highfive-goorm · ksee1230 · Jun 20, 2025 · Jun 19, 2025 · Jun 19, 2025 · Jun 19, 2025
diff --git a/.github/workflows/ci-cd.yml b/.github/workflows/ci-cd.yml
@@ -0,0 +1,191 @@
+name: CI/CD Pipeline for frontend-service
+
+on:
+  push:
+    branches:
+      - develop
+    tags:
+      - '*.*.*'
+      - '!*.*.*-*'
+  pull_request:
+    branches:
+      - develop
+
+permissions:
+  contents: write
+  pull-requests: read
+
+jobs:
+  # =========================================
+  # JOB 1: 버전 계산 및 빌드 준비
+  # =========================================
+  build:
+    # ▼▼▼ [수정] develop, tag 푸시 모두에서 실행되도록 잡 레벨의 if 조건 제거 ▼▼▼
+    if: github.event_name == 'push'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write
+    outputs:
+      # ▼▼▼ [수정] develop, tag 푸시 시나리오를 모두 처리하는 안정적인 출력 방식 ▼▼▼
+      version_tag: ${{ steps.tagger.outputs.new_tag || github.ref_name }}
+      changelog: ${{ steps.tagger.outputs.changelog }}
+
+    steps:
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Calculate and Create Git Tag for Develop
+        id: tagger
+        # ▼ develop 브랜치 푸시일 때만 이 버저닝 단계를 실행
+        if: github.ref_type == 'branch'
+        uses: anothrNick/github-tag-action@1.67.0
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          WITH_V: false
+          DEFAULT_BUMP: patch
+          CUSTOM_TAG_SCHEME: "feat:minor"
+
+      - name: Build image just for logging
+        run: |
+          docker build . -t temp-image > build_log.txt 2>&1 || true
+
+      - name: Upload build log as artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: build-log-${{ steps.tagger.outputs.new_tag || github.ref_name }}
+          path: build_log.txt
+
+ # =======================================================
+  # JOB 2: 1차 승인 알림 발송 (ECR 푸시)
+  # =======================================================
+  notify-for-push-approval:
+    needs: build
+    runs-on: ubuntu-latest
+    steps:
+      - name: Download build log artifact
+        uses: actions/download-artifact@v4
+        with:
+          name: build-log-${{ needs.build.outputs.version_tag }}
+
+      - name: Prepare Multi-line Notification Message
+        id: prepare_message
+        run: |
+          KEYWORDS="error|failed|warning|deprecated"
+          LOG_ISSUES=$(grep -i -E -C 2 "$KEYWORDS" build_log.txt || true)
+
+          if [[ -z "$LOG_ISSUES" ]]; then
+            SUMMARY="✅ 빌드 로그에서 특별한 경고나 에러가 발견되지 않았습니다."
+          else
+            TRUNCATED_LOGS=$(echo "$LOG_ISSUES" | head -c 1500)
+            SUMMARY="⚠️ 빌드 로그에서 잠재적인 문제가 발견되었습니다. **Log Issues Summary:**\`\`\`${TRUNCATED_LOGS}\`\`\`"
+          fi
+
+          {
+            echo "summary<<EOF"
+            echo "$SUMMARY"
+            echo "EOF"
+          } >> "$GITHUB_OUTPUT"
+
+      - name: Send Discord Notification for ECR Push Approval
+        uses: sarisia/actions-status-discord@v1
+        with:
+          webhook: ${{ secrets.DISCORD_WEBHOOK_URL }}
+          title: "🔎 [1차 승인] ECR Push 승인 요청: frontend ${{ needs.build.outputs.version_tag }}"
+          description: |
+            ${{ steps.prepare_message.outputs.summary }}
+
+            [➡️ 전체 로그 및 승인 페이지로 이동](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})
+          color: 49151
+
+  # =====================================
+  # JOB 3: ECR 푸시 실행 (1차 승인 게이트)
+  # =====================================
+  push-to-ecr:
+    needs: [build, notify-for-push-approval]
+    runs-on: ubuntu-latest
+    environment:
+      name: ecr-push-approval
+    steps:
+      - uses: actions/checkout@v4
+      - name: Set up QEMU & Docker Buildx
+        uses: docker/setup-qemu-action@v3
+      - uses: docker/setup-buildx-action@v3
+      - name: Configure AWS credentials & Login to ECR
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ap-northeast-2
+      - uses: aws-actions/amazon-ecr-login@v2
+      - name: Build and push Multi-Arch Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          push: true
+          platforms: linux/amd64,linux/arm64
+          tags: 326536620954.dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:${{ needs.build.outputs.version_tag }}
+          cache-from: type=registry,ref=326536620954.dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:buildcache
+          cache-to: type=registry,ref=326536620954.dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:buildcache,mode=max
+
+  # ==================================================
+  # JOB 4: 2차 승인 알림 발송 (EKS 배포)
+  # ==================================================
+  notify-for-deploy-approval:
+    needs: [build, push-to-ecr]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Send Discord Notification for Deployment Approval
+        uses: sarisia/actions-status-discord@v1
+        with:
+          webhook: ${{ secrets.DISCORD_WEBHOOK_URL }}
+          title: "🚀 [2차 승인] EKS 배포 승인 요청: frontend ${{ needs.build.outputs.version_tag }}"
+          description: |
+            이미지가 ECR에 준비되었습니다. 배포를 진행하려면 아래 링크에서 승인해주세요.
+            [➡️ 배포 승인하기](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})
+          color: 0xFF4500
+
+  # ==================================================
+  # JOB 5: 최종 배포 실행 (2차 승인 게이트)
+  # ==================================================
+  deploy-to-eks:
+    needs: [build, notify-for-deploy-approval]
+    runs-on: ubuntu-latest
+    environment:
+      name: production-deploy
+    steps:
+      - name: Checkout Configuration Repo
+        uses: actions/checkout@v4
+        with:
+          repository: highfive-goorm/hf-eks-config
+          token: ${{ secrets.CONFIG_REPO_PAT }}
+          path: 'config-repo'
+      - name: Update manifest file
+        run: |
+          sed -i -E "s|^(\s*image:\s*).*|\1326536620954.dkr.ecr.ap-northeast-2.amazonaws.com/highfive/highfive-frontend:${{ needs.build.outputs.version_tag }}|" config-repo/highfive-frontend-service.yaml
+      - name: Commit and push changes
+        uses: stefanzweifel/git-auto-commit-action@v5
+        with:
+          commit_message: "Deploy image ${{ needs.build.outputs.version_tag }} for highfive-frontend-service"
+          repository: 'config-repo'
+          file_pattern: 'highfive-frontend-service.yaml'
+
+  # ==========================================================
+  # JOB 6: 워크플로우 실패 시 알림
+  # ==========================================================
+  notify-on-failure:
+    if: failure()
+    needs: [build, push-to-ecr, deploy-to-eks]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Send Discord Failure Notification
+        # ▼▼▼ [수정] curl 방식에서 sarisia/actions-status-discord 액션으로 변경 ▼▼▼
+        uses: sarisia/actions-status-discord@v1
+        with:
+          webhook: ${{ secrets.DISCORD_WEBHOOK_URL }}
+          status: failure # 액션이 실패 상태에 맞는 색상(빨강)과 메시지를 자동으로 쓰게 함
+          title: "❌ CI/CD 파이프라인 실패"
+          description: |
+            `${{ github.repository }}` 레포지토리의 워크플로우 실행에 실패했습니다.
+            [➡️ 실패한 워크플로우 로그 확인하기](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})
+          color: 0xE74C3C # 16진수 빨간색