Git | Github Actions CI/CD 파이프라인 구축 | self_host and container registry

1. 액세스 토큰 생성
Personal Access Tokens (Classic) (github.com) 에서 패키지에 대한 권한을 가진 토큰을 생성한다.

생성되는 토큰 값을 저장한 뒤 원하는 곳에 txt 파일로 만들어두고, 아래 명령어 중 하나로 로그인 가능하다.
$ docker login https://ghcr.io -u outsideris // 입력 후 패스워드 토큰값 입력
$ cat TOKEN.txt | docker login https://ghcr.io -u outsideris --password-stdin
2. self_host runner를 만들고 등록해준다.
About self-hosted runners - GitHub Docs
About self-hosted runners - GitHub Docs
You can host your own runners and customize the environment used to run jobs in your GitHub Actions workflows.
docs.github.com
3. workflow를 만들어준다.
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will build a package using Gradle and then publish it to GitHub packages when a release is created
# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#Publishing-using-gradle
name: Deploy
permissions:
contents: read
packages: write
# 어떤 이벤트가 발생하면 workflow 실행할 지 명시
on:
# workflow 수동 실행
workflow_dispatch:
inputs:
logLevel:
description: 'Log level'
required: true
default: 'warning'
type: choice
options:
- info
- warning
- debug
# 실행될 작업들
jobs:
# 빌드 후 Container Registry에 image 등록
push_to_registry:
# VM의실행 환경 지정 => self-hosted
runs-on: self-hosted
# 실행될 jobs를 순서대로 명시
steps:
- name: Checkout
uses: actions/checkout@v4
- name: .env 파일 생성
run: echo "# Autogenerated .env file" > .env &&
echo "BUILD_ENV=production" >> .env &&
echo "TZ=Asia/Seoul" >> .env
- name: .env.production 파일 생성
run: echo "# Autogenerated .env.production file" > .env.production
- name: Server Properties 생성
run: mv ./server/src/main/resources/application-production-sample.yaml ./server/src/main/resources/application-production.yaml
- name: Docker compose down
run: docker compose down --rmi all -v
- name: Docker compose up
run: docker compose up --build -d
# GitHub Container Registry 로그인
- name: Login to GitHub Container Registry
uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ secrets.GHUB_USERNAME }}
password: ${{ secrets.GHUB_TOKEN }}
# Docker image 빌드 및 push
- name: Push to container registry
run:
docker push ghcr.io/teepo/test:${{ secrets.RELEASE_VERSION }} &&
docker image prune -a -f
# github actions 네트워크 확인
- name: Check DockerHub Access
run: |
nslookup index.docker.io 8.8.8.8
# ssh 키 확인
- name: Test SSH Connection
run: |
echo "${{ secrets.DEPLOY_KEY }}" > deploy_key
chmod 600 deploy_key
ssh -p 2022 -i deploy_key -o StrictHostKeyChecking=no ${{ secrets.DEPLOY_USERNAME }}@${{ secrets.DEPLOY_HOST }}
- name: Copy Files to Server using SCP
run: |
scp -i deploy_key -P ${{ secrets.DEPLOY_PORT }} -o StrictHostKeyChecking=no \
.env .env.production compose.yaml compose.base.yaml compose.production.yaml \
${{ secrets.DEPLOY_USERNAME }}@${{ secrets.DEPLOY_HOST }}:/home
- name: Run Commands on Server via SSH
run: |
ssh -i deploy_key -p ${{ secrets.DEPLOY_PORT }} -o StrictHostKeyChecking=no ${{ secrets.DEPLOY_USERNAME }}@${{ secrets.DEPLOY_HOST }} << 'EOF'
echo ${{ secrets.GHUB_TOKEN }} | sudo docker login ghcr.io --username ${{ secrets.GHUB_USERNAME }} --password-stdin &&
cd /home
sudo docker compose down --rmi all -v
sudo docker pull ghcr.io/teepo/test:${{ secrets.RELEASE_VERSION }}
sudo docker compose up -d
sudo docker image prune -a -f
EOF
- name: Docker compose down
run: docker compose down --rmi all -v
docker login 계정 확인 - sudo cat /root/.docker/config.json
4. Dockefile
ghcr(컨테이너 레지스트리)에서 image를 pull 하므로 배포용 Docker 파일을 다음과같이 바꿔야 한다.
app:
image: ghcr.io/${IMAGE_REPO}:${RELEASE_VERSION}
5. secrets
github repository -> Settings -> Secrets and variables에서 secrets 항목들을 추가해준다.
참고로 github username은 반드시 소문자로 해야된다.

self-hosted 로 사용할 경우 서버의 사용자에 Docker 권한을 부여해주어야 한다.
How to fix docker: Got permission denied issue - Stack Overflow
How to fix docker: Got permission denied issue
I installed Docker in my machine where I have Ubuntu OS. When I run: sudo docker run hello-world All is ok, but I want to hide the sudo command to make the command shorter. If I write the command
stackoverflow.com
참고
GitHub Action Docker Compose deployments via SSH (servicestack.net)