Merge pull request #19 from SWM-15th-Dnight/develop #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PROD - Ai server Deploy to Amazon ECR | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| env: | |
| AWS_REGION: ap-northeast-2 | |
| ECR_REPOSITORY: ${{ secrets.AI_SERVER_ECR_REPOSITORY }} | |
| BASTION_HOST : ${{ secrets.BASTION_HOST }} | |
| BASTION_USER : ${{ secrets.BASTION_USER }} | |
| PRIVATE_AI_HOST: ${{ secrets.PRIVATE_AI_HOST }} | |
| PRIVATE_AI_USER: ${{ secrets.PRIVATE_AI_USER }} | |
| BASTION_PEM : ${{ secrets.BASTOIN_PEM }} | |
| PRIVATE_AI_PEM : ${{ secrets.PRIVATE_AI_PEM }} | |
| IMAGE_TAG: AI-server | |
| permissions: | |
| contents: read | |
| jobs: | |
| deploy: | |
| name: Deploy | |
| runs-on: ubuntu-latest | |
| environment: dev | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Configure AWS credentials | |
| uses: aws-actions/configure-aws-credentials@v1 | |
| with: | |
| aws-access-key-id: ${{ secrets.AWS_ECR_IAM_ACCESS_KEY }} | |
| aws-secret-access-key: ${{ secrets.AWS_ECR_IAM_SECRET_ACCESS_KEY }} | |
| aws-region: ${{ env.AWS_REGION }} | |
| - name: Login to Amazon ECR | |
| id: login-ecr | |
| uses: aws-actions/amazon-ecr-login@v1 | |
| - name: Build, tag, and push image to Amazon ECR | |
| id: build-image | |
| env: | |
| ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} | |
| run: | | |
| docker build -t $ECR_REGISTRY/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} . | |
| docker push $ECR_REGISTRY/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} | |
| - name: Setup SSH | |
| uses: webfactory/[email protected] | |
| with: | |
| ssh-private-key: ${{ env.BASTION_PEM }} | |
| - name: Deploy Docker image to EC2 | |
| run: | | |
| # SSH into Bastion and setup for Private EC2 access | |
| ssh -o StrictHostKeyChecking=no ${{ env.BASTION_USER }}@${{ env.BASTION_HOST }} << 'EOF' | |
| # Private EC2에 접근할 PEM 키 파일 생성 | |
| echo "=====pem key 파일 생성=====" | |
| echo "${{ env.PRIVATE_AI_PEM }}" > PRIVATE_AI_key.pem | |
| chmod 600 PRIVATE_AI_key.pem | |
| echo "=====pem key 파일 생성 완료=====" | |
| # 내부에서 사용할 env 파일 생성 | |
| echo "=====.env 파일 생성=====" | |
| touch .env | |
| echo "CALINIFY_DATABASE_HOST=${{ secrets.PROD_DB_HOST }}" >> .env | |
| echo "CALINIFY_DATABASE_PASSWORD=${{ secrets.PROD_DB_PASSWORD }}" >> .env | |
| echo "CALINIFY_DATABASE_PORT=${{ secrets.PROD_DB_PORT }}" >> .env | |
| echo "CALINIFY_DATABASE_TABLE_NAME=${{ secrets.PROD_DB_TABLE_NAME }}" >> .env | |
| echo "CALINIFY_DATABASE_USERNAME=${{ secrets.PROD_DB_USERNAME }}" >> .env | |
| echo "OPENAI_API_KEY=${{ secrets.PROD_OPENAI_API_KEY }}" >> .env | |
| echo "GPT_PLAIN_TEXT_MODEL=${{ secrets.PROD_GPT_PLAIN_TEXT_MODEL }}" >> .env | |
| echo "GPT_IMAGE_MODEL=${{ secrets.PROD_GPT_IMAGE_MODEL }}" >> .env | |
| echo "S3_IAM_ACCESS_KEY=${{ secrets.PROD_S3_IAM_ACCESS_KEY }}" >> .env | |
| echo "S3_IAM_SECRET_KEY=${{ secrets.PROD_S3_IAM_SECRET_KEY }}" >> .env | |
| echo "S3_BUCKET_NAME=${{ secrets.PROD_S3_BUCKET_NAME }}" >> .env | |
| # 배포 프로필 설정 | |
| echo "CALINIFY_AI_SERVER_PROFILE=PROD" >> .env | |
| echo "=====.env 파일 생성 완료=====" | |
| # Private EC2에 env 파일과 키 파일 전송 | |
| ehco "=====.env 파일 및 pem key 전송=====" | |
| scp -i PRIVATE_AI_key.pem -o StrictHostKeyChecking=no .env PRIVATE_AI_key.pem ${{ env.PRIVATE_AI_USER }}@${{ env.PRIVATE_AI_HOST }}:/home/${{ env.PRIVATE_AI_USER }}/ | |
| echo "=====전송 완료=====" | |
| # .env 파일 삭제 | |
| echo "=====bastion .env 파일 삭제=====" | |
| rm -f .env | |
| # Private EC2에서 Docker 명령어 실행 | |
| echo "=====Private ec2 server 진입=====" | |
| ssh -i PRIVATE_AI_key.pem -o StrictHostKeyChecking=no ${{ env.PRIVATE_AI_USER }}@${{ env.PRIVATE_AI_HOST }} << 'INNER_EOF' | |
| # Login to ECR | |
| echo "=====Private ec2 server 진입 성공 및 ECR login====" | |
| aws ecr get-login-password --region ap-northeast-2 | docker login --username AWS --password-stdin ${{ steps.login-ecr.outputs.registry }} | |
| echo "=====ECR login 성공=====" | |
| # Pull the Docker image | |
| echo "=====Docker image pull=====" | |
| sudo docker pull ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} | |
| echo "=====Docker image pull success=====" | |
| # 중복된 Docker 컨테이너 삭제 | |
| echo "=====중복된 컨테이너 삭제=====" | |
| if sudo docker ps -a --format '{{.Names}}' | grep -q '^core-backend-dev$'; then | |
| sudo docker stop core-backend-dev | |
| sudo docker rm core-backend-dev | |
| fi | |
| echo "=====중복 컨테이너 삭제 완료=====" | |
| # Run the new Docker container | |
| echo "=====Docker container 시작=====" | |
| sudo docker run -d --name core-backend-dev --env-file /home/${{ env.PRIVATE_AI_USER }}/.env -p 5050:5050 ${{ steps.login-ecr.outputs.registry }}/${{ env.ECR_REPOSITORY }}:${{ env.IMAGE_TAG }} | |
| echo "=====Docker run 성공====" | |
| rm -f /home/${{ env.PRIVATE_AI_USER }}/.env | |
| echo "=====.env 파일 삭제======" | |
| INNER_EOF | |
| echo "=====bastion pem 키 삭제=====" | |
| rm -f PRIVATE_AI_key.pem | |
| EOF |