From f5ec5627484dcb3f23c0153fa958ed4283fbe833 Mon Sep 17 00:00:00 2001
From: happybell80 <goeun2dcc@gmail.com>
Date: Tue, 8 Jul 2025 00:01:38 +0900
Subject: [PATCH] Implement atomic deployment with backup and rollback
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

- Use atomic swap strategy: tmp → backup → deploy
- Automatic backup with timestamp for rollback
- Clean up old backups (keep 5 latest)
- Safer file deployment preventing partial updates
- Based on 2024 GitOps best practices

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
---
 .github/workflows/deploy.yml | 54 ++++++++++++++++++------------------
 1 file changed, 27 insertions(+), 27 deletions(-)

diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
index 54072f8..d8fe122 100644
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@@ -56,33 +56,33 @@ jobs:
           ssh -p ${{ secrets.NAS_PORT }} admin@${{ secrets.NAS_HOST }} \
             "ls -la /var/run/docker.sock && id"
 
-      - name: Deploy with fresh Docker Compose
+      - name: Deploy with atomic swap
         run: |
-          ssh -p ${{ secrets.NAS_PORT }} admin@${{ secrets.NAS_HOST }} << 'EOF'
-            cd /volume1/homes/admin/nginx-infra
-            
-            # 1) Tear down everything so old services & networks go away
-            if ! docker ps > /dev/null 2>&1; then
-              echo "Using sudo for docker commands..."
-              sudo docker-compose down 2>/dev/null || true
-              # 2) Prune out any stopped containers, unused networks, images, and build cache
-              sudo docker system prune -f
-            else
-              echo "Direct docker access available..."
-              docker-compose down 2>/dev/null || true
-              # 2) Prune out any stopped containers, unused networks, images, and build cache
-              docker system prune -f
-            fi
-            
-            # 3) Double-check you're seeing the new compose file
-            echo "---- current compose file ----"
-            cat docker-compose.yml
-            echo "------------------------------"
-            
-            # 4) Rebuild from that file and bring up only your nginx service
-            if ! docker ps > /dev/null 2>&1; then
-              sudo docker-compose up -d --build
-            else
-              docker-compose up -d --build
+          tar czf - --exclude='.git' . | ssh -p ${{ secrets.NAS_PORT }} admin@${{ secrets.NAS_HOST }} bash -s << 'EOF'
+            set -euo pipefail
+
+            DEPLOY=/volume1/homes/admin/nginx-infra
+            TMPDIR=$(mktemp -d /tmp/deploy.XXXX)
+            BACKUP=${DEPLOY}-backup-$(date +%Y%m%d%H%M%S)
+
+            # 1) tar로 임시 디렉터리에 풀기
+            cd "$TMPDIR" && tar xzf -
+
+            # 2) 기존 배포물을 백업
+            if [ -d "$DEPLOY" ]; then
+              mv "$DEPLOY" "$BACKUP"
             fi
+
+            # 3) 임시 → 실제 위치로 교체
+            mv "$TMPDIR" "$DEPLOY"
+
+            # 4) 오래된 백업 5개만 남기기
+            ls -1dt ${DEPLOY}-backup-* 2>/dev/null | tail -n +6 | xargs -r rm -rf
+
+            echo "Deployed to $DEPLOY; backup saved at $BACKUP"
+
+            # 5) docker-compose 재시작
+            cd "$DEPLOY"
+            docker-compose down 2>/dev/null || true
+            docker-compose up -d --build
           EOF
\ No newline at end of file