@@ -65,68 +65,69 @@ jobs:
6565 tags : ${{ steps.vars.outputs.image }}
6666 cache-from : type=gha
6767 cache-to : type=gha,mode=max
68- - name : Deploy over SSH (no SSM)
69- uses : appleboy/ssh-action@v1.2.1
70- with :
71- host : ${{ vars.EC2_PUBLIC_IP }}
72- username : ubuntu
73- key : ${{ secrets.EC2_SSH_KEY }}
74- port : 22
75- script_stop : true
76- envs : AWS_REGION,APP_PORT,SERVICE_NAME
77- script : |
78- set -eu
79-
80- REGION="${AWS_REGION}"
81- IMAGE="${{ steps.vars.outputs.image }}"
82- SERVICE="${SERVICE_NAME}"
83- PORT="${APP_PORT}"
84-
85- # --- Ensure Docker (Ubuntu 24.04-safe: remove conflicts, use Docker repo .asc key) ---
86- if ! command -v docker >/dev/null 2>&1; then
87- if command -v apt-get >/dev/null 2>&1; then
88- sudo apt-get update -y
89- for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do
90- sudo apt-get remove -y "$pkg" || true
91- done
92- sudo apt-get install -y ca-certificates curl unzip
93- sudo install -m 0755 -d /etc/apt/keyrings
94- curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo tee /etc/apt/keyrings/docker.asc >/dev/null
95- sudo chmod a+r /etc/apt/keyrings/docker.asc
96- . /etc/os-release
97- echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $VERSION_CODENAME stable" | sudo tee /etc/apt/sources.list.d/docker.list >/dev/null
98- sudo apt-get update -y
99- sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
100- elif command -v dnf >/dev/null 2>&1; then
101- sudo dnf -y update || true
102- sudo dnf -y install docker curl unzip || sudo yum -y install docker curl unzip
103- elif command -v yum >/dev/null 2>&1; then
104- sudo yum -y update || true
105- sudo yum -y install docker curl unzip
106- else
107- echo "no supported package manager found"; exit 1
108- fi
109- fi
110-
111- sudo systemctl enable --now docker || true
112-
113- # --- ECR login (non-TTY per AWS docs) ---
114- ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
115- REGISTRY="${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com"
116- aws ecr get-login-password --region "$REGION" | sudo docker login --username AWS --password-stdin "$REGISTRY"
117-
118- # --- Pull & run: host 80 -> container ${PORT} ---
119- sudo docker rm -f "$SERVICE" || true
120- sudo docker pull "$IMAGE"
121- sudo docker run -d --restart unless-stopped --name "$SERVICE" -p 80:"$PORT" "$IMAGE"
122-
123- # --- Health check w/ retries (avoid curl 56 during boot) ---
124- for i in $(seq 1 30); do
125- code=$(curl -sS -o /dev/null -w '%{http_code}' http://localhost/hello || true)
126- [ "$code" = "200" ] && { echo "Health: OK (200)"; break; }
127- echo "Health: not ready (code=${code:-none}), retrying..."
128- sleep 3
129- done
130-
131- # Evidence
132- sudo docker ps --format 'table {{.Names}}\t{{.Image}}\t{{.Ports}}'
68+
69+ - name : Deploy over SSH (no SSM)
70+ uses : appleboy/ssh-action@[email protected]
71+ with :
72+ host : ${{ vars.EC2_PUBLIC_IP }}
73+ username : ubuntu
74+ key : ${{ secrets.EC2_SSH_KEY }}
75+ port : 22
76+ script_stop : true
77+ envs : AWS_REGION,APP_PORT,SERVICE_NAME
78+ script : |
79+ set -eu
80+
81+ REGION="${AWS_REGION}"
82+ IMAGE="${{ steps.vars.outputs.image }}"
83+ SERVICE="${SERVICE_NAME}"
84+ PORT="${APP_PORT}"
85+
86+ # --- Ensure Docker (Ubuntu 24.04-safe: remove conflicts, use Docker repo .asc key) ---
87+ if ! command -v docker >/dev/null 2>&1; then
88+ if command -v apt-get >/dev/null 2>&1; then
89+ sudo apt-get update -y
90+ for pkg in docker.io docker-doc docker-compose docker-compose-v2 podman-docker containerd runc; do
91+ sudo apt-get remove -y "$pkg" || true
92+ done
93+ sudo apt-get install -y ca-certificates curl unzip
94+ sudo install -m 0755 -d /etc/apt/keyrings
95+ curl -fsSL https://download.docker.com/linux/ubuntu/gpg | sudo tee /etc/apt/keyrings/docker.asc >/dev/null
96+ sudo chmod a+r /etc/apt/keyrings/docker.asc
97+ . /etc/os-release
98+ echo "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/ubuntu $VERSION_CODENAME stable" | sudo tee /etc/apt/sources.list.d/docker.list >/dev/null
99+ sudo apt-get update -y
100+ sudo apt-get install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-plugin
101+ elif command -v dnf >/dev/null 2>&1; then
102+ sudo dnf -y update || true
103+ sudo dnf -y install docker curl unzip || sudo yum -y install docker curl unzip
104+ elif command -v yum >/dev/null 2>&1; then
105+ sudo yum -y update || true
106+ sudo yum -y install docker curl unzip
107+ else
108+ echo "no supported package manager found"; exit 1
109+ fi
110+ fi
111+
112+ sudo systemctl enable --now docker || true
113+
114+ # --- ECR login (non-TTY per AWS docs) ---
115+ ACCOUNT_ID=$(aws sts get-caller-identity --query Account --output text)
116+ REGISTRY="${ACCOUNT_ID}.dkr.ecr.${REGION}.amazonaws.com"
117+ aws ecr get-login-password --region "$REGION" | sudo docker login --username AWS --password-stdin "$REGISTRY"
118+
119+ # --- Pull & run: host 80 -> container ${PORT} ---
120+ sudo docker rm -f "$SERVICE" || true
121+ sudo docker pull "$IMAGE"
122+ sudo docker run -d --restart unless-stopped --name "$SERVICE" -p 80:"$PORT" "$IMAGE"
123+
124+ # --- Health check w/ retries (avoid curl 56 during boot) ---
125+ for i in $(seq 1 30); do
126+ code=$(curl -sS -o /dev/null -w '%{http_code}' http://localhost/hello || true)
127+ [ "$code" = "200" ] && { echo "Health: OK (200)"; break; }
128+ echo "Health: not ready (code=${code:-none}), retrying..."
129+ sleep 3
130+ done
131+
132+ # Evidence
133+ sudo docker ps --format 'table {{.Names}}\t{{.Image}}\t{{.Ports}}'
0 commit comments