fix: remove sudo from docker commands, use docker group #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Release - Code Deploy with Github Actions (WIF & IAP Version) | |
| on: | |
| # push: | |
| # tags: | |
| # - 'v*' | |
| push: | |
| branches: [ feature/code-deploy-gcp ] # 테스트용 | |
| env: | |
| PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }} | |
| IMAGE_NAME: pfplay-api | |
| GCE_INSTANCE: pfplay-api | |
| GCE_ZONE: asia-northeast3-a | |
| jobs: | |
| deploy: | |
| name: Build, Dockerize & Deploy | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: write # GitHub Release 생성 | |
| packages: write # GHCR 이미지 push | |
| id-token: write # WIF 인증 | |
| steps: | |
| - name: Checkout | |
| uses: actions/checkout@v4 | |
| - name: Extract release version from tag | |
| run: echo "RELEASE_VERSION=0.0.0" >> $GITHUB_ENV | |
| # run: echo "RELEASE_VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV | |
| # --- [빌드] --- | |
| - name: Set up JDK | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| cache: 'gradle' | |
| - name: Build with Gradle | |
| run: chmod +x ./gradlew && ./gradlew :app:build -x test | |
| # --- [릴리스 생성] --- | |
| # - name: Create GitHub Release | |
| # uses: softprops/action-gh-release@v2 | |
| # with: | |
| # tag_name: ${{ env.RELEASE_VERSION }} | |
| # name: Release ${{ env.RELEASE_VERSION }} | |
| # generate_release_notes: true | |
| # --- [도커화 및 GHCR 업로드] --- | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v3 | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v3 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build and Push image | |
| uses: docker/build-push-action@v5 | |
| with: | |
| context: . | |
| file: ./app/Dockerfile | |
| push: true | |
| tags: | | |
| ghcr.io/pfplay/${{ env.IMAGE_NAME }}:latest | |
| ghcr.io/pfplay/${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| # --- [GCP 인증] --- | |
| - name: Authenticate to Google Cloud | |
| id: auth | |
| uses: google-github-actions/auth@v2 | |
| with: | |
| workload_identity_provider: ${{ secrets.WIF_PROVIDER }} | |
| service_account: ${{ secrets.WIF_SERVICE_ACCOUNT }} | |
| - name: Set up Cloud SDK | |
| uses: google-github-actions/setup-gcloud@v2 | |
| # --- [환경변수 파일 생성 및 전송] --- | |
| - name: Generate .env file | |
| run: echo "${{ secrets.ENV_FILE }}" > pfplay.env | |
| - name: Copy .env to VM | |
| run: | | |
| gcloud compute scp pfplay.env ${{ env.GCE_INSTANCE }}:/tmp/pfplay.env \ | |
| --zone=${{ env.GCE_ZONE }} \ | |
| --tunnel-through-iap \ | |
| --project=${{ env.PROJECT_ID }} | |
| # --- [IAP 배포] --- | |
| - name: Check SSH username | |
| run: | | |
| gcloud compute ssh ${{ env.GCE_INSTANCE }} \ | |
| --zone=${{ env.GCE_ZONE }} \ | |
| --tunnel-through-iap \ | |
| --project=${{ env.PROJECT_ID }} \ | |
| --command="whoami" | |
| - name: Deploy to VM via IAP Tunnel | |
| run: | | |
| gcloud compute ssh ${{ env.GCE_INSTANCE }} \ | |
| --zone=${{ env.GCE_ZONE }} \ | |
| --tunnel-through-iap \ | |
| --project=${{ env.PROJECT_ID }} \ | |
| --command=" | |
| echo '${{ secrets.PACKAGE_ACCESS_TOKEN }}' | docker login ghcr.io -u JeekLee --password-stdin && | |
| docker pull ghcr.io/pfplay/${{ env.IMAGE_NAME }}:latest && | |
| docker stop pfplay-api 2>/dev/null || true && | |
| docker rm pfplay-api 2>/dev/null || true && | |
| sudo mkdir -p /app && sudo mv /tmp/pfplay.env /app/pfplay.env && sudo chmod 600 /app/pfplay.env && | |
| docker run -d \ | |
| --name pfplay-api \ | |
| --network api_backend \ | |
| --env-file /app/pfplay.env \ | |
| -p 8080:8080 \ | |
| --restart unless-stopped \ | |
| ghcr.io/pfplay/${{ env.IMAGE_NAME }}:latest && | |
| docker image prune -f | |
| " |