.github/workflows/rankit-multiaz-cicd.yml

name: rankit-multiaz-rolling-zerodowntime-cicd

on:
  push:
    branches: [ "develop" ]

jobs:
  build:
    runs-on: ubuntu-latest
    permissions:
      contents: read

    steps:
      - uses: actions/checkout@v4
      
      # 1. JDK 17 설정
      - name: Set up JDK 17
        uses: actions/setup-java@v4
        with:
          java-version: '17'
          distribution: 'temurin'

      # 2. Gradle 설정
      - name: Setup Gradle
        uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0

      # 3. Jar 파일 빌드 (테스트 제외)
      - name: Build with Gradle Wrapper
        run: ./gradlew -x test bootJar

      # 4. Docker Buildx 설정
      - name: Set up Docker Build
        uses: docker/setup-buildx-action@v1

      # 5. Docker 로그인
      - name: Login to Docker Hub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKER_USERNAME }}
          password: ${{ secrets.DOCKER_TOKEN }}

      # 6. Docker 이미지 빌드 및 푸시
      - name: Build and push Docker image
        run: |
          docker build -t ${{ secrets.DOCKER_USERNAME }}/rankitrun-be:latest .
          docker push ${{ secrets.DOCKER_USERNAME }}/rankitrun-be:latest

  deploy:
    runs-on: ubuntu-latest
    needs: build
    permissions:
      contents: read

    steps:
      # 1. AWS CLI 설치
      - name: Install AWS CLI
        run: |
          sudo apt-get update
          sudo apt-get install awscli -y

      # 2. AWS 자격 증명 설정
      - name: Configure AWS credentials
        env:
          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
        run: |
          aws configure set aws_access_key_id $AWS_ACCESS_KEY_ID
          aws configure set aws_secret_access_key $AWS_SECRET_ACCESS_KEY
          aws configure set region ap-northeast-2  # 서울 AWS 리전을 설정
      
      # 3. Bastion 호스트에 접속하여 EC2-A에 Docker 컨테이너 배포
      - name: Deploy to EC2-A via Bastion Host
        env:
          BASTION_HOST: ${{ secrets.BASTION_HOST }}
          EC2_A_IP: ${{ secrets.EC2_A_IP }}  # EC2-A의 사설 IP 주소
          SSH_PRIVATE_KEY: ${{ secrets.API_RANKIT_PEM }}  # SSH 개인 키
        run: |
          # Bastion 호스트에 접속하여 EC2-A에 docker-compose 실행
          ssh -o StrictHostKeyChecking=no -i <(echo "$SSH_PRIVATE_KEY") ec2-user@$BASTION_HOST << 'EOF'
            ssh -o StrictHostKeyChecking=no -i <(echo "$SSH_PRIVATE_KEY") ec2-user@$EC2_A_IP << 'INNER_EOF'
              if [ $(docker-compose ps -q app | xargs -r docker inspect -f '{{.State.Running}}') == 'true' ]; then
              docker-compose stop;
              fi
              sleep 3 && docker-compose up -d --pull always
            INNER_EOF
          EOF

      # 4. EC2-A alb 연결상태 확인
      - name: Register EC2-A to Target Group
        run: |
          MAX_ATTEMPTS=30
          ATTEMPT=0
      
          while [ $ATTEMPT -lt $MAX_ATTEMPTS ]; do
            HEALTH_STATUS=$(aws elbv2 describe-target-health \
              --target-group-arn ${{ secrets.TARGET_GROUP_ARN }} \
              --query "TargetHealthDescriptions[?Target.Id=='${{ secrets.EC2_A_ID }}'].TargetHealth.State" \
              --output text)
      
            if [ "$HEALTH_STATUS" == "healthy" ]; then
              echo "EC2-A is healthy."
              break
            else
              echo "Waiting for EC2-A to become healthy..."
              sleep 10  # 10초 대기 후 상태 확인
              ATTEMPT=$((ATTEMPT + 1))  # 시도 횟수 증가
            fi
      
            if [ $ATTEMPT -eq $MAX_ATTEMPTS ]; then
              echo "EC2-A is not healthy after $MAX_ATTEMPTS attempts. Exiting."
              exit 1  # 파이프라인 종료
            fi
          done

      # 5. Bastion 호스트에 접속하여 EC2-C에 Docker 컨테이너 배포
      - name: Deploy to EC2-C via Bastion Host
        env:
          BASTION_HOST: ${{ secrets.BASTION_HOST }}
          EC2_C_IP: ${{ secrets.EC2_C_IP }}  # EC2-C의 사설 IP 주소
          SSH_PRIVATE_KEY: ${{ secrets.API_RANKIT_PEM }}  # SSH 개인 키
        run: |
          # Bastion 호스트에 접속하여 EC2-C에 docker-compose 실행
          ssh -o StrictHostKeyChecking=no -i <(echo "$SSH_PRIVATE_KEY") ec2-user@$BASTION_HOST << 'EOF'
            ssh -o StrictHostKeyChecking=no -i <(echo "$SSH_PRIVATE_KEY") ec2-user@$EC2_C_IP << 'INNER_EOF'
              if [ $(docker-compose ps -q app | xargs -r docker inspect -f '{{.State.Running}}') == 'true' ]; then
              docker-compose stop;
              fi
              sleep 3 && docker-compose up -d --pull always
            INNER_EOF
          EOF

      # 6. EC2-C alb 연결상태 확인
      - name: Register EC2-C to Target Group
        run: |
          MAX_ATTEMPTS=30
          ATTEMPT=0
      
          while [ $ATTEMPT -lt $MAX_ATTEMPTS ]; do
            HEALTH_STATUS=$(aws elbv2 describe-target-health \
              --target-group-arn ${{ secrets.TARGET_GROUP_ARN }} \
              --query "TargetHealthDescriptions[?Target.Id=='${{ secrets.EC2_C_ID }}'].TargetHealth.State" \
              --output text)
      
            if [ "$HEALTH_STATUS" == "healthy" ]; then
              echo "EC2-C is healthy."
              break
            else
              echo "Waiting for EC2-C to become healthy..."
              sleep 10  # 10초 대기 후 상태 확인
              ATTEMPT=$((ATTEMPT + 1))  # 시도 횟수 증가
            fi
      
            if [ $ATTEMPT -eq $MAX_ATTEMPTS ]; then
              echo "EC2-C is not healthy after $MAX_ATTEMPTS attempts. Exiting."
              exit 1  # 파이프라인 종료
            fi
          done