From aa7c71e36c6f7ad3d86fe0d33cceddb216075005 Mon Sep 17 00:00:00 2001 From: Chaeyeon Park Date: Tue, 9 Jun 2026 23:50:19 +0900 Subject: [PATCH 1/2] =?UTF-8?q?feat:=20staging=20=EC=88=98=EB=8F=99=20?= =?UTF-8?q?=EB=B0=B0=ED=8F=AC=20=EA=B8=B0=EB=8A=A5=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deploy-lambda.yaml | 177 ++++++++++++++++++--------- 1 file changed, 120 insertions(+), 57 deletions(-) diff --git a/.github/workflows/deploy-lambda.yaml b/.github/workflows/deploy-lambda.yaml index 08d1fc9..88ecd47 100644 --- a/.github/workflows/deploy-lambda.yaml +++ b/.github/workflows/deploy-lambda.yaml @@ -4,72 +4,135 @@ on: push: branches: [ "develop", "main" ] + workflow_dispatch: + inputs: + target_env: + description: "Manual deployment target" + required: true + type: choice + options: + - staging + # OIDC 인증을 위한 권한 설정 permissions: - id-token: write + id-token: write contents: read jobs: + resolve: + name: Resolve deployment target + runs-on: ubuntu-latest + + outputs: + env_type: ${{ steps.resolve.outputs.env_type }} + github_environment: ${{ steps.resolve.outputs.github_environment }} + + steps: + - name: Resolve target environment + id: resolve + shell: bash + run: | + if [[ "${GITHUB_EVENT_NAME}" == "workflow_dispatch" ]]; then + ENV_TYPE="${{ github.event.inputs.target_env }}" + + if [[ "$ENV_TYPE" != "staging" ]]; then + echo "Only staging manual deployment is allowed." + exit 1 + fi + + if [[ "${GITHUB_REF_NAME}" != "develop" ]]; then + echo "STAGING deployment is allowed only from develop branch." + echo "Current branch: ${GITHUB_REF_NAME}" + exit 1 + fi + + GITHUB_ENVIRONMENT="STAGING" + else + case "${GITHUB_REF_NAME}" in + develop) + ENV_TYPE="dev" + GITHUB_ENVIRONMENT="DEV" + ;; + main) + ENV_TYPE="prod" + GITHUB_ENVIRONMENT="PROD" + ;; + *) + echo "Unsupported branch for push deployment: ${GITHUB_REF_NAME}" + exit 1 + ;; + esac + fi + + echo "env_type=$ENV_TYPE" >> "$GITHUB_OUTPUT" + echo "github_environment=$GITHUB_ENVIRONMENT" >> "$GITHUB_OUTPUT" + + echo "--- Event: ${GITHUB_EVENT_NAME}" + echo "--- Branch: ${GITHUB_REF_NAME}" + echo "--- Env type: $ENV_TYPE" + echo "--- GitHub environment: $GITHUB_ENVIRONMENT" + deploy: name: Build, Push to ECR, and Deploy to Lambda + needs: resolve runs-on: ubuntu-latest # 브랜치에 따라 사용할 환경 선택 - environment: ${{ github.ref == 'refs/heads/main' && 'PROD' || 'DEV' }} + environment: ${{ needs.resolve.outputs.github_environment }} steps: - - name: Checkout code - uses: actions/checkout@v4 - - # AWS 자격 증명 설정 - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v4 - with: - role-to-assume: ${{ vars.AWS_ROLE_ARN }} - aws-region: ${{ vars.AWS_REGION }} - - # Amazon ECR 로그인 - - name: Login to Amazon ECR - id: login-ecr - uses: aws-actions/amazon-ecr-login@v2 - - # Docker 이미지 빌드 및 푸시 - - name: Build, tag, and push image to Amazon ECR - id: build-image - env: - ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} - ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY_NAME }} - IMAGE_TAG: ${{ github.sha }} - run: | - docker build --provenance=false -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -t $ECR_REGISTRY/$ECR_REPOSITORY:latest -f Dockerfile . - - docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG - docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest - - echo "image_uri=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT - - # Lambda 함수 업데이트 - - name: Deploy new image to AWS Lambda - run: | - aws lambda update-function-code \ - --function-name ${{ vars.LAMBDA_FUNCTION_NAME }} \ - --image-uri ${{ steps.build-image.outputs.image_uri }} - - # 코드 업데이트가 완료될 때까지 대기 - - name: Wait for Lambda function update to complete - run: | - aws lambda wait function-updated \ - --function-name ${{ vars.LAMBDA_FUNCTION_NAME }} - - # Lambda 환경 변수 설정 - - name: Update Lambda Environment Variables - run: | - aws lambda update-function-configuration \ - --function-name ${{ vars.LAMBDA_FUNCTION_NAME }} \ - --environment "Variables={ \ - REGION_NAME=${{ vars.AWS_REGION }}, \ - LAMBDA_FUNCTION_NAME=${{ vars.LAMBDA_FUNCTION_NAME }}, \ - ECR_REPOSITORY_NAME=${{ vars.ECR_REPOSITORY_NAME }}, \ - BUCKET_NAME=${{ vars.BUCKET_NAME }}, \ - THUMBNAIL_BUCKET=${{ vars.THUMBNAIL_BUCKET }} \ - }" \ No newline at end of file + - name: Checkout code + uses: actions/checkout@v4 + + # AWS 자격 증명 설정 + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v4 + with: + role-to-assume: ${{ vars.AWS_ROLE_ARN }} + aws-region: ${{ vars.AWS_REGION }} + + # Amazon ECR 로그인 + - name: Login to Amazon ECR + id: login-ecr + uses: aws-actions/amazon-ecr-login@v2 + + # Docker 이미지 빌드 및 푸시 + - name: Build, tag, and push image to Amazon ECR + id: build-image + env: + ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }} + ECR_REPOSITORY: ${{ vars.ECR_REPOSITORY_NAME }} + IMAGE_TAG: ${{ github.sha }} + run: | + docker build --provenance=false -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -t $ECR_REGISTRY/$ECR_REPOSITORY:latest -f Dockerfile . + + docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG + docker push $ECR_REGISTRY/$ECR_REPOSITORY:latest + + echo "image_uri=$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG" >> "$GITHUB_OUTPUT" + + # Lambda 함수 업데이트 + - name: Deploy new image to AWS Lambda + run: | + aws lambda update-function-code \ + --function-name "${{ vars.LAMBDA_FUNCTION_NAME }}" \ + --image-uri "${{ steps.build-image.outputs.image_uri }}" + + # 코드 업데이트가 완료될 때까지 대기 + - name: Wait for Lambda function update to complete + run: | + aws lambda wait function-updated \ + --function-name ${{ vars.LAMBDA_FUNCTION_NAME }} + + # Lambda 환경 변수 설정 + - name: Update Lambda Environment Variables + run: | + aws lambda update-function-configuration \ + --function-name "${{ vars.LAMBDA_FUNCTION_NAME }}" \ + --environment "Variables={ \ + REGION_NAME=${{ vars.AWS_REGION }}, \ + LAMBDA_FUNCTION_NAME=${{ vars.LAMBDA_FUNCTION_NAME }}, \ + ECR_REPOSITORY_NAME=${{ vars.ECR_REPOSITORY_NAME }}, \ + BUCKET_NAME=${{ vars.BUCKET_NAME }}, \ + THUMBNAIL_BUCKET=${{ vars.THUMBNAIL_BUCKET }} \ + }" \ No newline at end of file From 4f96922b7638201598fafbfa517fb0e827c1c95f Mon Sep 17 00:00:00 2001 From: Chaeyeon Park Date: Wed, 10 Jun 2026 00:03:48 +0900 Subject: [PATCH 2/2] =?UTF-8?q?feat:=20staging=20=EC=88=98=EB=8F=99=20?= =?UTF-8?q?=EB=B0=B0=ED=8F=AC=20main=20=EB=B8=8C=EB=9E=9C=EC=B9=98?= =?UTF-8?q?=EC=97=90=EC=84=9C=EB=8F=84=20=EA=B0=80=EB=8A=A5=ED=95=98?= =?UTF-8?q?=EB=8F=84=EB=A1=9D=20=ED=99=95=EC=9E=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/deploy-lambda.yaml | 6 ------ 1 file changed, 6 deletions(-) diff --git a/.github/workflows/deploy-lambda.yaml b/.github/workflows/deploy-lambda.yaml index 88ecd47..62fd389 100644 --- a/.github/workflows/deploy-lambda.yaml +++ b/.github/workflows/deploy-lambda.yaml @@ -40,12 +40,6 @@ jobs: exit 1 fi - if [[ "${GITHUB_REF_NAME}" != "develop" ]]; then - echo "STAGING deployment is allowed only from develop branch." - echo "Current branch: ${GITHUB_REF_NAME}" - exit 1 - fi - GITHUB_ENVIRONMENT="STAGING" else case "${GITHUB_REF_NAME}" in