157 lines
6.1 KiB
YAML
157 lines
6.1 KiB
YAML
name: TaxBaik CI/CD
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
|
|
jobs:
|
|
build-and-deploy:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- name: Checkout code
|
|
uses: actions/checkout@v4
|
|
|
|
- name: Setup .NET
|
|
uses: actions/setup-dotnet@v4
|
|
with:
|
|
dotnet-version: '10.0'
|
|
|
|
- name: Restore dependencies
|
|
run: dotnet restore TaxBaik.sln
|
|
|
|
- name: Build solution
|
|
run: |
|
|
dotnet clean TaxBaik.sln -c Release
|
|
dotnet build TaxBaik.sln -c Release --no-restore
|
|
|
|
- name: Test solution
|
|
run: dotnet test TaxBaik.sln -c Release --no-build
|
|
|
|
- name: Publish Web
|
|
run: dotnet publish TaxBaik.Web/ -c Release -o ./publish --no-restore
|
|
|
|
- name: Write production secrets
|
|
run: |
|
|
set -e
|
|
JWT_SECRET_KEY="${{ secrets.TAXBAIK_JWT_SECRET_KEY }}"
|
|
TELEGRAM_BOT_TOKEN="${{ secrets.TAXBAIK_TELEGRAM_BOT_TOKEN }}"
|
|
TELEGRAM_CHAT_ID="${{ secrets.TAXBAIK_TELEGRAM_CHAT_ID }}"
|
|
[ -z "$JWT_SECRET_KEY" ] && { echo "Missing TAXBAIK_JWT_SECRET_KEY" >&2; exit 1; }
|
|
[ -z "$TELEGRAM_BOT_TOKEN" ] && { echo "Missing TAXBAIK_TELEGRAM_BOT_TOKEN" >&2; exit 1; }
|
|
[ -z "$TELEGRAM_CHAT_ID" ] && { echo "Missing TAXBAIK_TELEGRAM_CHAT_ID" >&2; exit 1; }
|
|
JWT_SECRET_KEY="$JWT_SECRET_KEY" \
|
|
TELEGRAM_BOT_TOKEN="$TELEGRAM_BOT_TOKEN" \
|
|
TELEGRAM_CHAT_ID="$TELEGRAM_CHAT_ID" \
|
|
python3 -c '
|
|
import json, os, pathlib
|
|
pathlib.Path("./publish/web/appsettings.Production.json").write_text(
|
|
json.dumps({
|
|
"Jwt": {"SecretKey": os.environ["JWT_SECRET_KEY"]},
|
|
"Telegram": {"BotToken": os.environ["TELEGRAM_BOT_TOKEN"], "ChatId": os.environ["TELEGRAM_CHAT_ID"]}
|
|
}, ensure_ascii=False, indent=2),
|
|
encoding="utf-8"
|
|
)'
|
|
test -s ./publish/web/appsettings.Production.json || { echo "appsettings.Production.json is empty" >&2; exit 1; }
|
|
|
|
- name: Copy migrations
|
|
run: cp -r db/migrations ./publish/web/migrations || true
|
|
|
|
- name: Generate build info
|
|
run: |
|
|
COMMIT_HASH=$(git rev-parse --short HEAD)
|
|
BUILD_TIME=$(date -u +'%Y-%m-%d %H:%M:%S UTC')
|
|
mkdir -p ./publish/web/wwwroot
|
|
printf 'Version: %s\nBuilt: %s\n' "$COMMIT_HASH" "$BUILD_TIME" > ./publish/web/wwwroot/version.txt
|
|
echo "✓ Build: $COMMIT_HASH @ $BUILD_TIME"
|
|
|
|
- name: Setup SSH
|
|
run: |
|
|
mkdir -p ~/.ssh
|
|
SSH_KEY_B64="${{ secrets.DEPLOY_SSH_KEY_B64 }}"
|
|
SSH_KEY_RAW="${{ secrets.DEPLOY_SSH_KEY }}"
|
|
if [ -n "$SSH_KEY_B64" ]; then
|
|
printf '%s' "$SSH_KEY_B64" | base64 -d > ~/.ssh/id_ed25519
|
|
elif [ -n "$SSH_KEY_RAW" ]; then
|
|
if printf '%s' "$SSH_KEY_RAW" | grep -q 'BEGIN .*PRIVATE KEY'; then
|
|
printf '%b\n' "$SSH_KEY_RAW" > ~/.ssh/id_ed25519
|
|
else
|
|
printf '%s' "$SSH_KEY_RAW" | base64 -d > ~/.ssh/id_ed25519
|
|
fi
|
|
else
|
|
echo "Missing DEPLOY_SSH_KEY_B64 or DEPLOY_SSH_KEY" >&2; exit 1
|
|
fi
|
|
sed -i 's/\r$//' ~/.ssh/id_ed25519
|
|
chmod 600 ~/.ssh/id_ed25519
|
|
ssh-keyscan -H "${{ secrets.DEPLOY_HOST }}" >> ~/.ssh/known_hosts 2>/dev/null || true
|
|
|
|
- name: Package artifact
|
|
run: |
|
|
tar -czf taxbaik_deploy.tgz -C ./publish .
|
|
echo "✓ Package: $(du -sh taxbaik_deploy.tgz | cut -f1)"
|
|
|
|
- name: Deploy & verify on server
|
|
run: |
|
|
set -e
|
|
TIMESTAMP=$(date +%Y%m%d_%H%M%S)
|
|
COMMIT=$(git rev-parse --short HEAD)
|
|
DEPLOY_HOST="${{ secrets.DEPLOY_HOST }}"
|
|
DEPLOY_USER="${{ secrets.DEPLOY_USER }}"
|
|
|
|
echo "=== Deploying TaxBaik $COMMIT ($TIMESTAMP) ==="
|
|
|
|
# 1. 아티팩트 업로드
|
|
scp -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=yes \
|
|
taxbaik_deploy.tgz "$DEPLOY_USER@$DEPLOY_HOST:/tmp/taxbaik_${TIMESTAMP}.tgz"
|
|
|
|
# 2. 서버에서 배포 + 헬스 체크 (SSH 1회 연결로 처리)
|
|
ssh -i ~/.ssh/id_ed25519 -o StrictHostKeyChecking=yes \
|
|
-o ServerAliveInterval=10 \
|
|
"$DEPLOY_USER@$DEPLOY_HOST" bash << REMOTE
|
|
set -e
|
|
DEPLOY_HOME="/home/kjh2064"
|
|
DEPLOY_DIR="\$DEPLOY_HOME/deployments/taxbaik_${TIMESTAMP}"
|
|
TIMESTAMP="${TIMESTAMP}"
|
|
|
|
echo "--- [1/5] 압축 해제 ---"
|
|
mkdir -p "\$DEPLOY_DIR"
|
|
tar -xzf "/tmp/taxbaik_\${TIMESTAMP}.tgz" -C "\$DEPLOY_DIR"
|
|
rm -f "/tmp/taxbaik_\${TIMESTAMP}.tgz"
|
|
|
|
echo "--- [2/5] 운영 설정 검증 ---"
|
|
test -s "\$DEPLOY_DIR/web/appsettings.Production.json" \
|
|
|| { echo "FATAL: appsettings.Production.json 없음" >&2; exit 1; }
|
|
|
|
echo "--- [3/5] 심볼릭 링크 전환 ---"
|
|
ln -sfn "\$DEPLOY_DIR/web" "\$DEPLOY_HOME/taxbaik_active"
|
|
|
|
echo "--- [4/5] 서비스 재시작 ---"
|
|
sudo /usr/bin/systemctl restart taxbaik
|
|
|
|
echo "--- [5/5] 헬스 체크 (최대 120초) ---"
|
|
ATTEMPTS=40
|
|
for i in \$(seq 1 \$ATTEMPTS); do
|
|
STATUS=\$(curl -sf -o /dev/null -w '%{http_code}' http://127.0.0.1:5001/taxbaik/ 2>/dev/null || echo "000")
|
|
if [ "\$STATUS" = "200" ]; then
|
|
echo "✓ 서비스 정상 (시도 \$i/\$ATTEMPTS)"
|
|
# 구 배포 디렉토리 정리 (최근 5개 보존)
|
|
ls -1dt \$DEPLOY_HOME/deployments/taxbaik_* 2>/dev/null \
|
|
| tail -n +6 | xargs rm -rf 2>/dev/null || true
|
|
exit 0
|
|
fi
|
|
if [ "\$i" -eq "\$ATTEMPTS" ]; then
|
|
echo "=== FATAL: 서비스가 \$ATTEMPTS회 시도 후에도 응답하지 않음 ===" >&2
|
|
echo "--- systemd 상태 ---" >&2
|
|
systemctl is-active taxbaik >&2 || true
|
|
echo "--- 최근 로그 50줄 ---" >&2
|
|
journalctl -u taxbaik --no-pager -n 50 >&2
|
|
exit 1
|
|
fi
|
|
echo " 대기 중... (\$i/\$ATTEMPTS, HTTP \$STATUS)"
|
|
sleep 3
|
|
done
|
|
REMOTE
|
|
|
|
echo "✓ 배포 완료: taxbaik_${TIMESTAMP} @ $DEPLOY_HOST"
|