Skip to content

Commit

Permalink
feat: 운영 환경 깃헙 액션 실행 권한 체크 추가
Browse files Browse the repository at this point in the history
  • Loading branch information
@hocaron
hocaron committed Jun 23, 2024
1 parent e3b609f commit e9c5b7b
Show file tree
Hide file tree
Showing 6 changed files with 41 additions and 47 deletions.
2 changes: 1 addition & 1 deletion .github/workflows/cd-dev-admin.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ on:
workflow_dispatch:
inputs:
tag:
description: '개발환경에 배포할 서비스 버전을 입력합니다.'
description: '어드민 개발환경에 배포할 서비스 버전을 입력합니다.'
required: true

jobs:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/cd-dev-member.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ on:
workflow_dispatch:
inputs:
tag:
description: '개발환경에 배포할 서비스 버전을 입력합니다.'
description: '멤버 개발환경에 배포할 서비스 버전을 입력합니다.'
required: true

jobs:
Expand Down
2 changes: 1 addition & 1 deletion .github/workflows/cd-dev-recruit.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ on:
workflow_dispatch:
inputs:
tag:
description: '개발환경에 배포할 서비스 버전을 입력합니다.'
description: '리쿠르트 개발환경에 배포할 서비스 버전을 입력합니다.'
required: true

jobs:
Expand Down
28 changes: 13 additions & 15 deletions .github/workflows/cd-prod-admin.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,27 +2,25 @@ name: Mash-Up Admin Real CD

on:
workflow_dispatch:
inputs:
tag:
description: '개발환경에 배포할 서비스 버전을 입력합니다.'
required: true

jobs:
trigger:
name: 개발 환경 ${{ inputs.tag }} 배포한다
name: 운영 환경 production 배포한다
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 1

- name: Custom Deployment Task
- name: Check if actor is admin
id: check-admin
env:
TAG: ${{ inputs.tag }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
echo "Image Name: $IMAGE_NAME"
echo "Tag: $TAG"
user_login=${{ github.actor }}
repo=${{ github.repository }}
response=$(gh api repos/$repo/collaborators/$user_login/permission -q .permission)
if [[ "$response" != "admin" ]]; then
echo "이 워크플로우는 관리자만 실행할 수 있습니다."
exit 1
fi
- name: Excuting remote ssh commands
uses: appleboy/ssh-action@v1.0.3
Expand All @@ -36,4 +34,4 @@ jobs:
script: |
aws ecr get-login-password --region ap-northeast-2 | docker login --username AWS --password-stdin 321148231533.dkr.ecr.ap-northeast-2.amazonaws.com
cd /home/ec2-user/mashup-server/docker/deploy/admin/prod
sh ./deploy-admin.sh $TAG
sh ./deploy-admin.sh
28 changes: 13 additions & 15 deletions .github/workflows/cd-prod-member.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,27 +2,25 @@ name: Mash-Up Member Real CD

on:
workflow_dispatch:
inputs:
tag:
description: '개발환경에 배포할 서비스 버전을 입력합니다.'
required: true

jobs:
trigger:
name: 개발 환경 ${{ inputs.tag }} 배포한다
name: 운영 환경 production 배포한다
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 1

- name: Custom Deployment Task
- name: Check if actor is admin
id: check-admin
env:
TAG: ${{ inputs.tag }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
echo "Image Name: $IMAGE_NAME"
echo "Tag: $TAG"
user_login=${{ github.actor }}
repo=${{ github.repository }}
response=$(gh api repos/$repo/collaborators/$user_login/permission -q .permission)
if [[ "$response" != "admin" ]]; then
echo "이 워크플로우는 관리자만 실행할 수 있습니다."
exit 1
fi
- name: Excuting remote ssh commands
uses: appleboy/ssh-action@v1.0.3
Expand All @@ -36,4 +34,4 @@ jobs:
script: |
aws ecr get-login-password --region ap-northeast-2 | docker login --username AWS --password-stdin 321148231533.dkr.ecr.ap-northeast-2.amazonaws.com
cd /home/ec2-user/mashup-server/docker/deploy/member/prod
sh ./deploy-member.sh $TAG
sh ./deploy-member.sh
26 changes: 12 additions & 14 deletions .github/workflows/cd-prod-recruit.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -2,27 +2,25 @@ name: Mash-Up Recruit Real CD

on:
workflow_dispatch:
inputs:
tag:
description: '개발환경에 배포할 서비스 버전을 입력합니다.'
required: true

jobs:
trigger:
name: 개발 환경 ${{ inputs.tag }} 배포한다
name: 운영 환경 production 배포한다
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@v4
with:
fetch-depth: 1

- name: Custom Deployment Task
- name: Check if actor is admin
id: check-admin
env:
TAG: ${{ inputs.tag }}
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
echo "Image Name: $IMAGE_NAME"
echo "Tag: $TAG"
user_login=${{ github.actor }}
repo=${{ github.repository }}
response=$(gh api repos/$repo/collaborators/$user_login/permission -q .permission)
if [[ "$response" != "admin" ]]; then
echo "이 워크플로우는 관리자만 실행할 수 있습니다."
exit 1
fi
- name: Excuting remote ssh commands
uses: appleboy/ssh-action@v1.0.3
Expand Down

0 comments on commit e9c5b7b

Please sign in to comment.