feat: DockerHub 이미지 업로드 기능 추가

Author: MU-Software

.github/workflows/release.yaml .github/workflows/release-lambda.yaml.github/workflows/release.yaml renamed to .github/workflows/release-lambda.yaml

@@ -76,7 +76,7 @@ jobs:
           cache-from: type=gha
           cache-to: type=gha,mode=max
           context: .
-          file: ./infra/Dockerfile
+          file: ./infra/lambda.Dockerfile
           platforms: linux/amd64
           provenance: false
           build-args: |

.github/workflows/release-server.yaml

@@ -0,0 +1,151 @@
+name: Release
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}-${{ github.event_name }}
+  cancel-in-progress: true
+
+on:
+  workflow_dispatch:
+    inputs:
+      WORKFLOW_PHASE:
+        description: "배포할 대상 환경을 선택하세요."
+        required: true
+        default: dev
+        type: choice
+        options:
+          - dev
+          - prod
+  push:
+    branches:
+      - "main"
+
+jobs:
+  BuildAndDeploy:
+    runs-on: ubuntu-latest
+
+    env:
+      API_STAGE: ${{ github.event_name == 'workflow_dispatch' && inputs.WORKFLOW_PHASE || 'dev' }}
+      BUMP_RULE: ${{ (github.event_name == 'workflow_dispatch' && inputs.WORKFLOW_PHASE || 'dev') == 'dev' && '--stage' || '' }}
+
+    steps:
+      # Checkout source codes
+      - name: Checkout source codes
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 0
+
+      - name: Install uv
+        uses: astral-sh/setup-uv@v5
+        with:
+          enable-cache: true
+          ignore-nothing-to-cache: true
+
+      - name: Install dependencies
+        run: uv sync --only-group=deployment
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Get current date, repo name and release tag version
+        id: info
+        run: |
+          LATEST_TAG=$(git tag -l --sort=-creatordate | head -n 1)
+          echo "::set-output name=TAG::$(python ./.github/scripts/get_new_version.py --current=$LATEST_TAG ${{ env.BUMP_RULE }})"
+          echo "::set-output name=date::$(date +'%Y-%m-%d_%H:%M:%S')"
+          echo "::set-output name=repository_name::$(echo ${{ github.repository }} | sed -e 's/${{ github.repository_owner }}\///')"
+
+      # Build and Push Docker image to Docker Hub
+      - name: Build and Push Docker image to Docker Hub
+        uses: docker/build-push-action@v5
+        with:
+          push: true
+          tags: |
+            ${{ secrets.DOCKERHUB_IMAGE }}:${{ steps.info.outputs.TAG }}
+            ${{ secrets.DOCKERHUB_IMAGE }}:latest
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+          context: .
+          file: ./infra/server.Dockerfile
+          platforms: linux/amd64
+          provenance: false
+          build-args: |
+            RELEASE_VERSION=${{ steps.info.outputs.TAG }}
+            GIT_HASH=${{ github.sha }}
+            IMAGE_BUILD_DATETIME=${{ steps.info.outputs.date }}
+
+      # Create git tag
+      - name: Create and push git tag
+        run: |
+          git tag ${{ steps.info.outputs.TAG }}
+          git push origin ${{ steps.info.outputs.TAG }}
+
+      # Notify to Slack (Success)
+      - name: Notify deployment to Slack
+        if: failure() || cancelled()
+        uses: slackapi/slack-github-action@v1.26.0
+        with:
+          channel-id: ${{ vars.SLACK_DEPLOYMENT_ALERT_CHANNEL }}
+          payload: |
+            {
+              "blocks": [
+                {
+                  "type": "header",
+                  "text": {
+                    "type": "plain_text",
+                    "text": "${{ steps.info.outputs.repository_name }} ${{ steps.info.outputs.TAG }} 버전 Build & Push 실패 :rotating_light: (${{ job.status }})",
+                    "emoji": true
+                  }
+                },
+                {
+                  "type": "section",
+                  "text": {"type": "mrkdwn", "text": "GitHub Action 바로가기"},
+                  "accessory": {
+                    "type": "button",
+                    "text": {"type": "plain_text", "text": "${{ github.run_id }}"},
+                    "value": "github_action",
+                    "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}",
+                    "action_id": "button-action"
+                  }
+                }
+              ]
+            }
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}
+
+      # Notify to Slack (Failure)
+      - name: Notify deployment to Slack
+        uses: slackapi/slack-github-action@v1.26.0
+        with:
+          channel-id: ${{ vars.SLACK_DEPLOYMENT_ALERT_CHANNEL }}
+          payload: |
+            {
+              "blocks": [
+                {
+                  "type": "header",
+                  "text": {
+                    "type": "plain_text",
+                    "text": "${{ steps.info.outputs.repository_name }} ${{ steps.info.outputs.TAG }} 버전 Build & Push 성공 :tada:",
+                    "emoji": true
+                  }
+                },
+                {
+                  "type": "section",
+                  "text": {"type": "mrkdwn", "text": "GitHub Action 바로가기"},
+                  "accessory": {
+                    "type": "button",
+                    "text": {"type": "plain_text", "text": "${{ github.run_id }}"},
+                    "value": "github_action",
+                    "url": "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}",
+                    "action_id": "button-action"
+                  }
+                }
+              ]
+            }
+        env:
+          SLACK_BOT_TOKEN: ${{ secrets.SLACK_BOT_TOKEN }}

Makefile

@@ -3,12 +3,8 @@ PROJECT_DIR := $(dir $(MKFILE_PATH))
 
 # Set additional build args for docker image build using make arguments
 IMAGE_NAME := pycon_backend
-ifeq (docker-build,$(firstword $(MAKECMDGOALS)))
-  TAG_NAME := $(wordlist 2,$(words $(MAKECMDGOALS)),$(MAKECMDGOALS))
-  $(eval $(TAG_NAME):;@:)
-endif
-TAG_NAME := $(if $(TAG_NAME),$(TAG_NAME),local)
-CONTAINER_NAME = $(IMAGE_NAME)_$(TAG_NAME)_container
+LAMBDA_CONTAINER_NAME = $(IMAGE_NAME)_lambda_container
+SERVER_CONTAINER_NAME = $(IMAGE_NAME)_server_container
 
 ifeq ($(DOCKER_DEBUG),true)
 	DOCKER_MID_BUILD_OPTIONS = --progress=plain --no-cache
@@ -107,39 +103,68 @@ zappa-export:
 	uv run zappa save-python-settings-file
 
 # =============================================================================
-# Docker related commands
+# Docker related commands (Lambda)
 
-# Docker image build
-# Usage: make docker-build <tag-name:=local>
-# if you want to build with debug mode, set DOCKER_DEBUG=true
-# ex) make docker-build or make docker-build some_TAG_NAME DOCKER_DEBUG=true
-docker-build:
+# Lambda Docker image build
+docker-lambda-build:
 	@docker build \
-		-f ./infra/Dockerfile -t $(IMAGE_NAME):$(TAG_NAME) \
+		-f ./infra/lambda.Dockerfile -t $(IMAGE_NAME):lambda \
 		--build-arg GIT_HASH=$(shell git rev-parse HEAD) \
 		--build-arg IMAGE_BUILD_DATETIME=$(shell date +%Y-%m-%d_%H:%M:%S) \
 		$(DOCKER_MID_BUILD_OPTIONS) $(PROJECT_DIR) $(DOCKER_END_BUILD_OPTIONS)
 
-docker-run: docker-compose-up
-	@(docker stop $(CONTAINER_NAME) || true && docker rm $(CONTAINER_NAME) || true) > /dev/null 2>&1
+docker-lambda-run: docker-compose-up
+	@(docker stop $(LAMBDA_CONTAINER_NAME) || true && docker rm $(LAMBDA_CONTAINER_NAME) || true) > /dev/null 2>&1
 	@docker run -d --rm \
 		-p 48000:8080 \
 		--env-file envfile/.env.local --env-file envfile/.env.docker \
-		--name $(CONTAINER_NAME) \
-		$(IMAGE_NAME):$(TAG_NAME)
+		--name $(LAMBDA_CONTAINER_NAME) \
+		$(IMAGE_NAME):lambda
 
-docker-readyz:
+docker-lambda-readyz:
 	curl -X POST http://localhost:48000/2015-03-31/functions/function/invocations -d $(AWS_LAMBDA_READYZ_PAYLOAD) | jq '.body | fromjson'
 
-docker-test: docker-run docker-readyz
+docker-lambda-test: docker-lambda-run docker-lambda-readyz
+
+docker-lambda-build-and-test: docker-lambda-build docker-lambda-test
+
+docker-lambda-stop:
+	docker stop $(LAMBDA_CONTAINER_NAME) || true
+
+docker-lambda-rm: docker-lambda-stop
+	docker rm $(LAMBDA_CONTAINER_NAME) || true
+
+# =============================================================================
+# Docker related commands (Server)
+
+# Server Docker image build
+docker-server-build:
+	@docker build \
+		-f ./infra/server.Dockerfile -t $(IMAGE_NAME):server \
+		--build-arg GIT_HASH=$(shell git rev-parse HEAD) \
+		--build-arg IMAGE_BUILD_DATETIME=$(shell date +%Y-%m-%d_%H:%M:%S) \
+		$(DOCKER_MID_BUILD_OPTIONS) $(PROJECT_DIR) $(DOCKER_END_BUILD_OPTIONS)
+
+docker-server-run: docker-compose-up
+	@(docker stop $(SERVER_CONTAINER_NAME) || true && docker rm $(SERVER_CONTAINER_NAME) || true) > /dev/null 2>&1
+	@docker run -d --rm \
+		-p 8000:8000 \
+		--env-file envfile/.env.local --env-file envfile/.env.docker \
+		--name $(SERVER_CONTAINER_NAME) \
+		$(IMAGE_NAME):server
+
+docker-server-readyz:
+	curl -s http://localhost:8000/readyz/ | jq '.'
+
+docker-server-test: docker-server-run docker-server-readyz
 
-docker-build-and-test: docker-build docker-test
+docker-server-build-and-test: docker-server-build docker-server-test
 
-docker-stop:
-	docker stop $(CONTAINER_NAME) || true
+docker-server-stop:
+	docker stop $(SERVER_CONTAINER_NAME) || true
 
-docker-rm: docker-stop
-	docker rm $(CONTAINER_NAME) || true
+docker-server-rm: docker-server-stop
+	docker rm $(SERVER_CONTAINER_NAME) || true
 
 # Docker compose setup
 # Below commands are for local development only

infra/Dockerfile infra/lambda.Dockerfileinfra/Dockerfile renamed to infra/lambda.Dockerfile

@@ -0,0 +1,48 @@
+ARG PYTHON_VERSION=3.12
+FROM python:${PYTHON_VERSION}-slim
+WORKDIR /app
+SHELL [ "/bin/bash", "-euxvc"]
+
+ENV PATH="${PATH}:/root/.local/bin:" \
+    TZ=Asia/Seoul \
+    LANG=C.UTF-8 \
+    LC_ALL=C.UTF-8 \
+    PYTHONIOENCODING=UTF-8 \
+    PYTHONUNBUFFERED=1 \
+    UV_COMPILE_BYTECODE=1 \
+    UV_CONCURRENT_DOWNLOADS=32 \
+    UV_LINK_MODE=copy \
+    UV_PROJECT_ENVIRONMENT="/usr/local" \
+    UV_PYTHON_DOWNLOADS=0
+
+# Setup timezone and install system dependencies
+RUN ln -snf /usr/share/zoneinfo/$TZ /etc/localtime && echo $TZ > /etc/timezone
+
+# Install dependencies
+COPY --from=ghcr.io/astral-sh/uv:latest /uv /uvx /bin/
+COPY --chown=nobody:nobody pyproject.toml uv.lock ./
+RUN --mount=type=cache,target=/root/.cache/uv \
+    apt-get update \
+    && apt-get install -y --no-install-recommends gcc libpq-dev \
+    && rm -rf /var/lib/apt/lists/* \
+    && uv sync --no-default-groups --frozen
+
+ARG GIT_HASH
+ARG RELEASE_VERSION=unknown
+ENV DEPLOYMENT_GIT_HASH=$GIT_HASH
+ENV DEPLOYMENT_RELEASE_VERSION=$RELEASE_VERSION
+
+# Make docker to always copy app directory so that source code can be refreshed.
+ARG IMAGE_BUILD_DATETIME=unknown
+ENV DEPLOYMENT_IMAGE_BUILD_DATETIME=$IMAGE_BUILD_DATETIME
+
+# Copy main app
+COPY --chown=nobody:nobody app/ ./
+
+ENV DJANGO_SETTINGS_MODULE="core.settings"
+
+EXPOSE 8000
+
+# The reason for using nobody user is to avoid running the app as root, which can be a security risk.
+USER nobody
+CMD ["gunicorn", "core.wsgi:application", "--bind", "0.0.0.0:8000", "--workers", "4", "--timeout", "30"]

infra/server.Dockerfile

@@ -22,6 +22,7 @@ dependencies = [
     "drf-spectacular>=0.28.0",
     "drf-standardized-errors[openapi]>=0.14.1",
     "faker>=37.3.0",
+    "gunicorn>=23.0.0",
     "google-api-python-client>=2.179.0",
     "google-auth-httplib2>=0.2.0",
     "google-auth-oauthlib>=1.2.2",