[INIT] 배포 서버 환경 설정

.github/workflows/CI.yml

@@ -6,7 +6,7 @@ on:
 
 jobs:
   build:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
 
     steps:
       - name: checkout

.github/workflows/DOCKER-CD.yml

@@ -5,11 +5,10 @@ on:
 
 jobs:
   ci:
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     env:
       working-directory: .
 
-
     steps:
       - name: 체크아웃
         uses: actions/checkout@v3
@@ -37,22 +36,22 @@ jobs:
         shell: bash
 
 
-      - name: docker 로그인
+      - name: docker build 환경 설정
         uses: docker/[email protected]
 
-      - name: login docker hub
+      - name: docker hub 로그인
         uses: docker/[email protected]
         with:
           username: ${{ secrets.DOCKER_LOGIN_USERNAME }}
           password: ${{ secrets.DOCKER_LOGIN_ACCESSTOKEN }}
 
       - name: docker image 빌드 및 푸시
-        run: |
-          docker build --platform linux/amd64 -t hellotiki/dev .
-          docker push hellotiki/dev
-        working-directory: ${{ env.working-directory }}
-
-
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: ./Dockerfile-Dev
+          push: true
+          tags: ${{ secrets.DOCKER_LOGIN_USERNAME }}/dev
 
   cd:
     needs: ci

.github/workflows/PROD-CD.yml

@@ -0,0 +1,68 @@
+name: PROD-CD
+on:
+  push:
+    branches: [ "main" ]
+
+jobs:
+  ci:
+    runs-on: ubuntu-22.04
+    env:
+      working-directory: .
+
+    steps:
+      - name: 체크아웃
+        uses: actions/checkout@v3
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'corretto'
+          java-version: '17'
+
+      - name: application-secret.yml 생성
+        run: |
+          cd ./src/main/resources
+          touch ./application-secret.yml
+          echo "${{ secrets.CD_APPLICATION_SECRET}}" > ./application-secret.yml
+          cat ./application-secret.yml
+          cat ./application-dev.yml
+        working-directory: ${{ env.working-directory }}
+
+      - name: 빌드
+        run: |
+          chmod +x gradlew
+          ./gradlew build -x test
+        working-directory: ${{ env.working-directory }}
+        shell: bash
+
+      - name: docker build 환경 설정
+        uses: docker/[email protected]
+
+      - name: docker hub 로그인
+        uses: docker/[email protected]
+        with:
+          username: ${{ secrets.DOCKER_LOGIN_USERNAME_PROD }}
+          password: ${{ secrets.DOCKER_LOGIN_ACCESSTOKEN_PROD }}
+
+      - name: docker image 빌드 및 푸시
+        uses: docker/build-push-action@v4
+        with:
+          context: .
+          file: ./Dockerfile-Prod
+          push: true
+          tags: ${{ secrets.DOCKER_LOGIN_USERNAME_PROD }}/prod
+
+  cd:
+    needs: ci
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: docker 컨테이너 실행
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.SERVER_IP_PROD }}
+          username: ${{ secrets.SERVER_USER_PROD }}
+          key: ${{ secrets.SERVER_KEY_PROD }}
+          script: |
+            cd ~
+            ./deploy.sh

.github/workflows/PROD-CI.yml

@@ -0,0 +1,40 @@
+name: PROD-CI
+
+on:
+  pull_request:
+    branches: [ "main" ]
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          distribution: 'corretto'
+          java-version: '17'
+
+      - name: create application-secret.yml
+        run: |
+          # create application-secret.yml
+          cd ./src/main/resources
+
+          # application-secret.yml 파일 생성
+          touch ./application-secret.yml
+
+          # GitHub-Actions 에서 설정한 값을 application-secret.yml 파일에 쓰기..git
+          echo "${{ secrets.CI_APPLICATION_SECRET }}" >> ./application-secret.yml
+
+          # application.yml 파일 확인
+          cat ./application-secret.yml
+        shell: bash
+
+      - name: build
+        run: |
+          chmod +x gradlew
+          ./gradlew build -x test
+        shell: bash

Dockerfile-Prod

@@ -0,0 +1,4 @@
+FROM amd64/amazoncorretto:17
+WORKDIR /app
+COPY ./build/libs/Tiki-server-0.0.1-SNAPSHOT.jar /app/Tiki.jar
+CMD ["java", "-Duser.timezone=Asia/Seoul" ,"-jar", "-Dspring.profiles.active=prod","Tiki.jar"]

src/main/java/com/tiki/server/auth/config/SecurityConfig.java

@@ -6,6 +6,7 @@
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Profile;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
@@ -33,30 +34,50 @@ public class SecurityConfig {
     private final ExceptionHandlerFilter exceptionHandlerFilter;
 
     @Bean
-    public SecurityFilterChain filterChain(final HttpSecurity http) throws Exception {
+    @Profile("local")
+    public SecurityFilterChain filterChainLocal(HttpSecurity http) throws Exception {
         permitSwaggerUri(http);
-        return http
-                .csrf(AbstractHttpConfigurer::disable)
-                .formLogin(AbstractHttpConfigurer::disable)
-                .httpBasic(AbstractHttpConfigurer::disable)
-                .sessionManagement(sessionManagementConfigurer ->
-                        sessionManagementConfigurer
-                                .sessionCreationPolicy(SessionCreationPolicy.STATELESS))
-                .exceptionHandling(exceptionHandlingConfigurer ->
-                        exceptionHandlingConfigurer
-                                .authenticationEntryPoint(customAuthenticationEntryPointHandler))
-                .authorizeHttpRequests(request ->
-                        request
-                                .requestMatchers(AUTH_WHITE_LIST).permitAll()
-                                .anyRequest()
-                                .authenticated())
-                .addFilterBefore(
-                        jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class
-                )
-                .addFilterBefore(
-                        exceptionHandlerFilter, JwtAuthenticationFilter.class
-                )
-                .build();
+        setHttp(http);
+        return http.build();
+    }
+
+    @Bean
+    @Profile("dev")
+    public SecurityFilterChain filterChainDev(HttpSecurity http) throws Exception {
+        permitSwaggerUri(http);
+        setHttp(http);
+        return http.build();
+    }
+
+    @Bean
+    @Profile("prod")
+    public SecurityFilterChain filterChainProd(HttpSecurity http) throws Exception {
+        setHttp(http);
+        return http.build();
+    }
+
+    private void setHttp(HttpSecurity http) throws Exception {
+        http
+            .csrf(AbstractHttpConfigurer::disable)
+            .formLogin(AbstractHttpConfigurer::disable)
+            .httpBasic(AbstractHttpConfigurer::disable)
+            .sessionManagement(sessionManagementConfigurer ->
+                sessionManagementConfigurer
+                    .sessionCreationPolicy(SessionCreationPolicy.STATELESS))
+            .exceptionHandling(exceptionHandlingConfigurer ->
+                exceptionHandlingConfigurer
+                    .authenticationEntryPoint(customAuthenticationEntryPointHandler))
+            .authorizeHttpRequests(request ->
+                request
+                    .requestMatchers(AUTH_WHITE_LIST).permitAll()
+                    .anyRequest()
+                    .authenticated())
+            .addFilterBefore(
+                jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class
+            )
+            .addFilterBefore(
+                exceptionHandlerFilter, JwtAuthenticationFilter.class
+            );
     }
 
     private void permitSwaggerUri(HttpSecurity http) throws Exception {

src/main/java/com/tiki/server/email/emailsender/config/EmailConfig.java

@@ -13,7 +13,7 @@
 @Configuration
 public class EmailConfig {
 
-    @Value("${MAIL.password}")
+    @Value("${spring.mail.password}")
     private String emailPassword;
 
     @Bean

src/main/resources/application-dev.yml

@@ -53,8 +53,8 @@ jwt:
     ${JWT.EXPIRE_REFRESH}
 
 aws-property:
-  access-key: ${AWS_PROPERTY.ACCESS_KEY}
-  secret-key: ${AWS_PROPERTY.SECRET_KEY}
-  bucket: ${AWS_PROPERTY.BUCKET}
+  access-key: ${AWS_PROPERTY.ACCESS_KEY.dev}
+  secret-key: ${AWS_PROPERTY.SECRET_KEY.dev}
+  bucket: ${AWS_PROPERTY.BUCKET.dev}
   aws-region: ap-northeast-2
-  s3-url: ${AWS_PROPERTY.S3_URL}
+  s3-url: ${AWS_PROPERTY.S3_URL.dev}

src/main/resources/application-prod.yml

@@ -0,0 +1,60 @@
+spring:
+  config:
+    import: application-secret.yml
+    activate:
+      on-profile: prod
+  datasource:
+    driver-class-name: org.postgresql.Driver
+    url: jdbc:postgresql://${DATABASE.ENDPOINT_URL.prod}:5432/postgres?currentSchema=${DATABASE.NAME.prod}
+    username: ${DATABASE.USERNAME.prod}
+    password: ${DATABASE.PASSWORD.prod}
+  jpa:
+    hibernate:
+      ddl-auto: none
+    properties:
+      hibernate:
+        format_sql: true
+        default_batch_fetch_size: 1000
+        auto_quote_keyword: true
+  data:
+    redis:
+      host: ${REDIS.host}
+      port: 6379
+  task:
+    scheduling:
+      pool:
+        size: 1
+  mail:
+    host: smtp.gmail.com
+    port: 587
+    username: ${MAIL.username}
+    password: ${MAIL.password}
+
+    properties:
+      mail:
+        smtp:
+          auth: true
+          starttls:
+            enable: true
+
+logging:
+  level:
+    org.hibernate.SQL: debug
+  slack:
+    webhook_url: ${SLACK.WEBHOOK_URL.prod}
+    config: classpath:logback-spring.xml
+
+jwt:
+  secret:
+    ${JWT.SECRET}
+  access-token-expire-time:
+    ${JWT.EXPIRE_ACCESS}
+  refresh-token-expire-time:
+    ${JWT.EXPIRE_REFRESH}
+
+aws-property:
+  access-key: ${AWS_PROPERTY.ACCESS_KEY.prod}
+  secret-key: ${AWS_PROPERTY.SECRET_KEY.prod}
+  bucket: ${AWS_PROPERTY.BUCKET.prod}
+  aws-region: ap-northeast-2
+  s3-url: ${AWS_PROPERTY.S3_URL.prod}