tukcomCD2024 · seokho-1116 · Jul 30, 2024 · Jul 29, 2024 · Jul 30, 2024 · Jul 30, 2024
diff --git a/.github/workflows/animation-application-prod-ci-cd-flow.yml b/.github/workflows/animation-application-prod-ci-cd-flow.yml
@@ -0,0 +1,108 @@
+name: animation-prod-application-ci/cd
+
+on:
+  push:
+    branches:
+      - prod_back_animation
+      - build/cicd-prod-B-#580
+      - 'hotfix/[0-9a-zA-z]+-B-animation-#[0-9a-zA-z]+'
+  pull_request:
+    branches:
+      - prod_back_animation
+
+jobs:
+  deploy-animation:
+    name: animation application deploy
+    if: ${{ github.event_name == 'push' }}
+    runs-on: ubuntu-latest
+
+    defaults:
+      run:
+        working-directory: ./backend/AnimatedDrawings
+
+    permissions:
+      id-token: write
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+          token: ${{ secrets.CI_PAT }}
+
+      - name: move yaml files
+        run: |
+          mkdir -p ./config/yaml
+          cp -r ../core/src/main/resources/config ./application/config/yaml
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ secrets.AWS_ROLE_ARN }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Login to Amazon ECR
+        id: login-ecr
+        uses: aws-actions/amazon-ecr-login@v2
+
+      - name: Extract metadata (tags, labels) for Docker
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: |
+            ${{ steps.login-ecr.outputs.registry }}/${{ secrets.AWS_PROD_ECR_ANIMATION_REPOSITORY_NAME }}
+          tags: |
+            type=raw,value={{date 'YYYYMMDD-HHmmss'}}
+
+      - name: Build and push
+        uses: docker/build-push-action@v5
+        with:
+          context: ./backend/AnimatedDrawings
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          provenance: false
+
+      - name: Get Github action IP
+        id: ip
+        uses: haythem/[email protected]
+
+      - name: Add Github Actions IP to Security group
+        run: |
+          aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_PROD_ANIMATION_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
+
+      - name: Connect ec2 and Run Docker Container
+        uses: appleboy/[email protected]
+        env:
+          AWS_ECR_REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+        with:
+          host: ${{ secrets.SSH_PROD_ANIMATION_HOST }}
+          username: ${{ secrets.SSH_USERNAME }}
+          key: ${{ secrets.SSH_PROD_ANIMATION_PRIVATE_KEY }}
+          port: ${{ secrets.SSH_PORT }}
+          script: |
+            docker ps -q --filter "name=animated_drawings" | xargs -r docker stop
+            docker ps -aq --filter "name=animated_drawings" | xargs -r docker rm
+            aws ecr get-login-password --region ${{ secrets.AWS_REGION }} | docker login --username ${{ secrets.AWS_DOCKER_USER }} --password-stdin ${{ secrets.AWS_USER_ID }}.dkr.ecr.${{ secrets.AWS_REGION }}.amazonaws.com
+            docker image prune -f
+            docker pull ${{ steps.meta.outputs.tags }}
+            docker run -d -p 5555:5555 -p 9001:9001 --name animated_drawings -e ENVIRONMENT='dev' ${{ steps.meta.outputs.tags }}
+
+      - name: Remove Github Actions IP from security group
+        if: always()
+        run: |
+          aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_PROD_ANIMATION_SG_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
+
+      - uses: sarisia/actions-status-discord@v1
+        if: success()
+        with:
+          webhook: ${{ secrets.DISCORD_WEBHOOK }}
+          status: ${{ job.status }}
+          content: "여러분 <@384742716933668867> <@1084774841460215839> <@545902166842408960> <@1081452554149449748>\n 배포 완료했습니다!!"
+          title: "애니메이션 서버 배포 완료 알림"
+          description: "백엔드 애니메이션 개발 브랜치에 깃허브 액션으로 배포 완료"
+          image: ${{ secrets.EMBED_IMAGE }}
+          color: 0x0000ff
+          url: "https://github.com/tukcomCD2024/DroidBlossom/actions"
+          username: GitHub Actions Bot
+          avatar_url: ${{ secrets.AVATAR_URL }}
diff --git a/backend/AnimatedDrawings/application/celery_app.py b/backend/AnimatedDrawings/application/celery_app.py
@@ -5,12 +5,18 @@
 
 queue_config = QueueConfig()
 celery = Celery('application.task',
-                broker=queue_config.get_celery_broker_url(),
-                include=['application.task.tasks'])
+                broker=queue_config.get_broker_url(),
+                include=['application.task.tasks']
+                )
 
 celery.conf.result_expires = 300
-celery.conf.task_queues = (
-    Queue('task.makeAnimation.queue'),
-    Queue('task.saveCapsuleSkin.queue'),
-    Queue('task.sendNotification.queue')
-)
+celery.conf.task_queues = (Queue('task.makeAnimation.queue'),
+                           Queue('task.saveCapsuleSkin.queue'),
+                           Queue('task.sendNotification.queue')
+                           )
+
+if queue_config.PROTOCOL == 'amqps':
+    import ssl
+    celery.conf.broker_use_ssl = {
+        'cert_reqs': ssl.CERT_REQUIRED
+    }
diff --git a/backend/AnimatedDrawings/application/config/queue_config.py b/backend/AnimatedDrawings/application/config/queue_config.py
@@ -2,9 +2,11 @@
 
 
 class QueueConfig:
+    PROTOCOL = RootConfig.CONFIG_FILE['rabbitmq']['protocol']
     USERNAME = RootConfig.CONFIG_FILE['rabbitmq']['username']
     BROKER_HOST = RootConfig.CONFIG_FILE['rabbitmq']['host']
     PASSWORD = RootConfig.CONFIG_FILE['rabbitmq']['password']
+    PORT = RootConfig.CONFIG_FILE['rabbitmq']['port']
     VIRTUAL_HOST = RootConfig.CONFIG_FILE['rabbitmq']['virtual-host']
     CAPSULE_SKIN_REQUEST_QUEUE_NAME = RootConfig.CONFIG_FILE['rabbitmq'][
         'queue_name']
@@ -16,12 +18,12 @@ class QueueConfig:
         'notification_queue_name']
 
     @staticmethod
-    def get_celery_broker_url() -> str:
-        return 'pyamqp://%s:%s@%s:5672%s' % (QueueConfig.USERNAME,
-                                             QueueConfig.PASSWORD,
-                                             QueueConfig.BROKER_HOST,
-                                             QueueConfig.VIRTUAL_HOST)
-
-    @staticmethod
-    def get_kombu_broker_url() -> str:
-        return f'amqp://{QueueConfig.USERNAME}:{QueueConfig.PASSWORD}@{QueueConfig.BROKER_HOST}/{QueueConfig.VIRTUAL_HOST}'
+    def get_broker_url() -> str:
+        return (
+            f'{QueueConfig.PROTOCOL}://'
+            f'{QueueConfig.USERNAME}:'
+            f'{QueueConfig.PASSWORD}@'
+            f'{QueueConfig.BROKER_HOST}:'
+            f'{QueueConfig.PORT}'
+            f'{QueueConfig.VIRTUAL_HOST}'
+        )
diff --git a/backend/AnimatedDrawings/application/config/yml b/backend/AnimatedDrawings/application/config/yml
diff --git a/backend/AnimatedDrawings/application/kombu_connection_pool.py b/backend/AnimatedDrawings/application/kombu_connection_pool.py
@@ -18,8 +18,16 @@ def errback(exc, interval):
 connections = pools.Connections(limit=2)
 producers = pools.Producers(limit=2)
 
-connection = Connection(hostname=QueueConfig.get_kombu_broker_url(),
+if QueueConfig.PROTOCOL == 'amqps':
+    import ssl
+    ssl_option = {
+        'cert_reqs': ssl.CERT_REQUIRED
+    }
+else:
+    ssl_option = None
+connection = Connection(hostname=QueueConfig.get_broker_url(),
                         connect_timeout=7,
+                        ssl=ssl_option,
                         errback=errback)
 
 logger.info('레빗 엠큐 커넥션 풀 연결 설정 완료')