Implement atomic deployment with backup and rollback

- Use atomic swap strategy: tmp → backup → deploy - Automatic backup with timestamp for rollback - Clean up old backups (keep 5 latest) - Safer file deployment preventing partial updates - Based on 2024 GitOps best practices 🤖 Generated with [Claude Code](https://claude.ai/code) Co-Authored-By: Claude <noreply@anthropic.com>
2025-07-08 00:01:38 +09:00 · 2025-07-08 00:01:38 +09:00 · f5ec562748
commit f5ec562748
parent 2d90d40b3a
1 changed files with 27 additions and 27 deletions
--- a/.github/workflows/deploy.yml
+++ b/.github/workflows/deploy.yml
@ -56,33 +56,33 @@ jobs:
          ssh -p ${{ secrets.NAS_PORT }} admin@${{ secrets.NAS_HOST }} \
            "ls -la /var/run/docker.sock && id"

-      - name: Deploy with fresh Docker Compose
+      - name: Deploy with atomic swap
        run: |
-          ssh -p ${{ secrets.NAS_PORT }} admin@${{ secrets.NAS_HOST }} << 'EOF'
-            cd /volume1/homes/admin/nginx-infra
-            
-            # 1) Tear down everything so old services & networks go away
-            if ! docker ps > /dev/null 2>&1; then
-              echo "Using sudo for docker commands..."
-              sudo docker-compose down 2>/dev/null || true
-              # 2) Prune out any stopped containers, unused networks, images, and build cache
-              sudo docker system prune -f
-            else
-              echo "Direct docker access available..."
-              docker-compose down 2>/dev/null || true
-              # 2) Prune out any stopped containers, unused networks, images, and build cache
-              docker system prune -f
-            fi
-            
-            # 3) Double-check you're seeing the new compose file
-            echo "---- current compose file ----"
-            cat docker-compose.yml
-            echo "------------------------------"
-            
-            # 4) Rebuild from that file and bring up only your nginx service
-            if ! docker ps > /dev/null 2>&1; then
-              sudo docker-compose up -d --build
-            else
-              docker-compose up -d --build
+          tar czf - --exclude='.git' . | ssh -p ${{ secrets.NAS_PORT }} admin@${{ secrets.NAS_HOST }} bash -s << 'EOF'
+            set -euo pipefail
+
+            DEPLOY=/volume1/homes/admin/nginx-infra
+            TMPDIR=$(mktemp -d /tmp/deploy.XXXX)
+            BACKUP=${DEPLOY}-backup-$(date +%Y%m%d%H%M%S)
+
+            # 1) tar로 임시 디렉터리에 풀기
+            cd "$TMPDIR" && tar xzf -
+
+            # 2) 기존 배포물을 백업
+            if [ -d "$DEPLOY" ]; then
+              mv "$DEPLOY" "$BACKUP"
            fi
+
+            # 3) 임시 → 실제 위치로 교체
+            mv "$TMPDIR" "$DEPLOY"
+
+            # 4) 오래된 백업 5개만 남기기
+            ls -1dt ${DEPLOY}-backup-* 2>/dev/null | tail -n +6 | xargs -r rm -rf
+
+            echo "Deployed to $DEPLOY; backup saved at $BACKUP"
+
+            # 5) docker-compose 재시작
+            cd "$DEPLOY"
+            docker-compose down 2>/dev/null || true
+            docker-compose up -d --build
          EOF