fix(deploy): 183.99.177.40 + traefik-net, add CI/CD workflow

- 배포 대상 서버를 183.99.177.40로 확정 (DNS가 가리키는 서버, DB도 같은 곳) - docker-compose.prod.yml: external network를 traefik-net으로 변경 (toktork_server_default는 211 서버용이라 DNS와 불일치) - traefik.docker.network=traefik-net 라벨 추가 - .gitea/workflows/deploy.yml: main push 시 자동 배포 - CICD_SETUP.md: 시크릿 등록 및 Runner 설정 가이드
2026-04-25 02:50:19 +09:00
parent 6af863199f
commit 0a460d8bd5
3 changed files with 109 additions and 2 deletions
@@ -0,0 +1,55 @@
+name: Deploy momo-erp to production
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Setup SSH
+        run: |
+          mkdir -p ~/.ssh
+          echo "${{ secrets.DEPLOY_SSH_KEY }}" > ~/.ssh/id_rsa
+          chmod 600 ~/.ssh/id_rsa
+          ssh-keyscan -H ${{ secrets.DEPLOY_HOST }} >> ~/.ssh/known_hosts 2>/dev/null
+
+      - name: Deploy via SSH
+        env:
+          SSH_USER: ${{ secrets.DEPLOY_USER }}
+          SSH_HOST: ${{ secrets.DEPLOY_HOST }}
+          DATABASE_URL: ${{ secrets.DATABASE_URL }}
+          NEXTAUTH_URL: ${{ secrets.NEXTAUTH_URL }}
+          NEXTAUTH_SECRET: ${{ secrets.NEXTAUTH_SECRET }}
+          MASTER_PWD: ${{ secrets.MASTER_PWD }}
+          AES_KEY: ${{ secrets.AES_KEY }}
+        run: |
+          ssh -o StrictHostKeyChecking=no "$SSH_USER@$SSH_HOST" bash -s << 'REMOTE'
+          set -e
+          DEPLOY_DIR="$HOME/momo-erp/source"
+          mkdir -p "$HOME/momo-erp"
+          if [ -d "$DEPLOY_DIR/.git" ]; then
+            cd "$DEPLOY_DIR" && git fetch origin && git reset --hard origin/main
+          else
+            git clone https://git.junggomoa.com/chpark/distribution_erp.git "$DEPLOY_DIR"
+            cd "$DEPLOY_DIR"
+          fi
+          cat > .env.production <<EOF
+          DATABASE_URL="$DATABASE_URL"
+          NEXTAUTH_URL="$NEXTAUTH_URL"
+          NEXTAUTH_SECRET="$NEXTAUTH_SECRET"
+          NEXT_PUBLIC_APP_NAME="유통관리 ERP"
+          NEXT_PUBLIC_COMPANY_NAME="모모유통"
+          MASTER_PWD="$MASTER_PWD"
+          AES_KEY="$AES_KEY"
+          FILE_STORAGE_PATH="/data_storage"
+          LOG_LEVEL=info
+          EOF
+          docker compose -f docker-compose.prod.yml up -d --build
+          docker compose -f docker-compose.prod.yml ps
+          REMOTE
@@ -0,0 +1,48 @@
+# CI/CD 배포 가이드
+
+## 개요
+
+`.gitea/workflows/deploy.yml` 워크플로가 `main` 브랜치 푸시 시 자동으로
+배포 서버(183.99.177.40)에 SSH 접속 → `docker compose up -d --build` 실행합니다.
+
+## Gitea 시크릿 등록
+
+Gitea 저장소 → **Settings → Actions → Secrets** 에 다음 시크릿을 추가하세요:
+
+| 시크릿 이름 | 값 (예시) |
+|-------------|----------|
+| `DEPLOY_HOST` | `183.99.177.40` |
+| `DEPLOY_USER` | `chpark` |
+| `DEPLOY_SSH_KEY` | SSH 개인키 전체 (BEGIN/END 포함) |
+| `DATABASE_URL` | `postgresql://postgres:qlalfqjsgh11@183.99.177.40:5432/distribution` |
+| `NEXTAUTH_URL` | `https://momo.junggomoa.com` |
+| `NEXTAUTH_SECRET` | 임의의 32바이트 hex (현재 .env.production 값 재사용 가능) |
+| `MASTER_PWD` | `qlalfqjsgh11` |
+| `AES_KEY` | `ILJIAESSECRETKEY` |
+
+### SSH 키 생성 (최초 1회)
+
+로컬에서:
+```bash
+ssh-keygen -t ed25519 -C "gitea-deploy" -f ~/.ssh/momo_deploy -N ""
+# 공개키를 배포 서버에 등록
+ssh-copy-id -i ~/.ssh/momo_deploy.pub chpark@183.99.177.40
+# 개인키를 Gitea Secret `DEPLOY_SSH_KEY` 에 붙여넣기
+cat ~/.ssh/momo_deploy
+```
+
+## Gitea Actions Runner
+
+워크플로가 실행되려면 Gitea Actions Runner가 등록돼 있어야 합니다.
+`git.junggomoa.com` 인스턴스에 Runner가 이미 있으면 이 단계는 생략.
+없으면 배포 서버나 별도 머신에 [act_runner](https://gitea.com/gitea/act_runner) 설치 필요.
+
+## 수동 배포 (CI/CD 우회)
+
+긴급 시:
+```bash
+ssh chpark@183.99.177.40
+cd ~/momo-erp/source
+git pull
+docker compose -f docker-compose.prod.yml up -d --build
+```
@@ -1,18 +1,23 @@
 # 운영 배포 (Traefik + momo.junggomoa.com)
+# 대상 서버: 183.99.177.40 (Traefik v2.11 외부 네트워크 traefik-net 사용)
 # 사용: docker compose -f docker-compose.prod.yml up -d --build
 services:
  momo-erp:
    build:
      context: .
      dockerfile: Dockerfile
+    image: momo-erp:latest
    container_name: momo-erp
    restart: always
    env_file:
      - .env.production
    volumes:
      - ./data_storage:/data_storage
+    networks:
+      - traefik-net
    labels:
      - traefik.enable=true
+      - traefik.docker.network=traefik-net
      - traefik.http.routers.momo-erp.rule=Host(`momo.junggomoa.com`)
      - traefik.http.routers.momo-erp.entrypoints=websecure,web
      - traefik.http.routers.momo-erp.tls=true
@@ -20,6 +25,5 @@ services:
      - traefik.http.services.momo-erp.loadbalancer.server.port=3000

 networks:
-  default:
+  traefik-net:
    external: true
-    name: toktork_server_default