-
Notifications
You must be signed in to change notification settings - Fork 0
240 lines (205 loc) · 8.37 KB
/
deploy.yml
File metadata and controls
240 lines (205 loc) · 8.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
# ============================================================================
# Backend Deploy Workflow (GCP/Cloud Run)
# ============================================================================
# 역할:
# - Integrate workflow 성공 후 자동 실행
# - integrate에서 생성된 JAR artifact 사용 (빌드 재수행 없음)
# - Docker 이미지 빌드 및 Artifact Registry 푸시
# - Cloud Run 서비스 배포
#
# Job 구조:
# prepare ──> build-image ──> deploy
#
# 트리거:
# - Integrate Backend workflow가 develop 브랜치에서 성공적으로 완료된 후
# - 수동 실행 (workflow_dispatch) - 최근 성공한 integrate run의 artifact 사용
#
# GitHub Secrets (Settings > Secrets and variables > Actions > Secrets):
# - GCP_WORKLOAD_IDENTITY_PROVIDER: Workload Identity Provider (projects/.../providers/...)
# - GCP_SERVICE_ACCOUNT: GCP Service Account 이메일
#
# GitHub Variables (Settings > Secrets and variables > Actions > Variables):
# - GCP_PROJECT_ID: GCP 프로젝트 ID
# - GCP_REGION: GCP 리전 (예: asia-northeast3)
# ============================================================================
name: Deploy Backend to Cloud Run
permissions:
contents: read
actions: read
id-token: write
on:
workflow_run:
workflows: ["Integrate Backend"]
types:
- completed
branches:
- develop
workflow_dispatch:
env:
SERVICE_NAME: api-message
CLOUD_RUN_SERVICE: telecom-app-api-message
jobs:
# ==========================================================================
# Prepare Job - Artifact 준비
# ==========================================================================
prepare:
name: Prepare
runs-on: ubuntu-latest
if: >
github.event_name == 'workflow_dispatch' ||
(github.event.workflow_run.conclusion == 'success' &&
github.event.workflow_run.event == 'push')
outputs:
run_id: ${{ steps.get-run-info.outputs.run_id }}
head_sha: ${{ steps.get-run-info.outputs.head_sha }}
short_sha: ${{ steps.get-run-info.outputs.short_sha }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Get workflow run info
id: get-run-info
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
if [ "${{ github.event_name }}" == "workflow_dispatch" ]; then
echo "Manual trigger detected. Finding latest successful integrate run..."
RUN_INFO=$(gh run list \
--workflow "Integrate Backend" \
--branch develop \
--status success \
--event push \
--limit 1 \
--json databaseId,headSha)
RUN_ID=$(echo "$RUN_INFO" | jq -r '.[0].databaseId')
HEAD_SHA=$(echo "$RUN_INFO" | jq -r '.[0].headSha')
if [ "$RUN_ID" == "null" ] || [ -z "$RUN_ID" ]; then
echo "::error::No successful integrate workflow run found"
exit 1
fi
echo "Found run ID: $RUN_ID, commit: $HEAD_SHA"
else
echo "workflow_run trigger detected"
RUN_ID="${{ github.event.workflow_run.id }}"
HEAD_SHA="${{ github.event.workflow_run.head_sha }}"
fi
SHORT_SHA=${HEAD_SHA:0:7}
echo "run_id=$RUN_ID" >> $GITHUB_OUTPUT
echo "head_sha=$HEAD_SHA" >> $GITHUB_OUTPUT
echo "short_sha=$SHORT_SHA" >> $GITHUB_OUTPUT
- name: Download artifact from Integrate workflow
uses: actions/download-artifact@v4
with:
name: spring-boot-app
path: build/libs
github-token: ${{ secrets.GITHUB_TOKEN }}
run-id: ${{ steps.get-run-info.outputs.run_id }}
- name: Verify and upload artifact
run: |
echo "Downloaded artifacts:"
ls -la build/libs/
JAR_FILE=$(ls build/libs/*.jar | head -1)
echo "JAR file: $JAR_FILE"
- name: Upload artifact for next jobs
uses: actions/upload-artifact@v4
with:
name: deploy-artifact
path: build/libs/*.jar
retention-days: 1
# ==========================================================================
# Build Image Job - Docker 빌드 및 Artifact Registry 푸시
# ==========================================================================
build-image:
name: Build Image
runs-on: ubuntu-latest
needs: [prepare]
permissions:
contents: read
id-token: write
outputs:
image_tag: ${{ needs.prepare.outputs.head_sha }}
image_url: ${{ steps.build.outputs.image_url }}
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Download artifact
uses: actions/download-artifact@v4
with:
name: deploy-artifact
path: build/libs
- name: Authenticate to Google Cloud
id: auth
uses: google-github-actions/auth@v2
with:
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
token_format: access_token
- name: Login to Artifact Registry
uses: docker/login-action@v3
with:
registry: ${{ vars.GCP_REGION }}-docker.pkg.dev
username: oauth2accesstoken
password: ${{ steps.auth.outputs.access_token }}
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
- name: Build and push Docker image
id: build
env:
IMAGE_URL: ${{ vars.GCP_REGION }}-docker.pkg.dev/${{ vars.GCP_PROJECT_ID }}/telecom-app-repo/${{ env.SERVICE_NAME }}
run: |
docker buildx build \
--file Dockerfile.deploy \
--tag $IMAGE_URL:${{ needs.prepare.outputs.head_sha }} \
--tag $IMAGE_URL:${{ needs.prepare.outputs.short_sha }} \
--tag $IMAGE_URL:latest \
--push \
--cache-from type=gha \
--cache-to type=gha,mode=max \
.
echo "image_url=$IMAGE_URL" >> $GITHUB_OUTPUT
# ==========================================================================
# Deploy Job - Cloud Run 배포
# ==========================================================================
deploy:
name: Deploy
runs-on: ubuntu-latest
needs: [prepare, build-image]
permissions:
contents: read
id-token: write
steps:
- name: Authenticate to Google Cloud
uses: google-github-actions/auth@v2
with:
workload_identity_provider: ${{ secrets.GCP_WORKLOAD_IDENTITY_PROVIDER }}
service_account: ${{ secrets.GCP_SERVICE_ACCOUNT }}
- name: Set up Cloud SDK
uses: google-github-actions/setup-gcloud@v2
- name: Deploy to Cloud Run
run: |
gcloud run services update ${{ env.CLOUD_RUN_SERVICE }} \
--project=${{ vars.GCP_PROJECT_ID }} \
--region=${{ vars.GCP_REGION }} \
--image=${{ needs.build-image.outputs.image_url }}:${{ needs.prepare.outputs.head_sha }}
- name: Verify deployment
run: |
echo "Checking deployment status..."
gcloud run services describe ${{ env.CLOUD_RUN_SERVICE }} \
--project=${{ vars.GCP_PROJECT_ID }} \
--region=${{ vars.GCP_REGION }} \
--format="value(status.url)"
- name: Deployment Summary
run: |
SERVICE_URL=$(gcloud run services describe ${{ env.CLOUD_RUN_SERVICE }} \
--project=${{ vars.GCP_PROJECT_ID }} \
--region=${{ vars.GCP_REGION }} \
--format="value(status.url)")
echo "## Deployment Summary" >> $GITHUB_STEP_SUMMARY
echo "| Item | Value |" >> $GITHUB_STEP_SUMMARY
echo "|------|-------|" >> $GITHUB_STEP_SUMMARY
echo "| **Service** | \`${{ env.CLOUD_RUN_SERVICE }}\` |" >> $GITHUB_STEP_SUMMARY
echo "| **Image Tag** | \`${{ needs.prepare.outputs.head_sha }}\` |" >> $GITHUB_STEP_SUMMARY
echo "| **Short SHA** | \`${{ needs.prepare.outputs.short_sha }}\` |" >> $GITHUB_STEP_SUMMARY
echo "| **Source Run ID** | \`${{ needs.prepare.outputs.run_id }}\` |" >> $GITHUB_STEP_SUMMARY
echo "| **Region** | \`${{ vars.GCP_REGION }}\` |" >> $GITHUB_STEP_SUMMARY
echo "| **Service URL** | $SERVICE_URL |" >> $GITHUB_STEP_SUMMARY
echo "| **Triggered by** | \`${{ github.event_name }}\` |" >> $GITHUB_STEP_SUMMARY