케이프 합니다. - JSON_FRIENDLY_DESCRIPTION=$(echo "$FINAL_DESCRIPTION" | sed 's/\\/\\\\/g' | sed 's/"/\\"/g' | sed ':a;N;$!ba;s/\n/\\n/g') - - # 5. heredoc을 사용하여 JSON 페이로드를 생성하고 curl로 바로 전송합니다. - curl -X POST -H "Content-Type: application/json" \ - -d @- \ - "${{ secrets.DISCORD_WEBHOOK_URL }}" < Date: Thu, 19 Jun 2025 17:09:58 +0900 Subject: [PATCH 11/12] ci ci-cd.yml --- .github/workflows/ci-cd.yml | 140 ++++++++++++++++++++---------------- 1 file changed, 79 insertions(+), 61 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index c7c02c2..d3fed07 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -17,15 +17,19 @@ permissions: jobs: # ========================================= - # JOB 1: 버전 계산 및 Git 태그 생성 + # JOB 1: 버전 계산 및 빌드 준비 # ========================================= - calculate-version: - if: github.event_name == 'push' && !startsWith(github.ref, 'refs/tags/') + build: + # ▼▼▼ [수정] develop, tag 푸시 모두에서 실행되도록 잡 레벨의 if 조건 제거 ▼▼▼ + if: github.event_name == 'push' runs-on: ubuntu-latest + permissions: + contents: write outputs: - # ▼▼▼ [수정 2] 올바른 출력 변수 이름(new_tag)을 사용합니다. ▼▼▼ - new_version: ${{ steps.tagger.outputs.new_tag }} + # ▼▼▼ [수정] develop, tag 푸시 시나리오를 모두 처리하는 안정적인 출력 방식 ▼▼▼ + version_tag: ${{ steps.tagger.outputs.new_tag || github.ref_name }} changelog: ${{ steps.tagger.outputs.changelog }} + steps: - uses: actions/checkout@v4 with: @@ -33,6 +37,8 @@ jobs: - name: Calculate and Create Git Tag for Develop id: tagger + # ▼ develop 브랜치 푸시일 때만 이 버저닝 단계를 실행 + if: github.ref_type == 'branch' uses: anothrNick/github-tag-action@1.67.0 env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -40,53 +46,63 @@ jobs: DEFAULT_BUMP: patch CUSTOM_TAG_SCHEME: "feat:minor" - # ======================================================= - # JOB 2: 이미지 빌드 및 1차 승인 요청 - # ======================================================= - build-and-request-push: - needs: calculate-version - if: success() || (github.event_name == 'push' && startsWith(github.ref, 'refs/tags/')) - runs-on: ubuntu-latest - environment: - name: ecr-push-approval - outputs: - # ▼▼▼ [수정 1] 태그 푸시일 때만 ref_name을 사용하도록 로직 수정 (가장 중요) ▼▼▼ - new_version: ${{ startsWith(github.ref, 'refs/tags/') && github.ref_name || needs.calculate-version.outputs.new_version }} - changelog: ${{ needs.calculate-version.outputs.changelog }} - steps: - - uses: actions/checkout@v4 - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - - name: Build Docker image for logging + - name: Build image just for logging run: | - docker buildx build --platform linux/amd64 -t YOUR_ECR_URI/YOUR_SERVICE_NAME:${{ startsWith(github.ref, 'refs/tags/') && github.ref_name || needs.calculate-version.outputs.new_version }} . --load > build_log.txt 2>&1 || true - + docker build . -t temp-image > build_log.txt 2>&1 || true + - name: Upload build log as artifact uses: actions/upload-artifact@v4 with: - name: build-log-${{ startsWith(github.ref, 'refs/tags/') && github.ref_name || needs.calculate-version.outputs.new_version }} + name: build-log-${{ steps.tagger.outputs.new_tag || github.ref_name }} path: build_log.txt + # ======================================================= + # JOB 2: 1차 승인 알림 발송 (ECR 푸시) + # ======================================================= + notify-for-push-approval: + needs: build + runs-on: ubuntu-latest + steps: + - name: Download build log artifact + uses: actions/download-artifact@v4 + with: + name: build-log-${{ needs.build.outputs.version_tag }} + + - name: Prepare Multi-line Notification Message + id: prepare_message + run: | + KEYWORDS="error|failed|warning|deprecated" + LOG_ISSUES=$(grep -i -E -C 2 "$KEYWORDS" build_log.txt || true) + + if [[ -z "$LOG_ISSUES" ]]; then + SUMMARY="✅ 빌드 로그에서 특별한 경고나 에러가 발견되지 않았습니다." + else + TRUNCATED_LOGS=$(echo "$LOG_ISSUES" | head -c 1500) + SUMMARY="⚠️ 빌드 로그에서 잠재적인 문제가 발견되었습니다. **Log Issues Summary:**\`\`\`${TRUNCATED_LOGS}\`\`\`" + fi + + { + echo "summary<> "$GITHUB_OUTPUT" + - name: Send Discord Notification for ECR Push Approval uses: sarisia/actions-status-discord@v1 with: webhook: ${{ secrets.DISCORD_WEBHOOK_URL }} - title: "🔎 [1차 승인] ECR Push 승인 요청: ${{ startsWith(github.ref, 'refs/tags/') && github.ref_name || needs.calculate-version.outputs.new_version }}" + title: "🔎 [1차 승인] ECR Push 승인 요청: ${{ needs.build.outputs.version_tag }}" description: | - Docker 이미지 빌드가 완료되었습니다. ECR에 이미지를 Push 하려면 아래 링크에서 승인해주세요. - **변경 내역:** - ${{ needs.calculate-version.outputs.changelog }} - [➡️ 빌드 로그 확인 및 승인하기](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) + ${{ steps.prepare_message.outputs.summary }} + + [➡️ 전체 로그 및 승인 페이지로 이동](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) color: 49151 # ===================================== - # JOB 3: ECR에 이미지 푸시 + # JOB 3: ECR 푸시 실행 (1차 승인 게이트) # ===================================== push-to-ecr: - needs: build-and-request-push + needs: [build, notify-for-push-approval] runs-on: ubuntu-latest environment: name: ecr-push-approval @@ -94,80 +110,82 @@ jobs: - uses: actions/checkout@v4 - name: Set up QEMU & Docker Buildx uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Configure AWS credentials + - uses: docker/setup-buildx-action@v3 + - name: Configure AWS credentials & Login to ECR uses: aws-actions/configure-aws-credentials@v4 with: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} aws-region: ap-northeast-2 - - name: Login to Amazon ECR - uses: aws-actions/amazon-ecr-login@v2 - - name: Build and push Multi-Arch Docker image to ECR + - uses: aws-actions/amazon-ecr-login@v2 + - name: Build and push Multi-Arch Docker image uses: docker/build-push-action@v5 with: context: . push: true platforms: linux/amd64,linux/arm64 - tags: 326536620954.dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:${{ needs.build-and-request-push.outputs.new_version }} + tags: 326536620954.dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:${{ needs.build.outputs.version_tag }} cache-from: type=registry,ref=326536620954.dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:buildcache cache-to: type=registry,ref=326536620954.dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:buildcache,mode=max # ================================================== - # JOB 4: 2차 승인 알림 발송 및 대기 + # JOB 4: 2차 승인 알림 발송 (EKS 배포) # ================================================== - deploy-to-eks: - needs: [build-and-request-push, push-to-ecr] + notify-for-deploy-approval: + needs: [build, push-to-ecr] runs-on: ubuntu-latest - environment: - name: production-deploy steps: - name: Send Discord Notification for Deployment Approval uses: sarisia/actions-status-discord@v1 with: webhook: ${{ secrets.DISCORD_WEBHOOK_URL }} - title: "🚀 [2차 승인] EKS 배포 승인 요청: ${{ needs.build-and-request-push.outputs.new_version }}" + title: "🚀 [2차 승인] EKS 배포 승인 요청: ${{ needs.build.outputs.version_tag }}" description: | 이미지가 ECR에 준비되었습니다. 배포를 진행하려면 아래 링크에서 승인해주세요. [➡️ 배포 승인하기](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) color: 0xFF4500 - + + # ================================================== + # JOB 5: 최종 배포 실행 (2차 승인 게이트) + # ================================================== + deploy-to-eks: + needs: [build, notify-for-deploy-approval] + runs-on: ubuntu-latest + environment: + name: production-deploy + steps: - name: Checkout Configuration Repo uses: actions/checkout@v4 with: repository: highfive-goorm/hf-eks-config token: ${{ secrets.CONFIG_REPO_PAT }} - # ▼▼▼ [개선 3] 안전한 체크아웃을 위해 경로 지정 ▼▼▼ path: 'config-repo' - - - name: Update Kubernetes manifest image tag + - name: Update manifest file run: | - # ▼▼▼ [개선 3] 더 안전한 sed 명령어로 교체 ▼▼▼ - sed -i -E "s|^(\s*image:\s*).*|\1326536620954.dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:${{ needs.build-and-request-push.outputs.new_version }}|" config-repo/highfive-frontend-service.yaml - + sed -i -E "s|^(\s*image:\s*).*|\1326536620954.dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:${{ needs.build.outputs.version_tag }}|" config-repo/highfive-frontend-service.yaml - name: Commit and push changes uses: stefanzweifel/git-auto-commit-action@v5 with: - commit_message: "Deploy image version ${{ needs.build-and-request-push.outputs.new_version }} for highfive-frontend-service" + commit_message: "Deploy image ${{ needs.build.outputs.version_tag }} for highfive-frontend-service" repository: 'config-repo' file_pattern: 'highfive-frontend-service.yaml' # ========================================================== - # JOB 5: 워크플로우 실패 시 알림 + # JOB 6: 워크플로우 실패 시 알림 # ========================================================== notify-on-failure: if: failure() - needs: [calculate-version, build-and-request-push, push-to-ecr, deploy-to-eks] + needs: [build, push-to-ecr, deploy-to-eks] runs-on: ubuntu-latest steps: - name: Send Discord Failure Notification + # ▼▼▼ [수정] curl 방식에서 sarisia/actions-status-discord 액션으로 변경 ▼▼▼ uses: sarisia/actions-status-discord@v1 with: webhook: ${{ secrets.DISCORD_WEBHOOK_URL }} - status: failure + status: failure # 액션이 실패 상태에 맞는 색상(빨강)과 메시지를 자동으로 쓰게 함 title: "❌ CI/CD 파이프라인 실패" description: | `${{ github.repository }}` 레포지토리의 워크플로우 실행에 실패했습니다. [➡️ 실패한 워크플로우 로그 확인하기](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }}) - color: 0xE74C3C \ No newline at end of file + color: 0xE74C3C # 16진수 빨간색 From 6d1972d3f8c2a027f770935c297a551acca77ee1 Mon Sep 17 00:00:00 2001 From: ksee1230 Date: Fri, 20 Jun 2025 11:05:43 +0900 Subject: [PATCH 12/12] =?UTF-8?q?ci:=20CI=20=EC=84=A4=EC=A0=95=20=ED=8C=8C?= =?UTF-8?q?=EC=9D=BC=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/ci-cd.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml index d3fed07..6eddbd4 100644 --- a/.github/workflows/ci-cd.yml +++ b/.github/workflows/ci-cd.yml @@ -91,7 +91,7 @@ jobs: uses: sarisia/actions-status-discord@v1 with: webhook: ${{ secrets.DISCORD_WEBHOOK_URL }} - title: "🔎 [1차 승인] ECR Push 승인 요청: ${{ needs.build.outputs.version_tag }}" + title: "🔎 [1차 승인] ECR Push 승인 요청: frontend ${{ needs.build.outputs.version_tag }}" description: | ${{ steps.prepare_message.outputs.summary }} @@ -139,7 +139,7 @@ jobs: uses: sarisia/actions-status-discord@v1 with: webhook: ${{ secrets.DISCORD_WEBHOOK_URL }} - title: "🚀 [2차 승인] EKS 배포 승인 요청: ${{ needs.build.outputs.version_tag }}" + title: "🚀 [2차 승인] EKS 배포 승인 요청: frontend ${{ needs.build.outputs.version_tag }}" description: | 이미지가 ECR에 준비되었습니다. 배포를 진행하려면 아래 링크에서 승인해주세요. [➡️ 배포 승인하기](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})