Files
taxbaik/.gitea/workflows/deploy.yml
T
kjh2064 41f569362d
TaxBaik CI/CD / build-and-deploy (push) Failing after 1m1s
TaxBaik Browser E2E / browser-e2e (push) Has been cancelled
fix: align secret writing path and active symlink with web/ subfolder deployment structure
2026-06-28 00:54:29 +09:00

157 lines
6.1 KiB
YAML

name: TaxBaik CI/CD
on:
push:
branches:
- master
jobs:
build-and-deploy:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: '10.0'
- name: Restore dependencies
run: dotnet restore TaxBaik.sln
- name: Build solution
run: |
dotnet clean TaxBaik.sln -c Release
dotnet build TaxBaik.sln -c Release --no-restore
- name: Test solution
run: dotnet test TaxBaik.sln -c Release --no-build
- name: Publish Web
run: dotnet publish TaxBaik.Web/ -c Release -o ./publish --no-restore
- name: Write production secrets
run: |
set -e
JWT_SECRET_KEY="${{ secrets.TAXBAIK_JWT_SECRET_KEY }}"
TELEGRAM_BOT_TOKEN="${{ secrets.TAXBAIK_TELEGRAM_BOT_TOKEN }}"
TELEGRAM_CHAT_ID="${{ secrets.TAXBAIK_TELEGRAM_CHAT_ID }}"
[ -z "$JWT_SECRET_KEY" ] && { echo "Missing TAXBAIK_JWT_SECRET_KEY" >&2; exit 1; }
[ -z "$TELEGRAM_BOT_TOKEN" ] && { echo "Missing TAXBAIK_TELEGRAM_BOT_TOKEN" >&2; exit 1; }
[ -z "$TELEGRAM_CHAT_ID" ] && { echo "Missing TAXBAIK_TELEGRAM_CHAT_ID" >&2; exit 1; }
JWT_SECRET_KEY="$JWT_SECRET_KEY" \
TELEGRAM_BOT_TOKEN="$TELEGRAM_BOT_TOKEN" \
TELEGRAM_CHAT_ID="$TELEGRAM_CHAT_ID" \
python3 -c '
import json, os, pathlib
pathlib.Path("./publish/web/appsettings.Production.json").write_text(
json.dumps({
"Jwt": {"SecretKey": os.environ["JWT_SECRET_KEY"]},
"Telegram": {"BotToken": os.environ["TELEGRAM_BOT_TOKEN"], "ChatId": os.environ["TELEGRAM_CHAT_ID"]}
}, ensure_ascii=False, indent=2),
encoding="utf-8"
)'
test -s ./publish/web/appsettings.Production.json || { echo "appsettings.Production.json is empty" >&2; exit 1; }
- name: Copy migrations
run: cp -r db/migrations ./publish/web/migrations || true
- name: Generate build info
run: |
COMMIT_HASH=$(git rev-parse --short HEAD)
BUILD_TIME=$(date -u +'%Y-%m-%d %H:%M:%S UTC')
mkdir -p ./publish/web/wwwroot
printf 'Version: %s\nBuilt: %s\n' "$COMMIT_HASH" "$BUILD_TIME" > ./publish/web/wwwroot/version.txt
echo "✓ Build: $COMMIT_HASH @ $BUILD_TIME"
- name: Setup SSH
run: |
mkdir -p ~/.ssh
SSH_KEY_B64="${{ secrets.DEPLOY_SSH_KEY_B64 }}"
SSH_KEY_RAW="${{ secrets.DEPLOY_SSH_KEY }}"
if [ -n "$SSH_KEY_B64" ]; then
printf '%s' "$SSH_KEY_B64" | base64 -d > ~/.ssh/id_ed25519
elif [ -n "$SSH_KEY_RAW" ]; then
if printf '%s' "$SSH_KEY_RAW" | grep -q 'BEGIN .*PRIVATE KEY'; then
printf '%b\n' "$SSH_KEY_RAW" > ~/.ssh/id_ed25519
else
printf '%s' "$SSH_KEY_RAW" | base64 -d > ~/.ssh/id_ed25519
fi
else
echo "Missing DEPLOY_SSH_KEY_B64 or DEPLOY_SSH_KEY" >&2; exit 1
fi
sed -i 's/\r$//' ~/.ssh/id_ed25519
chmod 600 ~/.ssh/id_ed25519
ssh-keyscan -H "${{ secrets.DEPLOY_HOST }}" >> ~/.ssh/known_hosts 2>/dev/null || true
- name: Package artifact
run: |
tar -czf taxbaik_deploy.tgz -C ./publish .
echo "✓ Package: $(du -sh taxbaik_deploy.tgz | cut -f1)"
- name: Deploy & verify on server
run: |
set -e
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
COMMIT=$(git rev-parse --short HEAD)
DEPLOY_HOST="${{ secrets.DEPLOY_HOST }}"
DEPLOY_USER="${{ secrets.DEPLOY_USER }}"
echo "=== Deploying TaxBaik $COMMIT ($TIMESTAMP) ==="
# 1. 아티팩트 업로드
scp -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=yes \
taxbaik_deploy.tgz "$DEPLOY_USER@$DEPLOY_HOST:/tmp/taxbaik_${TIMESTAMP}.tgz"
# 2. 서버에서 배포 + 헬스 체크 (SSH 1회 연결로 처리)
ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=yes \
-o ServerAliveInterval=10 \
"$DEPLOY_USER@$DEPLOY_HOST" bash << REMOTE
set -e
DEPLOY_HOME="/home/kjh2064"
DEPLOY_DIR="\$DEPLOY_HOME/deployments/taxbaik_${TIMESTAMP}"
TIMESTAMP="${TIMESTAMP}"
echo "--- [1/5] 압축 해제 ---"
mkdir -p "\$DEPLOY_DIR"
tar -xzf "/tmp/taxbaik_\${TIMESTAMP}.tgz" -C "\$DEPLOY_DIR"
rm -f "/tmp/taxbaik_\${TIMESTAMP}.tgz"
echo "--- [2/5] 운영 설정 검증 ---"
test -s "\$DEPLOY_DIR/web/appsettings.Production.json" \
|| { echo "FATAL: appsettings.Production.json 없음" >&2; exit 1; }
echo "--- [3/5] 심볼릭 링크 전환 ---"
ln -sfn "\$DEPLOY_DIR/web" "\$DEPLOY_HOME/taxbaik_active"
echo "--- [4/5] 서비스 재시작 ---"
sudo /usr/bin/systemctl restart taxbaik
echo "--- [5/5] 헬스 체크 (최대 120초) ---"
ATTEMPTS=40
for i in \$(seq 1 \$ATTEMPTS); do
STATUS=\$(curl -sf -o /dev/null -w '%{http_code}' http://127.0.0.1:5001/taxbaik/ 2>/dev/null || echo "000")
if [ "\$STATUS" = "200" ]; then
echo "✓ 서비스 정상 (시도 \$i/\$ATTEMPTS)"
# 구 배포 디렉토리 정리 (최근 5개 보존)
ls -1dt \$DEPLOY_HOME/deployments/taxbaik_* 2>/dev/null \
| tail -n +6 | xargs rm -rf 2>/dev/null || true
exit 0
fi
if [ "\$i" -eq "\$ATTEMPTS" ]; then
echo "=== FATAL: 서비스가 \$ATTEMPTS회 시도 후에도 응답하지 않음 ===" >&2
echo "--- systemd 상태 ---" >&2
systemctl is-active taxbaik >&2 || true
echo "--- 최근 로그 50줄 ---" >&2
journalctl -u taxbaik --no-pager -n 50 >&2
exit 1
fi
echo " 대기 중... (\$i/\$ATTEMPTS, HTTP \$STATUS)"
sleep 3
done
REMOTE
echo "✓ 배포 완료: taxbaik_${TIMESTAMP} @ $DEPLOY_HOST"