Skip to content

๐Ÿ’ซ feat: ๋ฐฐํฌ ๋ฆฌ์†Œ์Šค ์ •๋ฆฌ ์ž๋™ํ™” ๋ฐ ์šด์˜ ์•ˆ์ •์„ฑ ๋ณด๊ฐ•#8

Merged
JoonKyoLee merged 5 commits into
developfrom
feature/deployment-resource-cleanup
Jul 14, 2026

Conversation

@JoonKyoLee

@JoonKyoLee JoonKyoLee commented Jul 14, 2026

Copy link
Copy Markdown
Member

#๏ธโƒฃ Issue Number

๐Ÿ“ ์š”์•ฝ(Summary)

  • GitHub Actions ๋ฐฐํฌ workflow์—์„œ deploy.sh๋ฅผ sudo๋กœ ์‹คํ–‰ํ•˜๋„๋ก ์ˆ˜์ •ํ•ด Nginx ์„ค์ • ๋ฐ˜์˜ ๋ฐ ์„œ๋น„์Šค reload ๊ถŒํ•œ ๋ฌธ์ œ๋ฅผ ํ•ด๊ฒฐํ–ˆ์Šต๋‹ˆ๋‹ค.
  • ๋ฐฐํฌ ์Šคํฌ๋ฆฝํŠธ์—์„œ ๋ฐฐํฌ ์„ฑ๊ณต ํ›„ docker image prune -f, docker container prune -f๋ฅผ ์ˆ˜ํ–‰ํ•˜๋„๋ก ๊ตฌ์„ฑํ•ด EC2 ๋‚ด๋ถ€ Docker ๋ฆฌ์†Œ์Šค ๋ˆ„์ ์„ ์ค„์ด๋„๋ก ํ–ˆ์Šต๋‹ˆ๋‹ค.
  • ECR ์ •๋ฆฌ์™€ EC2 ์ •๋ฆฌ์˜ ์ฑ…์ž„ ๋ฒ”์œ„๋ฅผ ๋ถ„๋ฆฌํ•˜๊ณ , ๋ฐฐํฌ ๋ฆฌ์†Œ์Šค ์ •๋ฆฌ ๊ธฐ์ค€์„ ๋ณ„๋„ ๋ฌธ์„œ๋กœ ์ •๋ฆฌํ–ˆ์Šต๋‹ˆ๋‹ค.

๐Ÿ“ ๋ฆฌ๋ทฐ ์š”์ฒญ์‚ฌํ•ญ

  • ๋ฐฐํฌ ์Šคํฌ๋ฆฝํŠธ๋Š” root ๊ถŒํ•œ์ด ํ•„์š”ํ•œ ์šด์˜ ์ž‘์—…์„ ํฌํ•จํ•˜๊ณ  ์žˆ์–ด workflow์—์„œ sudo ์‹คํ–‰ ๊ธฐ์ค€์œผ๋กœ ์ •๋ฆฌํ–ˆ์Šต๋‹ˆ๋‹ค.
  • EC2 ๋‚ด๋ถ€ ์ •๋ฆฌ๋Š” ์šฐ์„  ์•ˆ์ „ํ•œ ๋ฒ”์œ„์˜ prune๋งŒ ์ ์šฉํ•˜๊ณ , ๊ณต๊ฒฉ์ ์ธ ์ •๋ฆฌ ์ •์ฑ…์€ ์ดํ›„ ์šด์˜ ์ถ”์ด๋ฅผ ๋ณด๋ฉฐ ํ™•์žฅํ•  ์ˆ˜ ์žˆ๋„๋ก ๊ตฌ์„ฑํ–ˆ์Šต๋‹ˆ๋‹ค.
  • ECR์€ lifecycle policy, EC2๋Š” ๋ฐฐํฌ ํ›„ prune ๋ฐฉ์‹์œผ๋กœ ์ •๋ฆฌ ์ฑ…์ž„์„ ๋ถ„๋ฆฌํ–ˆ์Šต๋‹ˆ๋‹ค.

๐Ÿ’ป ํ…Œ์ŠคํŠธ ๊ฒฐ๊ณผ

  • ๋ฐฐํฌ workflow ์‹คํ–‰ ์ค‘ /etc/nginx/conf.d ๋ฐ˜์˜ ๊ถŒํ•œ ๋ฌธ์ œ ์›์ธ์„ ํ™•์ธํ–ˆ์Šต๋‹ˆ๋‹ค.
  • deploy.sh๋ฅผ sudo๋กœ ์‹คํ–‰ํ•˜๋„๋ก ๋ณ€๊ฒฝํ•ด ๊ถŒํ•œ ๋ฌธ์ œ ํ•ด๊ฒฐ ๋ฐฉํ–ฅ์„ ๋ฐ˜์˜ํ–ˆ์Šต๋‹ˆ๋‹ค.
  • ๋ฐฐํฌ ํ›„ Docker ๋ฆฌ์†Œ์Šค ์ •๋ฆฌ ๋ช…๋ น๊ณผ ์šด์˜ ๋ฌธ์„œ ๋ถ„๋ฆฌ๋ฅผ ์ฝ”๋“œ ๊ธฐ์ค€์œผ๋กœ ๋ฐ˜์˜ํ–ˆ์Šต๋‹ˆ๋‹ค.
  • ์‹ค์ œ ๋ฐฐํฌ ์žฌ์‹คํ–‰ ๊ฒฐ๊ณผ๋Š” GitHub Actions workflow ๊ธฐ์ค€์œผ๋กœ ์ถ”๊ฐ€ ํ™•์ธ ์˜ˆ์ •์ž…๋‹ˆ๋‹ค.

๐Ÿ“Œ ํฌ์ธํŠธ

  • ๋ฐฐํฌ ์ž๋™ํ™” ์ดํ›„ ๋ฐœ์ƒํ•  ์ˆ˜ ์žˆ๋Š” Docker ์ด๋ฏธ์ง€/์ปจํ…Œ์ด๋„ˆ ๋ˆ„์  ๋ฌธ์ œ๊นŒ์ง€ ๊ณ ๋ คํ•ด ์šด์˜ ์ž๋™ํ™” ๋ฒ”์œ„๋ฅผ ํ™•์žฅํ–ˆ์Šต๋‹ˆ๋‹ค.
  • ECR๊ณผ EC2์˜ ์ •๋ฆฌ ์ฑ…์ž„์„ ๋ถ„๋ฆฌํ•ด ๋ ˆ์ง€์ŠคํŠธ๋ฆฌ ๋ ˆ๋ฒจ๊ณผ ์„œ๋ฒ„ ๋ ˆ๋ฒจ์˜ ๋ฆฌ์†Œ์Šค ๊ด€๋ฆฌ๋ฅผ ๊ฐ๊ฐ ์„ค๊ณ„ํ–ˆ์Šต๋‹ˆ๋‹ค.

โœ๏ธ ํšŒ๊ณ 

  • ๋ฐฐํฌ ์„ฑ๊ณต ์ž์ฒด๋ฅผ ๋„˜์–ด์„œ, ์žฅ๊ธฐ ์šด์˜ ์‹œ ๋ฐœ์ƒํ•  ์ˆ˜ ์žˆ๋Š” ๋ฆฌ์†Œ์Šค ๋ˆ„์ ๊ณผ ๊ถŒํ•œ ๋ฌธ์ œ๊นŒ์ง€ ํ•จ๊ป˜ ๋‹ค๋ฃจ๋ฉฐ ์šด์˜ ์•ˆ์ •์„ฑ์„ ๋ณด๊ฐ•ํ–ˆ์Šต๋‹ˆ๋‹ค.

Summary by CodeRabbit

  • New Features

    • Automatically removes outdated local container images after successful deployments.
    • Preserves the currently deployed development and production images.
    • Performs best-effort cleanup of dangling images without affecting deployment results.
  • Documentation

    • Added deployment cleanup standards, including supported image cleanup practices and safeguards against overly aggressive pruning.

@JoonKyoLee JoonKyoLee self-assigned this Jul 14, 2026
@coderabbitai

coderabbitai Bot commented Jul 14, 2026

Copy link
Copy Markdown

Review Change Stack

No actionable comments were generated in the recent review. ๐ŸŽ‰

โ„น๏ธ Recent review info
โš™๏ธ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: b7f12c37-c780-4a30-bb19-a4254bc56c61

๐Ÿ“ฅ Commits

Reviewing files that changed from the base of the PR and between b340429 and 8080e9d.

๐Ÿ“’ Files selected for processing (2)
  • docs/deployment.md
  • scripts/deploy.sh
๐Ÿšง Files skipped from review as they are similar to previous changes (1)
  • docs/deployment.md

๐Ÿ“ Walkthrough

Walkthrough

Deployment cleanup standards are documented, and the deployment script now removes outdated local images from the same ECR repository and prunes dangling images after a successful Compose deployment.

Changes

Deployment operations

Layer / File(s) Summary
Post-deployment Docker cleanup
docs/deployment.md, scripts/deploy.sh
Documents ECR and EC2 cleanup rules, adds best-effort removal of non-current repository images, and invokes cleanup after Compose startup.

Estimated code review effort: 2 (Simple) | ~10 minutes

๐Ÿšฅ Pre-merge checks | โœ… 4 | โŒ 1

โŒ Failed checks (1 warning)

Check name Status Explanation Resolution
Linked Issues check โš ๏ธ Warning Cleanup automation and documentation were added, but the requested disk usage check point is not reflected in the changes. Add the disk usage verification/checkpoint to the deployment flow or docs, and confirm all cleanup requirements from #6 are covered.
โœ… Passed checks (4 passed)
Check name Status Explanation
Title check โœ… Passed The title is concise and directly reflects deployment resource cleanup automation and operational hardening.
Description check โœ… Passed The template sections are present and filled with issue number, summary, review notes, and test results.
Out of Scope Changes check โœ… Passed The changes stay focused on deployment cleanup, sudo execution, and documentation, with no clear unrelated additions.
Docstring Coverage โœ… Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
โœจ Finishing Touches
๐Ÿ“ Generate docstrings
  • Create stacked PR
  • Commit on current branch
๐Ÿงช Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feature/deployment-resource-cleanup

Comment @coderabbitai help to get the list of available commands.

@coderabbitai coderabbitai Bot left a comment

Copy link
Copy Markdown

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 7

๐Ÿค– Prompt for all review comments with AI agents
Verify each finding against current code. Fix only still-valid issues, skip the
rest with a brief reason, keep changes minimal, and validate.

Inline comments:
In @.github/workflows/deploy-dev.yml:
- Line 132: Replace the direct sudo invocation of the user-writable deploy.sh
path with a root-owned trusted deployment wrapper in
.github/workflows/deploy-dev.yml at line 132 and
.github/workflows/deploy-prod.yml at line 132, preserving the existing
environment and deployment arguments.
- Line 132: Update the remote deployment command invoking deploy.sh so ECR
authentication and docker compose pull execute under the same user context:
either perform the ECR login as root or remove sudo from the deploy.sh
invocation. Preserve the existing deployment arguments and ensure the
authenticated Docker context matches the context used by deploy.sh.

In @.github/workflows/deploy-prod.yml:
- Line 132: Update the deployment flow around scripts/deploy.sh so Docker
authentication and the subsequent docker compose pull run under the same user
context. Either perform the registry login as root before the sudo-managed
deploy, or remove sudo from the compose operation, while preserving the existing
production deployment arguments.

In `@scripts/deploy.sh`:
- Line 56: Update the cleanup step around docker image prune -f to explicitly
remove stale dev-${github.sha} and prod-${github.sha} deployment images while
retaining the current image, or revise related documentation so it no longer
claims those tagged images are reclaimed.
- Around line 55-57: Scope container cleanup in scripts/deploy.sh around docker
container prune so it removes only containers associated with this deployment,
rather than every stopped container on the host; retain the existing safe image
cleanup. Update docs/deployment.md lines 6-7 to describe the resulting scoped
behavior, or explicitly document the host-wide cleanup and require a dedicated
EC2 host if that behavior remains.
- Around line 55-57: Make the post-deployment cleanup commands in
scripts/deploy.sh best-effort under set -e: ensure failures from docker image
prune and docker container prune are logged as cleanup warnings while preserving
the successful deployment result and SSH exit status.
- Around line 52-53: Ensure Docker authentication and Compose use the same user:
update scripts/deploy.sh lines 52-53 to run docker compose as ${EC2_USER} rather
than root, while preserving the existing pull and up arguments. Update
.github/workflows/deploy-dev.yml line 132 and .github/workflows/deploy-prod.yml
line 132 as needed so deployment invokes deploy.sh without switching the Compose
commands to a different user.
๐Ÿช„ Autofix (Beta)

Fix all unresolved CodeRabbit comments on this PR:

  • Push a commit to this branch (recommended)
  • Create a new PR with the fixes

โ„น๏ธ Review info
โš™๏ธ Run configuration

Configuration used: defaults

Review profile: CHILL

Plan: Pro Plus

Run ID: 3eb82c48-2e7e-4bef-bd72-9d57f5229c95

๐Ÿ“ฅ Commits

Reviewing files that changed from the base of the PR and between 288773a and b340429.

๐Ÿ“’ Files selected for processing (4)
  • .github/workflows/deploy-dev.yml
  • .github/workflows/deploy-prod.yml
  • docs/deployment.md
  • scripts/deploy.sh

Comment thread .github/workflows/deploy-dev.yml Outdated
Comment thread .github/workflows/deploy-prod.yml Outdated
Comment thread scripts/deploy.sh
Comment thread scripts/deploy.sh Outdated
Comment thread scripts/deploy.sh Outdated
@JoonKyoLee JoonKyoLee merged commit a11a24a into develop Jul 14, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

1 participant