DevOps/Git

Git | Github Actions CI/CD 파이프라인 구축 | self_host and container registry

개발자티포 2024. 3. 13. 15:18
728x90
반응형

 

1. 액세스 토큰 생성

Personal Access Tokens (Classic) (github.com)  에서 패키지에 대한 권한을 가진 토큰을 생성한다.

생성되는 토큰 값을 저장한 뒤 원하는 곳에 txt 파일로 만들어두고, 아래 명령어 중 하나로 로그인 가능하다.

$ docker login https://ghcr.io -u outsideris // 입력 후 패스워드 토큰값 입력
$ cat TOKEN.txt | docker login https://ghcr.io -u outsideris --password-stdin

 

2. self_host runner를 만들고 등록해준다.

About self-hosted runners - GitHub Docs

 

About self-hosted runners - GitHub Docs

You can host your own runners and customize the environment used to run jobs in your GitHub Actions workflows.

docs.github.com

 

3. workflow를 만들어준다.

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
# This workflow will build a package using Gradle and then publish it to GitHub packages when a release is created
# For more information see: https://github.com/actions/setup-java/blob/main/docs/advanced-usage.md#Publishing-using-gradle

name: Deploy

permissions:
  contents: read
  packages: write

# 어떤 이벤트가 발생하면 workflow 실행할 지 명시
on:
  # workflow 수동 실행
  workflow_dispatch:
    inputs:
      logLevel:
        description: 'Log level'
        required: true
        default: 'warning'
        type: choice
        options:
          - info
          - warning
          - debug


# 실행될 작업들
jobs:
  # 빌드 후 Container Registry에 image 등록
  push_to_registry:
    # VM의실행 환경 지정 => self-hosted
    runs-on: self-hosted

    # 실행될 jobs를 순서대로 명시
    steps:
      - name: Checkout
        uses: actions/checkout@v4

      - name: .env 파일 생성
        run: echo "# Autogenerated .env file" > .env &&
          echo "BUILD_ENV=production" >> .env &&
          echo "TZ=Asia/Seoul" >> .env

      - name: .env.production 파일 생성
        run: echo "# Autogenerated .env.production file" > .env.production

      - name: Server Properties 생성
        run: mv ./server/src/main/resources/application-production-sample.yaml ./server/src/main/resources/application-production.yaml

      - name: Docker compose down
        run: docker compose down --rmi all -v

      - name: Docker compose up
        run: docker compose up --build -d

      # GitHub Container Registry 로그인
      - name: Login to GitHub Container Registry
        uses: docker/login-action@v3
        with:
          registry: ghcr.io
          username: ${{ secrets.GHUB_USERNAME }}
          password: ${{ secrets.GHUB_TOKEN }}

      # Docker image 빌드 및 push
      - name: Push to container registry
        run:
          docker push ghcr.io/teepo/test:${{ secrets.RELEASE_VERSION }} &&
          docker image prune -a -f

      # github actions 네트워크 확인
      - name: Check DockerHub Access
        run: |
          nslookup index.docker.io 8.8.8.8

      # ssh 키 확인
      - name: Test SSH Connection
        run: |
          echo "${{ secrets.DEPLOY_KEY }}" > deploy_key
          chmod 600 deploy_key
          ssh -p 2022 -i deploy_key -o StrictHostKeyChecking=no ${{ secrets.DEPLOY_USERNAME }}@${{ secrets.DEPLOY_HOST }} 

      - name: Copy Files to Server using SCP
        run: |
          scp -i deploy_key -P ${{ secrets.DEPLOY_PORT }} -o StrictHostKeyChecking=no \
          .env .env.production compose.yaml compose.base.yaml compose.production.yaml \
          ${{ secrets.DEPLOY_USERNAME }}@${{ secrets.DEPLOY_HOST }}:/home

      - name: Run Commands on Server via SSH
        run: |
          ssh -i deploy_key -p ${{ secrets.DEPLOY_PORT }} -o StrictHostKeyChecking=no ${{ secrets.DEPLOY_USERNAME }}@${{ secrets.DEPLOY_HOST }} << 'EOF'
          echo ${{ secrets.GHUB_TOKEN }} | sudo docker login ghcr.io --username ${{ secrets.GHUB_USERNAME }} --password-stdin &&
          cd /home
          sudo docker compose down --rmi all -v
          sudo docker pull ghcr.io/teepo/test:${{ secrets.RELEASE_VERSION }}
          sudo docker compose up -d
          sudo docker image prune -a -f
          EOF
          
      - name: Docker compose down
        run: docker compose down --rmi all -v

 

docker login 계정 확인 - sudo cat /root/.docker/config.json

4. Dockefile

ghcr(컨테이너 레지스트리)에서 image를 pull 하므로 배포용 Docker 파일을 다음과같이 바꿔야 한다.

    app:
        image: ghcr.io/${IMAGE_REPO}:${RELEASE_VERSION}

 

5. secrets

github repository -> Settings -> Secrets and variables에서 secrets 항목들을 추가해준다.

참고로 github username은 반드시 소문자로 해야된다.


self-hosted 로 사용할 경우 서버의 사용자에 Docker 권한을 부여해주어야 한다.

 

How to fix docker: Got permission denied issue - Stack Overflow

 

How to fix docker: Got permission denied issue

I installed Docker in my machine where I have Ubuntu OS. When I run: sudo docker run hello-world All is ok, but I want to hide the sudo command to make the command shorter. If I write the command

stackoverflow.com

 

 

참고

GitHub Action Docker Compose deployments via SSH (servicestack.net)

 

728x90
반응형