Github Action - CI 정리

Nam_JU·2022년 11월 27일
0

ErrorLog

목록 보기
23/26

배경

서비스가 복잡해지면서 CICD의 중요성을 느꼈다
로컬에서만 프로젝트를 할 때는 깃허브 하나 만으로 코드를 수정하고 테스트 해보면 끝이지만 k8s환경이나 EKS 환경에서는 CI/CD가 필수적이다
프로젝트를 하면서 CI를 점점 다양하게 적용해보았는데 백업을 위해 정리하기로 했다

  • 서비스 흐름도
  • k8s환경
  • EKS 환경

1. Github Action으로 DockerHub에 CI하기


각각의 Repository Secret에 DOCKERHUB_USERNAME, DOCKERHUB_TOKEN 값을 등록해두기

react

name: webrtc-eyestalk-back

on: [push]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      - name: Bump version and push tag
        id: tag_version
        uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN 는 자동생성됨
      - name: Create a GitHub release
        uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          tag_name: ${{ steps.tag_version.outputs.new_tag }}
          release_name: Release ${{ steps.tag_version.outputs.new_tag }}
          body: ${{ steps.tag_version.outputs.changelog }}
      -
        name: Docker meta
        id: docker_meta
        uses: crazy-max/ghaction-docker-meta@v1
        with:
          images: roheejae/eyestalk-front
          tag-semver: |
            {{version}}
            {{major}}.{{minor}}
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      -
        name: Login to DockerHub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
        uses: docker/build-push-action@v2
        with:
          context: .
          file: ./Dockerfile
          platforms: linux/amd64
          push: true
          tags: roheejae/eyestalk-front:${{ steps.tag_version.outputs.new_tag }}

spring

name: eyestalk-spring

on: [push]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      - name: Bump version and push tag
        id: tag_version
        uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN 는 자동생성됨
      - name: Create a GitHub release
        uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          tag_name: ${{ steps.tag_version.outputs.new_tag }}
          release_name: Release ${{ steps.tag_version.outputs.new_tag }}
          body: ${{ steps.tag_version.outputs.changelog }}
      -
        name: Docker meta
        id: docker_meta
        uses: crazy-max/ghaction-docker-meta@v1
        with:
          images: roheejae/eyestalk-spring
          tag-semver: |
            {{version}}
            {{major}}.{{minor}}
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      -
        name: Login to DockerHub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
        uses: docker/build-push-action@v2
        with:
          context: .
          file: ./Dockerfile
          platforms: linux/amd64
          push: true
          tags: roheejae/eyestalk-spring:${{ steps.tag_version.outputs.new_tag }}

python

name: webrtc-eyestalk-back

on: [push]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      - name: Bump version and push tag
        id: tag_version
        uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN 는 자동생성됨
      - name: Create a GitHub release
        uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          tag_name: ${{ steps.tag_version.outputs.new_tag }}
          release_name: Release ${{ steps.tag_version.outputs.new_tag }}
          body: ${{ steps.tag_version.outputs.changelog }}
      -
        name: Docker meta
        id: docker_meta
        uses: crazy-max/ghaction-docker-meta@v1
        with:
          images: roheejae/eyestalk-back
          tag-semver: |
            {{version}}
            {{major}}.{{minor}}
      -
        name: Set up Docker Buildx
        uses: docker/setup-buildx-action@v1
      -
        name: Login to DockerHub
        uses: docker/login-action@v1
        with:
          username: ${{ secrets.DOCKERHUB_USERNAME }}
          password: ${{ secrets.DOCKERHUB_TOKEN }}
      -
        name: Build and push
        uses: docker/build-push-action@v2
        with:
          context: .
          file: ./Dockerfile
          platforms: linux/amd64
          push: true
          tags: roheejae/eyestalk-back:${{ steps.tag_version.outputs.new_tag }}

확인

도커허브에 제대로 이미지가 push 된것을 알 수 있다

GithubAction을 처음 접해보면서 언어에 따른 Yaml설정이 달라졌었다. 하지만 어떤 언어든 보편적으로 사용할 수 있도록 시행착오 끝에 위의 코드로 정리됨!
가장 중요하게 여겼던 점은 이미지 태그의 숫자가 자동 증가 하는가였다
mathieudutour/github-tag-action@v5.5가 크게 도움이 되었다



2. Github Action으로 EKS-ECR에 CI하기


프로젝트 환경이 EKS로 바뀌면서 이미지 저장소를 ECR로 변경하게 되었다. 저번 Nexus실패로 ECR자체가 Private Repository인데 괜찮을까? 걱정이 되었지만 DockerHub와 같은 인증수단이 있기 때문에 가능했다

ECR- Private Repository 만들기

CI 코드를 수정하기 전에 ECR에서 이미지 저장소를 미리 만들어야 한다. 해당 저장소를 경로로 넣기 때문.


DockerHub때 했었던 secret 키를 변경한다. AWS_ACCESS_KEY_ID AWS_SECRET_ACCESS_KEY를 등록하기

Eyestalk-react

name: eyestalk-beta-test

on: [push]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      - name: Bump version and push tag
        id: tag_version
        uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN 는 자동생성됨
      - name: Create a GitHub release
        uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          tag_name: ${{ steps.tag_version.outputs.new_tag }}
          release_name: Release ${{ steps.tag_version.outputs.new_tag }}
          body: ${{ steps.tag_version.outputs.changelog }}
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ap-northeast-2
      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1
      - name: Build, tag, and push image to Amazon ECR
        id: image-info
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          ECR_REPOSITORY: eyestalk-react
          IMAGE_TAG: ${{ steps.tag_version.outputs.new_tag }}
        run: |
          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG

Eyestalk-python

name: eyestalk-beta-test

on: [push]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      - name: Bump version and push tag
        id: tag_version
        uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN 는 자동생성됨
      - name: Create a GitHub release
        uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          tag_name: ${{ steps.tag_version.outputs.new_tag }}
          release_name: Release ${{ steps.tag_version.outputs.new_tag }}
          body: ${{ steps.tag_version.outputs.changelog }}
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ap-northeast-2
      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1
      - name: Build, tag, and push image to Amazon ECR
        id: image-info
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          ECR_REPOSITORY: eyestalk-python
          IMAGE_TAG: ${{ steps.tag_version.outputs.new_tag }}
        run: |
          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG

Eyestalk - Spring

name: eyestalk-beta-test

on: [push]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      - name: Bump version and push tag
        id: tag_version
        uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN 는 자동생성됨
      - name: Create a GitHub release
        uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        with:
          tag_name: ${{ steps.tag_version.outputs.new_tag }}
          release_name: Release ${{ steps.tag_version.outputs.new_tag }}
          body: ${{ steps.tag_version.outputs.changelog }}
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ap-northeast-2
      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1
      - name: Build, tag, and push image to Amazon ECR
        id: image-info
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          ECR_REPOSITORY: eyestalk-spring
          IMAGE_TAG: ${{ steps.tag_version.outputs.new_tag }}
        run: |
          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG

확인

ECR에 제대로 push된것을 알 수 있다



2-2. Github Action으로 EKS-ECR에 CICD하기


ArgoCD를 만약 같이 한다면 위의 yaml코드가 달라진다
위의 코드는 mathieudutour/github-tag-action@v5.5에 의해 자동으로 태그가 증가하면서 GithubToken을 자동생성된다.
따로 GithubToken을 등록할 필요가 없었음.
하지만 CI/CD를 하기위해서는 manifest의 이미지 동기화가 필요하다 .
즉 Dev코드가 push되어 이미지가 버전 업데이트하면 manifest에 박혀있는 이미지도 똑같이 버전을 맞춰줘야 한다.
이때 사용되는게 Manifest이다

선행조건

  1. manifest 코드가 완성이 되었다면 레파지토리를 생성하여 넣을것
  2. 해당 레파지토리와 GithubAction이 있는 레파지토리 둘다 GithubToken을 등록한다

    이미 정리한 내용이니 참고
    https://velog.io/@jupiter-j/프로젝트-진행-EKS에-CICD-pipeline-ArgoCD적용하기

React

name: eyestalk-beta-test

on: [push]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      - name: Bump version and push tag
        id: tag_version
        uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN는 자동생성됨
      - name: Create a GitHub release
        uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.PAT }}
        with:
          tag_name: ${{ steps.tag_version.outputs.new_tag }}
          release_name: Release ${{ steps.tag_version.outputs.new_tag }}
          body: ${{ steps.tag_version.outputs.changelog }}
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ap-northeast-2
      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1
      - name: Build, tag, and push image to Amazon ECR
        id: image-info
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          ECR_REPOSITORY: eyestalk-react
          IMAGE_TAG: ${{ steps.tag_version.outputs.new_tag }}
        run: |
          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
      - name: Checkout for Kustomize repository
        uses: actions/checkout@v2
        with:
          # kubernetes yaml 파일 저장
          repository: muji-StudyRoom/eyestalk-manifest # k8s yaml 파일이 있는 repo
          ref: main  # branch 이름
          # 내 repository에 push 하기 위한 Personal Access Token이 필요
          token: ${{ secrets.PAT }} # Github Action token을 발급받아서 repo secrect에 등록해줘야한다
          path: eyestalk-manifest # 최상위 경로로 repository와 동일하게 설정

          # 새 이미지 버전으로 파일의 태그값 수정
          # cd path 수정
          # kustomize로 image tag 값 변경
      - name: Update Kubernetes resources
        run: |
          pwd
          cd eyestalk-manifest/overlays/prd/ 
          kustomize edit set image ${{ steps.login-ecr.outputs.registry }}/eyestalk-react=${{ steps.login-ecr.outputs.registry }}/eyestalk-react:${{ steps.tag_version.outputs.new_tag }}
          cat kustomization.yaml
      # 수정된 kustomization.yaml 파일 commit push
      - name: Commit manifest files
        env: 
          GITHUB_TOKEN: ${{ secrets.PAT }}
        run: |
          cd eyestalk-manifest
          git config --global user.email "namju2912@gmail.com"
          git config --global user.name "Jupiter-J"
          git config --global github.token ${{ secrets.PAT }}
          git commit -am "Update image tag ${{ steps.tag_version.outputs.new_tag }}"
          git push -u origin main

Spring

name: eyestalk-beta-test

on: [push]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      - name: Bump version and push tag
        id: tag_version
        uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN는 자동생성됨
      - name: Create a GitHub release
        uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.PAT }}
        with:
          tag_name: ${{ steps.tag_version.outputs.new_tag }}
          release_name: Release ${{ steps.tag_version.outputs.new_tag }}
          body: ${{ steps.tag_version.outputs.changelog }}
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ap-northeast-2
      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1
      - name: Build, tag, and push image to Amazon ECR
        id: image-info
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          ECR_REPOSITORY: eyestalk-spring
          IMAGE_TAG: ${{ steps.tag_version.outputs.new_tag }}
        run: |
          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
      - name: Checkout for Kustomize repository
        uses: actions/checkout@v2
        with:
          # kubernetes yaml 파일 저장
          repository: muji-StudyRoom/eyestalk-manifest # k8s yaml 파일이 있는 repo
          ref: main  # branch 이름
          # 내 repository에 push 하기 위한 Personal Access Token이 필요
          token: ${{ secrets.PAT }} # Github Action token을 발급받아서 repo secrect에 등록해줘야한다
          path: eyestalk-manifest # 최상위 경로로 repository와 동일하게 설정

          # 새 이미지 버전으로 파일의 태그값 수정
          # cd path 수정
          # kustomize로 image tag 값 변경
      - name: Update Kubernetes resources
        run: |
          pwd
          cd eyestalk-manifest/overlays/prd/ 
          kustomize edit set image ${{ steps.login-ecr.outputs.registry }}/eyestalk-spring=${{ steps.login-ecr.outputs.registry }}/eyestalk-spring:${{ steps.tag_version.outputs.new_tag }}
          cat kustomization.yaml
      # 수정된 kustomization.yaml 파일 commit push
      - name: Commit manifest files
        env: 
          GITHUB_TOKEN: ${{ secrets.PAT }}
        run: |
          cd eyestalk-manifest
          git config --global user.email "namju2912@gmail.com"
          git config --global user.name "Jupiter-J"
          git config --global github.token ${{ secrets.PAT }}
          git commit -am "Update image tag ${{ steps.tag_version.outputs.new_tag }}"
          git push -u origin main

python

name: eyestalk-beta-test

on: [push]

jobs:
  build:
    runs-on: ubuntu-latest
    steps:
      -
        name: Checkout
        uses: actions/checkout@v2
      - name: Bump version and push tag
        id: tag_version
        uses: mathieudutour/github-tag-action@v5.5 # 가져다 쓸 auto tagging 프로그램
        with:
          github_token: ${{ secrets.GITHUB_TOKEN }} # secrets.GITHUB_TOKEN는 자동생성됨
      - name: Create a GitHub release
        uses: actions/create-release@v1
        env:
          GITHUB_TOKEN: ${{ secrets.PAT }}
        with:
          tag_name: ${{ steps.tag_version.outputs.new_tag }}
          release_name: Release ${{ steps.tag_version.outputs.new_tag }}
          body: ${{ steps.tag_version.outputs.changelog }}
      - name: Configure AWS credentials
        uses: aws-actions/configure-aws-credentials@v1
        with:
          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
          aws-region: ap-northeast-2
      - name: Login to Amazon ECR
        id: login-ecr
        uses: aws-actions/amazon-ecr-login@v1
      - name: Build, tag, and push image to Amazon ECR
        id: image-info
        env:
          ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
          ECR_REPOSITORY: eyestalk-python
          IMAGE_TAG: ${{ steps.tag_version.outputs.new_tag }}
        run: |
          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG .
          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
      - name: Checkout for Kustomize repository
        uses: actions/checkout@v2
        with:
          # kubernetes yaml 파일 저장
          repository: muji-StudyRoom/eyestalk-manifest # k8s yaml 파일이 있는 repo
          ref: main  # branch 이름
          # 내 repository에 push 하기 위한 Personal Access Token이 필요
          token: ${{ secrets.PAT }} # Github Action token을 발급받아서 repo secrect에 등록해줘야한다
          path: eyestalk-manifest # 최상위 경로로 repository와 동일하게 설정

          # 새 이미지 버전으로 파일의 태그값 수정
          # cd path 수정
          # kustomize로 image tag 값 변경
      - name: Update Kubernetes resources
        run: |
          pwd
          cd eyestalk-manifest/overlays/prd/ 
          kustomize edit set image ${{ steps.login-ecr.outputs.registry }}/eyestalk-python=${{ steps.login-ecr.outputs.registry }}/eyestalk-python:${{ steps.tag_version.outputs.new_tag }}
          cat kustomization.yaml
      # 수정된 kustomization.yaml 파일 commit push
      - name: Commit manifest files
        env: 
          GITHUB_TOKEN: ${{ secrets.PAT }}
        run: |
          cd eyestalk-manifest
          git config --global user.email "namju2912@gmail.com"
          git config --global user.name "Jupiter-J"
          git config --global github.token ${{ secrets.PAT }}
          git commit -am "Update image tag ${{ steps.tag_version.outputs.new_tag }}"
          git push -u origin main

토큰이 자동 생성되는 부분에 본인의 토큰을 넣으면 된다
성공하게되면 manifest의 레파지토리와 현재 레파지토리의 이미지 태그가 동기화 된것을 확인 할 수 있다

profile
개발기록

0개의 댓글