diff --git a/.github/workflows/deploy-lambda.yaml b/.github/workflows/deploy-lambda.yaml index 08d1fc9..62fd389 100644 --- a/.github/workflows/deploy-lambda.yaml +++ b/.github/workflows/deploy-lambda.yaml @@ -4,72 +4,129 @@ on: push: branches: [ "develop", "main" ] + workflow_dispatch: + inputs: + target_env: + description: "Manual deployment target" + required: true + type: choice + options: + - staging + # OIDC 인증을 위한 권한 설정 permissions: - id-token: write + id-token: write contents: read jobs: + resolve: + name: Resolve deployment target + runs-on: ubuntu-latest + + outputs: + env_type: ${{ steps.resolve.outputs.env_type }} + github_environment: ${{ steps.resolve.outputs.github_environment }} + + steps: + - name: Resolve target environment + id: resolve + shell: bash + run: | + if [[ "${GITHUB_EVENT_NAME}" == "workflow_dispatch" ]]; then + ENV_TYPE="${{ github.event.inputs.target_env }}" + + if [[ "$ENV_TYPE" != "staging" ]]; then + echo "Only staging manual deployment is allowed." + exit 1 + fi + + GITHUB_ENVIRONMENT="STAGING" + else + case "${GITHUB_REF_NAME}" in + develop) + ENV_TYPE="dev" + GITHUB_ENVIRONMENT="DEV" + ;; + main) + ENV_TYPE="prod" + GITHUB_ENVIRONMENT="PROD" + ;; + *) + echo "Unsupported branch for push deployment: ${GITHUB_REF_NAME}" + exit 1 + ;; + esac + fi + + echo "env_type=$ENV_TYPE" >> "$GITHUB_OUTPUT" + echo "github_environment=$GITHUB_ENVIRONMENT" >> "$GITHUB_OUTPUT" + + echo "--- Event: ${GITHUB_EVENT_NAME}" + echo "--- Branch: ${GITHUB_REF_NAME}" + echo "--- Env type: $ENV_TYPE" + echo "--- GitHub environment: $GITHUB_ENVIRONMENT" + deploy: name: Build, Push to ECR, and Deploy to Lambda + needs: resolve runs-on: ubuntu-latest # 브랜치에 따라 사용할 환경 선택 - environment: ${{ github.ref == 'refs/heads/main' && 'PROD' || 'DEV' }} + environment: ${{ needs.resolve.outputs.github_environment }} steps: - - name: Checkout code - uses: actions/checkout@v4 - - # AWS 자격 증명 설정 - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ vars.AWS_ROLE_ARN }} - aws-region: ${{ vars.AWS_REGION }} - - # Amazon ECR 로그인 - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v2 - - # Docker 이미지 빌드 및 푸시 - - name: Build, tag, and push image to Amazon ECR - id: build-image - env: - ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} - ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY_NAME }} - IMAGE_TAG: ${{ github.sha }} - run: | - docker build --provenance=false -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -t $ECR_REGISTRY/$ECR_REPOSITORY:latest -f Dockerfile . - - docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest - - echo "image_uri=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT - - # Lambda 함수 업데이트 - - name: Deploy new image to AWS Lambda - run: | - aws lambda update-function-code \ - --function-name ${{ vars.LAMBDA_FUNCTION_NAME }} \ - --image-uri ${{ steps.build-image.outputs.image_uri }} - - # 코드 업데이트가 완료될 때까지 대기 - - name: Wait for Lambda function update to complete - run: | - aws lambda wait function-updated \ - --function-name ${{ vars.LAMBDA_FUNCTION_NAME }} - - # Lambda 환경 변수 설정 - - name: Update Lambda Environment Variables - run: | - aws lambda update-function-configuration \ - --function-name ${{ vars.LAMBDA_FUNCTION_NAME }} \ - --environment "Variables={ \ - REGION_NAME=${{ vars.AWS_REGION }}, \ - LAMBDA_FUNCTION_NAME=${{ vars.LAMBDA_FUNCTION_NAME }}, \ - ECR_REPOSITORY_NAME=${{ vars.ECR_REPOSITORY_NAME }}, \ - BUCKET_NAME=${{ vars.BUCKET_NAME }}, \ - THUMBNAIL_BUCKET=${{ vars.THUMBNAIL_BUCKET }} \ - }" \ No newline at end of file + - name: Checkout code + uses: actions/checkout@v4 + + # AWS 자격 증명 설정 + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ vars.AWS_ROLE_ARN }} + aws-region: ${{ vars.AWS_REGION }} + + # Amazon ECR 로그인 + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + + # Docker 이미지 빌드 및 푸시 + - name: Build, tag, and push image to Amazon ECR + id: build-image + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY_NAME }} + IMAGE_TAG: ${{ github.sha }} + run: | + docker build --provenance=false -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -t $ECR_REGISTRY/$ECR_REPOSITORY:latest -f Dockerfile . + + docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG + docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest + + echo "image_uri=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> "$GITHUB_OUTPUT" + + # Lambda 함수 업데이트 + - name: Deploy new image to AWS Lambda + run: | + aws lambda update-function-code \ + --function-name "${{ vars.LAMBDA_FUNCTION_NAME }}" \ + --image-uri "${{ steps.build-image.outputs.image_uri }}" + + # 코드 업데이트가 완료될 때까지 대기 + - name: Wait for Lambda function update to complete + run: | + aws lambda wait function-updated \ + --function-name ${{ vars.LAMBDA_FUNCTION_NAME }} + + # Lambda 환경 변수 설정 + - name: Update Lambda Environment Variables + run: | + aws lambda update-function-configuration \ + --function-name "${{ vars.LAMBDA_FUNCTION_NAME }}" \ + --environment "Variables={ \ + REGION_NAME=${{ vars.AWS_REGION }}, \ + LAMBDA_FUNCTION_NAME=${{ vars.LAMBDA_FUNCTION_NAME }}, \ + ECR_REPOSITORY_NAME=${{ vars.ECR_REPOSITORY_NAME }}, \ + BUCKET_NAME=${{ vars.BUCKET_NAME }}, \ + THUMBNAIL_BUCKET=${{ vars.THUMBNAIL_BUCKET }} \ + }" \ No newline at end of file