diff --git a/.github/workflows/cd-prod.yml b/.github/workflows/cd-prod.yml new file mode 100644 index 0000000..82af851 --- /dev/null +++ b/.github/workflows/cd-prod.yml @@ -0,0 +1,107 @@ +name: CD - Production + +on: + push: + branches: ["master"] + +env: + AWS_REGION: ap-northeast-2 + ECS_CLUSTER: ceo-time-api + +permissions: + id-token: write + contents: read + +jobs: + + build-client-api: + name: Build client-api image + runs-on: ubuntu-latest + steps: + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v3 + + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_FOR_ECR_PUSH }} + aws-region: ${{ env.AWS_REGION }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + + - name: Build and push image + uses: docker/build-push-action@v5 + with: + file: ./apps/backend/Dockerfile + push: true + build-args: 'target=client' + tags: ${{ steps.login-ecr.outputs.registry }}/ceotime-client:latest + + build-admin-api: + name: Build admin-api image + runs-on: ubuntu-latest + steps: + - name: Setup Docker Buildx + uses: docker/setup-buildx-action@v3 + + - uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_FOR_ECR_PUSH }} + aws-region: ${{ env.AWS_REGION }} + + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + + - name: Build and push image + uses: docker/build-push-action@v5 + with: + file: ./apps/backend/Dockerfile + push: true + build-args: 'target=admin' + tags: ${{ steps.login-ecr.outputs.registry }}/ceotime-admin:latest + + deploy: + name: Deploy + runs-on: ubuntu-latest + needs: [build-client-api, build-admin-api] + environment: production + defaults: + run: + shell: bash + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ secrets.AWS_ROLE_FOR_DEPLOY }} + aws-region: ${{ env.AWS_REGION }} + + # - uses: hashicorp/setup-terraform@v3 + # with: + # terraform_version: 1.5.2 + + # - name: Create Terraform variable file + # working-directory: ./apps/infra/deploy + # run: | + # echo "$TFVARS" >> terraform.tfvars + # echo "$OAUTH_GITHUB" >> terraform.tfvars + # echo "$OAUTH_KAKAO" >> terraform.tfvars + # env: + # TFVARS: ${{ secrets.TFVARS }} + + # - name: Terraform Init + # working-directory: ./apps/infra/deploy + # run: terraform init -upgrade + + # - name: Terraform Plan + # working-directory: ./apps/infra/deploy + # run: terraform plan -target=module.codedang-infra -input=false + + # - name: Terraform Apply + # working-directory: ./apps/infra/deploy + # run: terraform apply -target=module.codedang-infra -auto-approve -input=false