프로덕션 CI / CD 파이프라인을 분리한다. (#132)

chore: separate production workflow from development workflow

Author: earlgrey02

.github/workflows/deploy.yml .github/workflows/deploy-dev.yml.github/workflows/deploy.yml renamed to .github/workflows/deploy-dev.yml

@@ -1,19 +1,18 @@
-name: Deploy to AWS EC2
+name: Deploy to develop environment
 on:
   push:
     branches:
-    - prod
     - dev
 env:
+  ENVIRONMENT: dev
   AWS_REGION: ap-northeast-2
   CONTAINER_NAME: gotchai-server
   API_SPECIFICATION_PATH: ./api/src/main/resources/static/docs
 jobs:
-  build:
+  deploy-api-spec:
     name: Deploy API specification
     runs-on: ubuntu-latest
-    if: github.ref_name == 'dev'
-    environment: ${{ github.ref_name }}
+    environment: ${{ env.ENVIRONMENT }}
     steps:
     - name: Checkout repository
       uses: actions/checkout@v4
@@ -46,8 +45,8 @@ jobs:
   deploy-image:
     name: Deploy image
     runs-on: ubuntu-latest
-    environment: ${{ github.ref_name }}
-    needs: build
+    environment: ${{ env.ENVIRONMENT }}
+    needs: deploy-api-spec
     outputs:
       image: ${{ steps.set-image.outputs.image }}
     steps:
@@ -86,7 +85,7 @@ jobs:
     name: Deploy container
     runs-on: ubuntu-latest
     needs: deploy-image
-    environment: ${{ github.ref_name }}
+    environment: ${{ env.ENVIRONMENT }}
     steps:
     - name: Checkout
       uses: actions/checkout@v4
@@ -96,7 +95,7 @@ jobs:
         host: ${{ secrets.EC2_HOST }}
         username: ${{ secrets.EC2_USER }}
         key: ${{ secrets.EC2_PRIVATE_KEY }}
-        source: docker/docker-compose-${{ github.ref_name }}.yml
+        source: docker/docker-compose-${{ env.ENVIRONMENT }}.yml
         target: "~"
         strip_components: 1
     - name: Build and deploy container to AWS EC2
@@ -106,13 +105,12 @@ jobs:
         username: ${{ secrets.EC2_USER }}
         key: ${{ secrets.EC2_PRIVATE_KEY }}
         script: |
-          aws secretsmanager get-secret-value --secret-id ${{ github.ref_name }}-env --region ap-northeast-2 --query SecretString --output text | jq -r '. | to_entries | map("\(.key)=\(.value)") | .[]' > .env
+          aws secretsmanager get-secret-value --secret-id ${{ env.ENVIRONMENT }}-env --region ap-northeast-2 --query SecretString --output text | jq -r '. | to_entries | map("\(.key)=\(.value)") | .[]' > .env
+          aws s3 cp s3://${{ secrets.API_SPECIFICATION_BUCKET }}/api.yml .
+
           export IMAGE_URI=${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:${{ github.sha }}
-          docker-compose -f docker-compose-${{ github.ref_name }}.yml --env-file .env up -d --build
-          if [ "${{ github.ref_name }}" = "dev" ]; then
-            aws s3 cp s3://${{ secrets.API_SPECIFICATION_BUCKET }}/api.yml .
-            docker restart swagger
-          fi
+          docker-compose -f docker-compose-${{ env.ENVIRONMENT }}.yml --env-file .env up -d --build
+          docker restart swagger
   notify-discord:
     name: Notify Discord
     runs-on: ubuntu-latest
@@ -130,8 +128,8 @@ jobs:
           "avatar_url": "https://github.githubassets.com/images/modules/logos_page/GitHub-Mark.png",
           "embeds": [
             {
-              "title": "**${{ github.ref_name == 'prod' && '프로덕션' || '개발' }} 환경 배포 성공**",
-              "description": "서버가 성공적으로 배포되었습니다.",
+              "title": "**개발 환경 배포 성공**",
+              "description": "개발 서버가 성공적으로 배포되었습니다.",
               "color": 3066993,
               "fields": [
                 {

.github/workflows/deploy-prod.yml

@@ -0,0 +1,121 @@
+name: Deploy to production environment
+on:
+  push:
+    branches:
+    - prod
+env:
+  ENVIRONMENT: prod
+  AWS_REGION: ap-northeast-2
+  CONTAINER_NAME: gotchai-server
+jobs:
+  deploy-image:
+    name: Deploy image
+    runs-on: ubuntu-latest
+    environment: ${{ env.ENVIRONMENT }}
+    outputs:
+      image: ${{ steps.set-image.outputs.image }}
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+    - name: Set up JDK
+      uses: actions/setup-java@v4
+      with:
+        distribution: corretto
+        java-version: 21
+    - name: Cache Gradle packages
+      uses: actions/cache@v3
+      with:
+        path: |
+          ~/.gradle/caches
+          ~/.gradle/wrapper
+        key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
+        restore-keys: |
+          ${{ runner.os }}-gradle-
+    - name: Configure AWS credentials
+      uses: aws-actions/configure-aws-credentials@v1
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+        aws-region: ${{ env.AWS_REGION }}
+    - name: Set image
+      id: set-image
+      run: echo "image=${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:${{ github.sha }}" >> $GITHUB_OUTPUT
+    - name: Build and deploy image to AWS ECR
+      run: |
+        ./gradlew :api:jib \
+          -Djib.to.image=${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:${{ github.sha }} \
+          -Djib.to.auth.username=AWS \
+          -Djib.to.auth.password=$(aws ecr get-login-password)
+  deploy-container:
+    name: Deploy container
+    runs-on: ubuntu-latest
+    needs: deploy-image
+    environment: ${{ env.ENVIRONMENT }}
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+    - name: Send necessary files to EC2
+      uses: appleboy/[email protected]
+      with:
+        host: ${{ secrets.EC2_HOST }}
+        username: ${{ secrets.EC2_USER }}
+        key: ${{ secrets.EC2_PRIVATE_KEY }}
+        source: docker/docker-compose-${{ env.ENVIRONMENT }}.yml
+        target: "~"
+        strip_components: 1
+    - name: Build and deploy container to AWS EC2
+      uses: appleboy/[email protected]
+      with:
+        host: ${{ secrets.EC2_HOST }}
+        username: ${{ secrets.EC2_USER }}
+        key: ${{ secrets.EC2_PRIVATE_KEY }}
+        script: |
+          aws secretsmanager get-secret-value --secret-id ${{ env.ENVIRONMENT }}-env --region ap-northeast-2 --query SecretString --output text | jq -r '. | to_entries | map("\(.key)=\(.value)") | .[]' > .env
+
+          export IMAGE_URI=${{ secrets.ECR_REGISTRY }}/${{ secrets.ECR_REPOSITORY }}:${{ github.sha }}
+          docker-compose -f docker-compose-${{ env.ENVIRONMENT }}.yml --env-file .env up -d --build
+  notify-discord:
+    name: Notify Discord
+    runs-on: ubuntu-latest
+    needs: deploy-container
+    steps:
+    - name: Checkout
+      uses: actions/checkout@v4
+    - name: Get commit
+      id: get_commit
+      run: echo "commit_message=$(git log -1 --pretty=%s)" >> "$GITHUB_OUTPUT"
+    - name: Send Discord notification
+      run: |
+        curl -X POST -H "Content-Type: application/json" -d '{
+          "username": "GitHub Actions",
+          "avatar_url": "https://github.githubassets.com/images/modules/logos_page/GitHub-Mark.png",
+          "embeds": [
+            {
+              "title": "**프로덕션 환경 배포 성공**",
+              "description": "프로덕션 서버가 성공적으로 배포되었습니다.",
+              "color": 3066993,
+              "fields": [
+                {
+                  "name": "Repository",
+                  "value": "[${{ github.repository }}](https://github.com/${{ github.repository }})",
+                  "inline": true
+                },
+                {
+                  "name": "Branch",
+                  "value": "${{ github.ref_name }}",
+                  "inline": true
+                },
+                {
+                  "name": "Commit",
+                  "value": "[${{ steps.get_commit.outputs.commit_message }}](https://github.com/${{ github.repository }}/commit/${{ github.sha }})",
+                  "inline": true
+                },
+                {
+                  "name": "Author",
+                  "value": "[${{ github.actor }}](${{ github.event.sender.html_url }})",
+                  "inline": true
+                }
+              ]
+            }
+          ]
+        }' ${{ secrets.DISCORD_WEBHOOK_URL }}