diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml index 04260651..c1a02871 100644 --- a/.github/workflows/CI.yml +++ b/.github/workflows/CI.yml @@ -6,7 +6,7 @@ on: jobs: build: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - name: checkout diff --git a/.github/workflows/DOCKER-CD.yml b/.github/workflows/DOCKER-CD.yml index de10bbb4..9678e1f5 100644 --- a/.github/workflows/DOCKER-CD.yml +++ b/.github/workflows/DOCKER-CD.yml @@ -5,11 +5,10 @@ on: jobs: ci: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 env: working-directory: . - steps: - name: 체크아웃 uses: actions/checkout@v3 @@ -37,22 +36,22 @@ jobs: shell: bash - - name: docker 로그인 + - name: docker build 환경 설정 uses: docker/setup-buildx-action@v2.9.1 - - name: login docker hub + - name: docker hub 로그인 uses: docker/login-action@v2.2.0 with: username: ${{ secrets.DOCKER_LOGIN_USERNAME }} password: ${{ secrets.DOCKER_LOGIN_ACCESSTOKEN }} - name: docker image 빌드 및 푸시 - run: | - docker build --platform linux/amd64 -t hellotiki/dev . - docker push hellotiki/dev - working-directory: ${{ env.working-directory }} - - + uses: docker/build-push-action@v4 + with: + context: . + file: ./Dockerfile-Dev + push: true + tags: ${{ secrets.DOCKER_LOGIN_USERNAME }}/dev cd: needs: ci diff --git a/.github/workflows/PROD-CD.yml b/.github/workflows/PROD-CD.yml new file mode 100644 index 00000000..7db63e9c --- /dev/null +++ b/.github/workflows/PROD-CD.yml @@ -0,0 +1,68 @@ +name: PROD-CD +on: + push: + branches: [ "main" ] + +jobs: + ci: + runs-on: ubuntu-22.04 + env: + working-directory: . + + steps: + - name: 체크아웃 + uses: actions/checkout@v3 + + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + distribution: 'corretto' + java-version: '17' + + - name: application-secret.yml 생성 + run: | + cd ./src/main/resources + touch ./application-secret.yml + echo "${{ secrets.CD_APPLICATION_SECRET}}" > ./application-secret.yml + cat ./application-secret.yml + cat ./application-dev.yml + working-directory: ${{ env.working-directory }} + + - name: 빌드 + run: | + chmod +x gradlew + ./gradlew build -x test + working-directory: ${{ env.working-directory }} + shell: bash + + - name: docker build 환경 설정 + uses: docker/setup-buildx-action@v2.9.1 + + - name: docker hub 로그인 + uses: docker/login-action@v2.2.0 + with: + username: ${{ secrets.DOCKER_LOGIN_USERNAME_PROD }} + password: ${{ secrets.DOCKER_LOGIN_ACCESSTOKEN_PROD }} + + - name: docker image 빌드 및 푸시 + uses: docker/build-push-action@v4 + with: + context: . + file: ./Dockerfile-Prod + push: true + tags: ${{ secrets.DOCKER_LOGIN_USERNAME_PROD }}/prod + + cd: + needs: ci + runs-on: ubuntu-22.04 + + steps: + - name: docker 컨테이너 실행 + uses: appleboy/ssh-action@master + with: + host: ${{ secrets.SERVER_IP_PROD }} + username: ${{ secrets.SERVER_USER_PROD }} + key: ${{ secrets.SERVER_KEY_PROD }} + script: | + cd ~ + ./deploy.sh diff --git a/.github/workflows/PROD-CI.yml b/.github/workflows/PROD-CI.yml new file mode 100644 index 00000000..63a44225 --- /dev/null +++ b/.github/workflows/PROD-CI.yml @@ -0,0 +1,40 @@ +name: PROD-CI + +on: + pull_request: + branches: [ "main" ] + +jobs: + build: + runs-on: ubuntu-22.04 + + steps: + - name: checkout + uses: actions/checkout@v3 + + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + distribution: 'corretto' + java-version: '17' + + - name: create application-secret.yml + run: | + # create application-secret.yml + cd ./src/main/resources + + # application-secret.yml 파일 생성 + touch ./application-secret.yml + + # GitHub-Actions 에서 설정한 값을 application-secret.yml 파일에 쓰기..git + echo "${{ secrets.CI_APPLICATION_SECRET }}" >> ./application-secret.yml + + # application.yml 파일 확인 + cat ./application-secret.yml + shell: bash + + - name: build + run: | + chmod +x gradlew + ./gradlew build -x test + shell: bash diff --git a/Dockerfile b/Dockerfile-Dev similarity index 100% rename from Dockerfile rename to Dockerfile-Dev diff --git a/Dockerfile-Prod b/Dockerfile-Prod new file mode 100644 index 00000000..72de4f07 --- /dev/null +++ b/Dockerfile-Prod @@ -0,0 +1,4 @@ +FROM amd64/amazoncorretto:17 +WORKDIR /app +COPY ./build/libs/Tiki-server-0.0.1-SNAPSHOT.jar /app/Tiki.jar +CMD ["java", "-Duser.timezone=Asia/Seoul" ,"-jar", "-Dspring.profiles.active=prod","Tiki.jar"] \ No newline at end of file diff --git a/src/main/java/com/tiki/server/auth/config/SecurityConfig.java b/src/main/java/com/tiki/server/auth/config/SecurityConfig.java index b2e6e7e1..c858e05a 100644 --- a/src/main/java/com/tiki/server/auth/config/SecurityConfig.java +++ b/src/main/java/com/tiki/server/auth/config/SecurityConfig.java @@ -6,6 +6,7 @@ import lombok.RequiredArgsConstructor; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Profile; import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; @@ -33,30 +34,50 @@ public class SecurityConfig { private final ExceptionHandlerFilter exceptionHandlerFilter; @Bean - public SecurityFilterChain filterChain(final HttpSecurity http) throws Exception { + @Profile("local") + public SecurityFilterChain filterChainLocal(HttpSecurity http) throws Exception { permitSwaggerUri(http); - return http - .csrf(AbstractHttpConfigurer::disable) - .formLogin(AbstractHttpConfigurer::disable) - .httpBasic(AbstractHttpConfigurer::disable) - .sessionManagement(sessionManagementConfigurer -> - sessionManagementConfigurer - .sessionCreationPolicy(SessionCreationPolicy.STATELESS)) - .exceptionHandling(exceptionHandlingConfigurer -> - exceptionHandlingConfigurer - .authenticationEntryPoint(customAuthenticationEntryPointHandler)) - .authorizeHttpRequests(request -> - request - .requestMatchers(AUTH_WHITE_LIST).permitAll() - .anyRequest() - .authenticated()) - .addFilterBefore( - jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class - ) - .addFilterBefore( - exceptionHandlerFilter, JwtAuthenticationFilter.class - ) - .build(); + setHttp(http); + return http.build(); + } + + @Bean + @Profile("dev") + public SecurityFilterChain filterChainDev(HttpSecurity http) throws Exception { + permitSwaggerUri(http); + setHttp(http); + return http.build(); + } + + @Bean + @Profile("prod") + public SecurityFilterChain filterChainProd(HttpSecurity http) throws Exception { + setHttp(http); + return http.build(); + } + + private void setHttp(HttpSecurity http) throws Exception { + http + .csrf(AbstractHttpConfigurer::disable) + .formLogin(AbstractHttpConfigurer::disable) + .httpBasic(AbstractHttpConfigurer::disable) + .sessionManagement(sessionManagementConfigurer -> + sessionManagementConfigurer + .sessionCreationPolicy(SessionCreationPolicy.STATELESS)) + .exceptionHandling(exceptionHandlingConfigurer -> + exceptionHandlingConfigurer + .authenticationEntryPoint(customAuthenticationEntryPointHandler)) + .authorizeHttpRequests(request -> + request + .requestMatchers(AUTH_WHITE_LIST).permitAll() + .anyRequest() + .authenticated()) + .addFilterBefore( + jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class + ) + .addFilterBefore( + exceptionHandlerFilter, JwtAuthenticationFilter.class + ); } private void permitSwaggerUri(HttpSecurity http) throws Exception { diff --git a/src/main/java/com/tiki/server/common/config/CorsConfig.java b/src/main/java/com/tiki/server/common/config/CorsConfig.java index ec6dfb96..4a544436 100644 --- a/src/main/java/com/tiki/server/common/config/CorsConfig.java +++ b/src/main/java/com/tiki/server/common/config/CorsConfig.java @@ -30,6 +30,7 @@ private CorsConfiguration setCorsConfiguration() { config.addAllowedOrigin(("https://ti-kii.com")); config.addAllowedOrigin("http://localhost:5173"); config.addAllowedOrigin("https://www.tiki-sopt.p-e.kr"); + config.addAllowedOrigin("https://tiki-client.vercel.app"); config.addAllowedHeader("*"); config.setAllowedMethods(List.of("HEAD", "GET", "POST", "PUT", "DELETE", "PATCH", "OPTIONS")); return config; diff --git a/src/main/java/com/tiki/server/email/emailsender/config/EmailConfig.java b/src/main/java/com/tiki/server/email/emailsender/config/EmailConfig.java index b2664c43..398620c0 100644 --- a/src/main/java/com/tiki/server/email/emailsender/config/EmailConfig.java +++ b/src/main/java/com/tiki/server/email/emailsender/config/EmailConfig.java @@ -13,7 +13,7 @@ @Configuration public class EmailConfig { - @Value("${MAIL.password}") + @Value("${spring.mail.password}") private String emailPassword; @Bean diff --git a/src/main/resources/application-dev.yml b/src/main/resources/application-dev.yml index f9a61bbb..73524f90 100644 --- a/src/main/resources/application-dev.yml +++ b/src/main/resources/application-dev.yml @@ -53,8 +53,8 @@ jwt: ${JWT.EXPIRE_REFRESH} aws-property: - access-key: ${AWS_PROPERTY.ACCESS_KEY} - secret-key: ${AWS_PROPERTY.SECRET_KEY} - bucket: ${AWS_PROPERTY.BUCKET} + access-key: ${AWS_PROPERTY.ACCESS_KEY.dev} + secret-key: ${AWS_PROPERTY.SECRET_KEY.dev} + bucket: ${AWS_PROPERTY.BUCKET.dev} aws-region: ap-northeast-2 - s3-url: ${AWS_PROPERTY.S3_URL} + s3-url: ${AWS_PROPERTY.S3_URL.dev} diff --git a/src/main/resources/application-prod.yml b/src/main/resources/application-prod.yml new file mode 100644 index 00000000..589e2b89 --- /dev/null +++ b/src/main/resources/application-prod.yml @@ -0,0 +1,60 @@ +spring: + config: + import: application-secret.yml + activate: + on-profile: prod + datasource: + driver-class-name: org.postgresql.Driver + url: jdbc:postgresql://${DATABASE.ENDPOINT_URL.prod}:5432/postgres?currentSchema=${DATABASE.NAME.prod} + username: ${DATABASE.USERNAME.prod} + password: ${DATABASE.PASSWORD.prod} + jpa: + hibernate: + ddl-auto: none + properties: + hibernate: + format_sql: true + default_batch_fetch_size: 1000 + auto_quote_keyword: true + data: + redis: + host: ${REDIS.host} + port: 6379 + task: + scheduling: + pool: + size: 1 + mail: + host: smtp.gmail.com + port: 587 + username: ${MAIL.username} + password: ${MAIL.password} + + properties: + mail: + smtp: + auth: true + starttls: + enable: true + +logging: + level: + org.hibernate.SQL: debug + slack: + webhook_url: ${SLACK.WEBHOOK_URL.prod} + config: classpath:logback-spring.xml + +jwt: + secret: + ${JWT.SECRET} + access-token-expire-time: + ${JWT.EXPIRE_ACCESS} + refresh-token-expire-time: + ${JWT.EXPIRE_REFRESH} + +aws-property: + access-key: ${AWS_PROPERTY.ACCESS_KEY.prod} + secret-key: ${AWS_PROPERTY.SECRET_KEY.prod} + bucket: ${AWS_PROPERTY.BUCKET.prod} + aws-region: ap-northeast-2 + s3-url: ${AWS_PROPERTY.S3_URL.prod}