Merge branch 'main' of https://github.com/Octa-Cloud/BE-auth-service

Author: KoungQ

.gitattributes

@@ -0,0 +1,3 @@
+/gradlew text eol=lf
+*.bat text eol=crlf
+*.jar binary

.github/pull_request_template.md

@@ -0,0 +1,20 @@
+## 📌 관련 이슈
+- 관련된 이슈 번호를 적어주세요. (예: #12)
+
+## ✨ 변경 사항
+- 이번 PR에서 변경된 주요 내용을 간단히 작성해주세요.
+    - 기능 추가/수정/삭제
+    - 버그 수정
+    - 리팩토링
+
+## ✅ 체크리스트
+- [ ] 코드 스타일 가이드 준수
+- [ ] 로컬에서 정상 동작 확인
+- [ ] 관련 테스트 추가/수정 완료
+- [ ] 문서화 필요 시 업데이트 완료
+
+## 📸 스크린샷 (선택)
+- UI 변경이 있는 경우 첨부해주세요.
+
+## 📢 기타 참고 사항
+- 리뷰어가 알아야 할 추가 사항을 적어주세요.

.github/workflows/deploy-helm.yml

@@ -0,0 +1,92 @@
+name: Auth-Service Image Build
+
+env:
+    SERVICE_NAME: auth-service
+    BUILD_ID: ${{ github.sha }}-${{ github.run_id }}
+    HELM_VALUE: auth-service/values.yaml
+    HELM_BRANCH: main
+    INFRA_REPO: ${{ secrets.INFRA_REPO }}
+
+on:
+  push:
+    branches: [ "main" ]
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v3
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      # Gradle 빌드
+      - name: Build with Gradle
+        run: ./gradlew clean build -x test
+
+      # Docker 로그인
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PAT }}
+
+      # 태그명 변수화 + 짧게 만들기
+      - name: Set Image Version Tag
+        id: vars
+        run: echo "sha_short=$(git rev-parse --short HEAD)" >> $GITHUB_OUTPUT
+
+      # Docker Image 빌드 및 푸시
+      - name: Build and push image to Docker Hub
+        env:
+          IMAGE_TAG: docker.io/${{ secrets.DOCKER_USERNAME }}/${{ env.SERVICE_NAME }}:${{ env.BUILD_ID }}
+        run: |
+          docker build -f ./Dockerfile -t "$IMAGE_TAG" .
+          docker push "$IMAGE_TAG"
+
+      # ArgoCD가 참조하는 Repository로 checkout
+      - name: Checkout Helm Repository
+        uses: actions/checkout@v4
+        with:
+          repository: ${{ env.INFRA_REPO }}
+          path: helm-chart
+          ref: ${{ env.HELM_BRANCH }}
+          token: ${{ secrets.GH_PAT }}
+
+      - name: Change Image tag of the Helm Chart
+        uses: mikefarah/yq@v4.34.1
+        with:
+          cmd: yq -i '.image.tag = "${{ env.BUILD_ID }}"' helm-chart/${{ env.HELM_VALUE }}
+
+      - name: Commit and Push Helm Chart Changes
+        run: |
+          cd helm-chart
+          git config --local user.email "githubaction@gmail.com"
+          git config --local user.name "githubaction"
+          git add ${{ env.HELM_VALUE }}
+          git commit -m "Update ${SERVICE_NAME} image tag to ${{ env.BUILD_ID }}" || echo "No changes to commit"
+          
+          # Push with retry logic
+          attempts=0
+          max_attempts=3
+          
+          while [ $attempts -lt $max_attempts ]; do
+            if git push origin ${{ env.HELM_BRANCH }}; then
+              echo "Push successful!"
+              break
+            else
+              echo "Push failed. Attempting rebase with remote branch."
+              git pull --rebase origin ${{ env.HELM_BRANCH }}
+              attempts=$((attempts+1))
+              if [ $attempts -eq $max_attempts ]; then
+                echo "Push failed after $max_attempts attempts"
+                exit 1
+              fi
+              echo "Retrying push..."
+            fi
+          done

.gitignore

@@ -0,0 +1,37 @@
+HELP.md
+.gradle
+build/
+!gradle/wrapper/gradle-wrapper.jar
+!**/src/main/**/build/
+!**/src/test/**/build/
+
+### STS ###
+.apt_generated
+.classpath
+.factorypath
+.project
+.settings
+.springBeans
+.sts4-cache
+bin/
+!**/src/main/**/bin/
+!**/src/test/**/bin/
+
+### IntelliJ IDEA ###
+.idea
+*.iws
+*.iml
+*.ipr
+out/
+!**/src/main/**/out/
+!**/src/test/**/out/
+
+### NetBeans ###
+/nbproject/private/
+/nbbuild/
+/dist/
+/nbdist/
+/.nb-gradle/
+
+### VS Code ###
+.vscode/

Dockerfile

@@ -0,0 +1,47 @@
+# Multi-stage build for optimization
+FROM gradle:8.4-jdk17 AS builder
+
+WORKDIR /app
+COPY build.gradle settings.gradle ./
+COPY gradle/ gradle/
+RUN gradle dependencies --no-daemon
+
+COPY src/ src/
+RUN gradle build --no-daemon -x test
+
+# Runtime stage
+FROM eclipse-temurin:17-jre-jammy
+
+# Create non-root user for security
+RUN groupadd -r appuser && useradd -r -g appuser appuser
+
+# Install necessary packages
+RUN apt-get update && apt-get install -y \
+    curl \
+    && rm -rf /var/lib/apt/lists/*
+
+# Set working directory
+WORKDIR /app
+
+# Copy jar file from builder stage
+COPY --from=builder /app/build/libs/auth-service-0.0.1-SNAPSHOT.jar app.jar
+
+# Change ownership to non-root user
+RUN chown -R appuser:appuser /app
+USER appuser
+
+# Health check
+HEALTHCHECK --interval=30s --timeout=3s --start-period=5s --retries=3 \
+    CMD curl -f http://localhost:8080/actuator/health || exit 1
+
+# Expose port
+EXPOSE 8080
+
+# JVM optimization for containers
+ENTRYPOINT ["java", \
+    "-XX:+UseContainerSupport", \
+    "-XX:MaxRAMPercentage=75.0", \
+    "-XX:+UseG1GC", \
+    "-XX:+UseStringDeduplication", \
+    "-Djava.security.egd=file:/dev/./urandom", \
+    "-jar", "app.jar"]

build.gradle

@@ -0,0 +1,61 @@
+plugins {
+    id 'java'
+    id 'org.springframework.boot' version '3.5.6'
+    id 'io.spring.dependency-management' version '1.1.7'
+}
+
+group = 'com.project'
+version = '0.0.1-SNAPSHOT'
+description = 'auth-service'
+
+java {
+    toolchain { languageVersion = JavaLanguageVersion.of(17) }
+}
+
+repositories { mavenCentral() }
+
+configurations {
+    compileOnly {
+        extendsFrom annotationProcessor
+    }
+}
+
+dependencies {
+    // Spring
+    developmentOnly 'org.springframework.boot:spring-boot-devtools'
+    implementation 'org.springframework.boot:spring-boot-starter-web'
+    implementation 'org.springframework.boot:spring-boot-starter-security'
+    implementation 'org.springframework.boot:spring-boot-starter-validation'
+    implementation 'org.springframework.boot:spring-boot-starter-actuator'
+    implementation 'io.micrometer:micrometer-registry-prometheus'
+
+    // Apache HttpClient5
+    implementation 'org.apache.httpcomponents.client5:httpclient5:5.3.1'
+
+    // Kafka
+    implementation "org.springframework.kafka:spring-kafka"
+
+    // Lombok
+    compileOnly 'org.projectlombok:lombok'
+    annotationProcessor 'org.projectlombok:lombok'
+
+    // Redis / Cache
+    implementation 'org.springframework.boot:spring-boot-starter-data-redis'
+    implementation 'org.springframework.boot:spring-boot-starter-cache'
+
+    // JWT
+    implementation 'io.jsonwebtoken:jjwt-api:0.11.2'
+    implementation 'jakarta.xml.bind:jakarta.xml.bind-api:4.0.0'
+    implementation 'org.glassfish.jaxb:jaxb-runtime:4.0.0'
+    runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.2'
+    runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.11.2'
+
+    // Swagger
+    implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.6.0'
+
+    testImplementation 'org.springframework.boot:spring-boot-starter-test'
+    testImplementation 'org.springframework.security:spring-security-test'
+    testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
+}
+
+tasks.named('test') { useJUnitPlatform() }

gradle/wrapper/gradle-wrapper.jar

@@ -0,0 +1,7 @@
+distributionBase=GRADLE_USER_HOME
+distributionPath=wrapper/dists
+distributionUrl=https\://services.gradle.org/distributions/gradle-8.14.3-bin.zip
+networkTimeout=10000
+validateDistributionUrl=true
+zipStoreBase=GRADLE_USER_HOME
+zipStorePath=wrapper/dists