๐ CI/CD ์ค๋ฅ: GHCR์ ์ด์ฉํ GitHub Actions ์ต์ ํ ๋ฐฐํฌ
1. ๋ฌธ์ ์ํฉ
๊ธฐ์กด์ ์ฌ์ฉํ๋ GitHub Actions ๊ตฌ์ฑ์ ๋ค์๊ณผ ๊ฐ์๋ค.
name: Deploy to Raspberry Pi
on:
push:
branches: [ main ]
jobs:
deploy:
name: Deploy via SSH
runs-on: ubuntu-latest
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Setup SSH
uses: webfactory/ssh-agent@v0.7.0
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
- name: SSH and deploy to Raspberry Pi
run: |
ssh -p ${{ secrets.RASPBERRY_PORT }} -o StrictHostKeyChecking=no ${{ secrets.RASPBERRY_USER }}@${{ secrets.RASPBERRY_HOST }} << 'EOF'
set -euo pipefail
cd /home/${{ secrets.RASPBERRY_USER }}/docker-compose/bluecool/blue
git fetch --all --prune
git reset --hard origin/main
git config core.ignorecase false
docker compose build --no-cache blue
docker compose up -d --force-recreate blue
docker image prune -f || true
EOF
ํ๋ก์ ํธ ๊ท๋ชจ๊ฐ ์์๋์๋ ๋ฌธ์ ๊ฐ ์์์ง๋ง ์ ์ ๊ท๋ชจ๊ฐ ์ปค์ง๋ฉด์ ์๋ฒ ์ธก์์ docker compose build --no-cache ๋ฅผ ์ํํ๋ ๋ฐฉ์ ๋๋ฌธ์ ๋น๋ ์๊ฐ์ด ์ฆ๊ฐํ์ฌ ํ์์์์ด ๋ฐ์ํ๋ค.
2. ํด๊ฒฐ ๋ฐฉ๋ฒ
CI์์ ์ด๋ฏธ์ง๋ฅผ GHCR์ ๋น๋/ํธ์ํ๊ณ ์๋ฒ๋ ๋น๋ ์์ด pull๋ง ํ๋๋ก ๋ณ๊ฒฝํ๋ค.
GHCR์ GitHub์์ ์ ๊ณตํ๋ ์ปจํ
์ด๋ ์ด๋ฏธ์ง ์ ์ฅ์ ์๋น์ค์ด๋ค. Docker Hub์ ์ ์ฌํ ์ญํ ์ ์ํํ๋ฉฐ ๋ณ๋์ ์ธ๋ถ ๋ ์ง์คํธ๋ฆฌ ์ค์ ์์ด GitHub Actions ๋ด์์ ์ด๋ฏธ์ง ํธ์ ๋ฐ ๊ด๋ฆฌ๊ฐ ๊ฐ๋ฅํ๋ค.
๋ณ๊ฒฝ๋ ์ค์ ์ ์๋์ ๊ฐ๋ค.
name: Build & Deploy to Raspberry Pi
on:
push:
branches: [ main ]
concurrency:
group: blue-deploy-${{ github.ref }}
cancel-in-progress: true
env:
IMAGE_NAME: ghcr.io/bluecool12/blue
jobs:
build:
name: Build & Push (GHCR)
runs-on: ubuntu-latest
permissions:
contents: read
packages: write
steps:
- uses: actions/checkout@v4
- uses: docker/setup-qemu-action@v3
- uses: docker/setup-buildx-action@v3
- uses: docker/login-action@v3
with:
registry: ghcr.io
username: ${{ github.actor }}
password: ${{ secrets.GITHUB_TOKEN }}
- name: Build & Push
uses: docker/build-push-action@v5
with:
context: .
platforms: linux/arm64
push: true
tags: |
${{ env.IMAGE_NAME }}:latest
${{ env.IMAGE_NAME }}:${{ github.sha }}
cache-from: type-gha
cache-to: type-gha,mode=max
build-args: |
NEXT_PUBLIC_API_BASE_URL=${{ vars.NEXT_PUBLIC_API_BASE_URL }}
PUBLIC_API_BASE_URL=${{ vars.PUBLIC_API_BASE_URL }}
deploy:
name: Deploy via SSH (pull & up)
runs-on: ubuntu-latest
needs: build
steps:
- name: Setup SSH
uses: webfactory/ssh-agent@v0.7.0
with:
ssh-private-key: ${{ secrets.SSH_PRIVATE_KEY }}
- name: Add host key (known_hosts)
run: |
mkdir -p ~/.ssh
ssh-keyscan -p "${{ secrets.RASPBERRY_PORT }}" -H "${{ secrets.RASPBERRY_HOST }}" >> ~/.ssh/known_hosts
chmod 700 ~/.ssh
chmod 644 ~/.ssh/known_hosts
- name: SSH and deploy to Raspberry Pi
run: |
ssh -p ${{ secrets.RASPBERRY_PORT }} \
-o ServerAliveInterval=30 -o ServerAliveCountMax=10 \
${{ secrets.RASPBERRY_USER }}@${{ secrets.RASPBERRY_HOST }} << 'EOF'
set -Eeuo pipefail
cd /home/${{ secrets.RASPBERRY_USER }}/docker-compose/bluecool/blue
git fetch --all --prune || true
git reset --hard origin/main || true
git config core.ignorecase false || true
docker compose pull blue
docker compose up -d blue
docker image prune -f || true
EOF
๊ธฐ์กด์ Dockerfile์ ๋ ํฌ์งํ ๋ฆฌ๋ก ์ฎ๊ธฐ๊ณ GitHub Actions์์ GHCR๋ก ์ด๋ฏธ์ง๋ฅผ ๋น๋/ํธ์ํ๋๋ก ๊ตฌ์ฑํ์๊ณ Buildx๋ฅผ ๋์
ํ์๋ค.
Buildx๋ Docker์ ์ฐจ์ธ๋ ๋น๋ ์์ง์ธ BuildKit์ ๊ธฐ๋ฐ์ผ๋ก ํ๋ ํ์ฅ ๋๊ตฌ๋ค. ๋ฉํฐ ํ๋ซํผ ๋น๋๋ฅผ ์ง์ํ๋ฉฐ GitHub Actions ์ ์ฉ ์บ์(type-gha)๋ฅผ ํ์ฉํด ๋น๋ ์๊ฐ์ ํ๊ธฐ์ ์ผ๋ก ๋จ์ถํ ์ ์๋ค.
ํ์๋ฒ์์๋ docker-compose.yml์ด ํด๋น ์ด๋ฏธ์ง๋ฅผ ์ฐธ์กฐํ๋๋ก ์์ ํ๊ณ ํ๊ฒฝ๋ณ์ ๋ํ GitHub Variables๋ฅผ ํตํด ์ฃผ์
ํ์๋ค.
๋ํ SSH ์ ์ ์ ํธ์คํธ ์ธ์ฆ์ ์๋ตํ์ง ์๊ณ known_hosts์ ํค๋ฅผ ๋ฏธ๋ฆฌ ๋ฑ๋กํ๋ ๋ฐฉ์์ผ๋ก ๋ณด์์ ๊ฐํํ์๋ค.
