Merge pull request #455 from boostcampwm2023/BE/refactor/#454-AWS-마이그레이션

Be/refactor/#454 aws 마이그레이션

Author: kimyu0218

.github/workflows/blue-green-cd.yml

@@ -2,14 +2,12 @@ name: Blue/Green CD
 
 on:
   push:
+    paths: ["backend/**"]
     branches: ["dev"]
 
 env:
   DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
   GITHUB_SHA: ${{ github.sha }}
-  TURN_SERVER_NAME: ${{ secrets.TURN_SERVER_NAME }}
-  TURN_SERVER_USER: ${{ secrets.TURN_SERVER_USER }}
-  TURN_SERVER_PASSWORD: ${{ secrets.TURN_SERVER_PASSWORD }}
 
 jobs:
   build:
@@ -25,28 +23,29 @@ jobs:
           echo "${{ secrets.ENV_FILE }}" > .env
           echo "DOCKER_USERNAME=${{ secrets.DOCKER_USERNAME }}" >> .env
           echo "GITHUB_SHA=${{ github.sha }}" >> .env
-          echo "TURN_SERVER_NAME=${{ secrets.TURN_SERVER_NAME }}" >> .env
-          echo "TURN_SERVER_USER=${{ secrets.TURN_SERVER_USER }}" >> .env
-          echo "TURN_SERVER_PASSWORD=${{ secrets.TURN_SERVER_PASSWORD }}" >> .env
-          echo "SENTRY_DSN=${{ secrets.SENTRY_DSN }}" >> .env
           mkdir -p config/nginx/ssl/
           echo "${{ secrets.SSL_OPTIONS }}" > config/nginx/ssl/options-ssl-nginx.conf
           echo "${{ secrets.SSL_FULLCHAIN }}" > config/nginx/ssl/fullchain.pem
           echo "${{ secrets.SSL_PRIVKEY }}" > config/nginx/ssl/privkey.pem
           echo "${{ secrets.SSL_DHPARAMS }}" > config/nginx/ssl/ssl-dhparams.pem
 
-      - name: Copy .env, deploy script, SSL files to Remote Server
+      - name: Add Remote Host Key to known_hosts
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.SSH_PUBLIC_KEY }}" >> ~/.ssh/known_hosts
+
+      - name: Copy some files needed for Deployment to Remote Server
         uses: appleboy/scp-action@master
         with:
           host: ${{ secrets.SSH_HOST }}
           username: ${{ secrets.SSH_USERNAME }}
-          password: ${{ secrets.SSH_PASSWORD }}
+          key: ${{ secrets.SSH_PRIVATE_KEY }}
           port: ${{ secrets.SSH_PORT }}
-          source: "backend/.env,backend/deploy.sh,backend/config"
+          source: "backend/.env,backend/deploy.sh,backend/config,backend/compose.blue-deploy.yml,backend/compose.green-deploy.yml,backend/Dockerfile.nginx"
           target: "~/app/"
           overwrite: true
 
-      - name: Docker login
+      - name: Login to Docker Hub
         uses: docker/login-action@v3
         with:
           username: ${{ secrets.DOCKER_USERNAME }}
@@ -55,21 +54,10 @@ jobs:
       - name: Build & Push Docker Images (Blue & Green)
         run: |
           cd backend
-          docker-compose -f docker-compose.blue.yml build --no-cache
-          docker-compose -f docker-compose.green.yml build --no-cache
-          docker-compose -f docker-compose.blue.yml push
-          docker-compose -f docker-compose.green.yml push
-
-      - name: Copy Dockerfiles to Remote Server
-        uses: appleboy/scp-action@master
-        with:
-          host: ${{ secrets.SSH_HOST }}
-          username: ${{ secrets.SSH_USERNAME }}
-          password: ${{ secrets.SSH_PASSWORD }}
-          port: ${{ secrets.SSH_PORT }}
-          source: "backend/docker-compose.blue.yml,backend/docker-compose.green.yml,backend/Dockerfile.nginx,backend/Dockerfile.was,backend/Dockerfile.signal"
-          target: "~/app/"
-          overwrite: true
+          docker-compose -f compose.blue-build.yml build
+          docker-compose -f compose.green-build.yml build
+          docker-compose -f compose.blue-build.yml push
+          docker-compose -f compose.green-build.yml push
 
   deploy:
     needs: build
@@ -82,12 +70,12 @@ jobs:
           username: ${{ secrets.DOCKER_USERNAME }}
           password: ${{ secrets.DOCKER_ACCESS_TOKEN }}
 
-      - name: Run Docker on Remote Server
+      - name: Run a New Version of the application on Remote Server
         uses: appleboy/ssh-action@master
         with:
           host: ${{ secrets.SSH_HOST }}
           username: ${{ secrets.SSH_USERNAME }}
-          password: ${{ secrets.SSH_PASSWORD }}
+          key: ${{ secrets.SSH_PRIVATE_KEY }}
           port: ${{ secrets.SSH_PORT }}
           script: |
             cd ~/app/backend

backend/Dockerfile.signal

@@ -2,13 +2,12 @@ FROM node:20
 
 RUN apt-get update && apt-get install -y tini
 
-WORKDIR /app
-
-COPY signal ./signal
-
 WORKDIR /app/signal
 
+COPY signal/package*.json ./
 RUN npm install
+
+COPY signal .
 RUN npm run build
 
 CMD ["tini", "--", "npm", "run", "start:prod"]

backend/Dockerfile.was

@@ -2,13 +2,12 @@ FROM node:20
 
 RUN apt-get update && apt-get install -y tini
 
-WORKDIR /app
-
-COPY was ./was
-
 WORKDIR /app/was
 
+COPY was/package*.json ./
 RUN npm install
+
+COPY was .
 RUN npm run build
 
 CMD ["tini", "--", "npm", "run", "start:prod"]

backend/compose.blue-build.yml

@@ -0,0 +1,37 @@
+version: "3.3"
+
+services:
+  was-blue:
+    container_name: "was-blue"
+    build:
+      context: .
+      dockerfile: Dockerfile.was
+    env_file: .env
+    environment:
+      - PORT=3000
+    expose:
+      - "3000"
+    volumes:
+      - /var/log/was:/app/was/logs
+      - /var/log/ormlogs.log:/app/was/ormlogs.log
+    networks:
+      - backend
+    image: "${DOCKER_USERNAME}/magicconch:was-blue-${GITHUB_SHA}"
+
+  signal-blue:
+    container_name: "signal-blue"
+    build:
+      context: .
+      dockerfile: Dockerfile.signal
+    environment:
+      - PORT=3001
+    expose:
+      - "3001"
+    networks:
+      - backend
+    image: "${DOCKER_USERNAME}/magicconch:signal-blue-${GITHUB_SHA}"
+
+networks:
+  backend:
+    external: true
+    name: backend

backend/docker-compose.blue.yml renamed to backend/compose.blue-deploy.yml

@@ -4,40 +4,29 @@ services:
   was-blue:
     image: "${DOCKER_USERNAME}/magicconch:was-blue-${GITHUB_SHA}"
     container_name: "was-blue"
-    build:
-      context: .
-      dockerfile: Dockerfile.was
+    env_file: .env
     environment:
-      - DB_PORT=${DB_PORT}
-      - DB_HOST=${DB_HOST}
-      - DB_USERNAME=${DB_USERNAME}
-      - DB_PASSWORD=${DB_PASSWORD}
-      - DB_DATABASE=${DB_DATABASE}
-      - ACCESS_KEY_ID=${ACCESS_KEY_ID}
-      - SECRET_KEY=${SECRET_KEY}
-      - X_NCP_CLOVASTUDIO_API_KEY=${X_NCP_CLOVASTUDIO_API_KEY}
-      - X_NCP_APIGW_API_KEY=${X_NCP_APIGW_API_KEY}
       - PORT=3000
-      - SENTRY_DSN=${SENTRY_DSN}
     expose:
       - "3000"
     volumes:
       - /var/log/was:/app/was/logs
-      - /var/log/typeorm:/app/was/typeorm.log
+      - /var/log/ormlogs.log:/app/was/ormlogs.log
+    networks:
+      - backend
 
   signal-blue:
     image: "${DOCKER_USERNAME}/magicconch:signal-blue-${GITHUB_SHA}"
     container_name: "signal-blue"
-    build:
-      context: .
-      dockerfile: Dockerfile.signal
     environment:
       - PORT=3001
     expose:
       - "3001"
+    networks:
+      - backend
 
   nginx:
-    container_name: "nginx-reverse-proxy"
+    container_name: "nginx"
     build:
       context: .
       dockerfile: Dockerfile.nginx
@@ -50,10 +39,19 @@ services:
       - certbot
     volumes:
       - /var/log/nginx:/var/log/nginx
+    networks:
+      - backend
 
   certbot:
     image: certbot/certbot
     volumes:
       - /etc/letsencrypt
       - /var/www/html:/var/www/html
+    networks:
+      - backend
     command: certonly --webroot --webroot-path=/var/www/html -d was.tarotmilktea.com
+
+networks:
+  backend:
+    external: true
+    name: backend

backend/compose.green-build.yml

@@ -0,0 +1,37 @@
+version: "3.3"
+
+services:
+  was-green:
+    container_name: "was-green"
+    build:
+      context: .
+      dockerfile: Dockerfile.was
+    env_file: .env
+    environment:
+      - PORT=3002
+    expose:
+      - "3002"
+    volumes:
+      - /var/log/was:/app/was/logs
+      - /var/log/ormlogs.log:/app/was/ormlogs.log
+    networks:
+      - backend
+    image: "${DOCKER_USERNAME}/magicconch:was-green-${GITHUB_SHA}"
+
+  signal-green:
+    container_name: "signal-green"
+    build:
+      context: .
+      dockerfile: Dockerfile.signal
+    environment:
+      - PORT=3003
+    expose:
+      - "3003"
+    networks:
+      - backend
+    image: "${DOCKER_USERNAME}/magicconch:signal-green-${GITHUB_SHA}"
+
+networks:
+  backend:
+    external: true
+    name: backend

backend/docker-compose.green.yml renamed to backend/compose.green-deploy.yml

@@ -4,40 +4,29 @@ services:
   was-green:
     image: "${DOCKER_USERNAME}/magicconch:was-green-${GITHUB_SHA}"
     container_name: "was-green"
-    build:
-      context: .
-      dockerfile: Dockerfile.was
+    env_file: .env
     environment:
-      - DB_PORT=${DB_PORT}
-      - DB_HOST=${DB_HOST}
-      - DB_USERNAME=${DB_USERNAME}
-      - DB_PASSWORD=${DB_PASSWORD}
-      - DB_DATABASE=${DB_DATABASE}
-      - ACCESS_KEY_ID=${ACCESS_KEY_ID}
-      - SECRET_KEY=${SECRET_KEY}
-      - X_NCP_CLOVASTUDIO_API_KEY=${X_NCP_CLOVASTUDIO_API_KEY}
-      - X_NCP_APIGW_API_KEY=${X_NCP_APIGW_API_KEY}
       - PORT=3002
-      - SENTRY_DSN=${SENTRY_DSN}
     expose:
       - "3002"
     volumes:
       - /var/log/was:/app/was/logs
-      - /var/log/typeorm:/app/was/typeorm.log
+      - /var/log/ormlogs.log:/app/was/ormlogs.log
+    networks:
+      - backend
 
   signal-green:
     image: "${DOCKER_USERNAME}/magicconch:signal-green-${GITHUB_SHA}"
     container_name: "signal-green"
-    build:
-      context: .
-      dockerfile: Dockerfile.signal
     environment:
       - PORT=3003
     expose:
       - "3003"
+    networks:
+      - backend
 
   nginx:
-    container_name: "nginx-reverse-proxy"
+    container_name: "nginx"
     build:
       context: .
       dockerfile: Dockerfile.nginx
@@ -50,10 +39,19 @@ services:
       - certbot
     volumes:
       - /var/log/nginx:/var/log/nginx
+    networks:
+      - backend
 
   certbot:
     image: certbot/certbot
     volumes:
       - /etc/letsencrypt
       - /var/www/html:/var/www/html
+    networks:
+      - backend
     command: certonly --webroot --webroot-path=/var/www/html -d was.tarotmilktea.com
+
+networks:
+  backend:
+    external: true
+    name: backend