Merge pull request #30 from ClothingStoreService/chore/dev-aws-CI/CD

chore: dev-aws-CI-CD.yml

.github/workflows/dev-aws-CI-CD.yml

@@ -0,0 +1,159 @@
+name: dev - CI/CD to Amazon ECS
+
+on:
+  push:
+    branches: [ "develop" ]
+  pull_request:
+    branches: [ "develop" ]
+
+permissions:
+  contents: read
+  checks: write
+  issues: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    environment: dev
+    if: github.event_name == 'push' || github.event_name == 'pull_request'
+    env:
+      jasypt.encryptor.password: ${{ secrets.JASYPT_ENCRYPTOR_PASSWORD }}
+      DOCKER_REPOSITORY: ${{ secrets.DOCKER_REPOSITORY }}
+      DOCKER_REPOSITORY_NGINX: ${{ secrets.DOCKER_REPOSITORY_NGINX }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: Gradle Caching
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.gradle/caches
+            ~/.gradle/wrapper
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
+          restore-keys: |
+            ${{ runner.os }}-gradle-
+
+      - name: Grant Execute Permission For Gradlew
+        run: chmod +x gradlew
+
+      - name: Set up Environment Variables
+        run: |
+          echo "JASYPT_ENCRYPTOR_PASSWORD=${{ secrets.JASYPT_ENCRYPTOR_PASSWORD }}" >> $GITHUB_ENV
+          echo "DOCKER_REPOSITORY=${{ secrets.DOCKER_REPOSITORY }}" >> $GITHUB_ENV
+          echo "DOCKER_REPOSITORY_NGINX=${{ secrets.DOCKER_REPOSITORY_NGINX }}" >> $GITHUB_ENV
+
+      - name: Build With Gradle
+        run: ./gradlew build -x test --warning-mode all
+
+      ## Build and test
+      - name: 테스트 코드 실행
+        run: ./gradlew --info test
+
+      - name: Publish Unit Test Results
+        uses: EnricoMi/publish-unit-test-result-action@v1
+        if: ${{ always() }}
+        with:
+          files: build/test-results/**/*.xml
+
+      - name: Publish Test Report
+        uses: mikepenz/action-junit-report@v3
+        if: success() || failure()
+        with:
+          report_paths: '**/build/test-results/test/TEST-*.xml'
+
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-latest
+    environment: dev
+    if: github.event_name == 'push'
+    needs: build
+    env:
+      JASYPT_ENCRYPTOR_PASSWORD: ${{ secrets.JASYPT_ENCRYPTOR_PASSWORD }}
+      DOCKER_REPOSITORY: ${{ secrets.DOCKER_REPOSITORY }}
+      DOCKER_REPOSITORY_NGINX: ${{ secrets.DOCKER_REPOSITORY_NGINX }}
+    steps:
+      - name: Send docker-compose.yml
+        uses: appleboy/scp-action@master
+        with:
+          username: ubuntu
+          host: ${{ secrets.AWS_DEV_HOSTNAME }}
+          key: ${{ secrets.AWS_DEV_PRIVATE_KEY }}
+          source: "./docker-compose.yml"
+          target: "/home/ubuntu/"
+
+      - name: Send nginx.conf
+        uses: appleboy/scp-action@master
+        with:
+          username: ubuntu
+          host: ${{ secrets.AWS_DEV_HOSTNAME }}
+          key: ${{ secrets.AWS_DEV_PRIVATE_KEY }}
+          source: "./nginx/nginx.conf"
+          target: "/home/ubuntu/"
+
+      ## Docker login
+      - name: Docker Login
+        run: |
+          docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
+
+      ## Nginx 도커 이미지 빌드 후 도커허브에 push하기
+      - name: Docker build & Push for Nginx
+        run: |
+          docker build -f dockerfile-nginx -t ${{ secrets.DOCKER_REPOSITORY_NGINX }} .
+          docker push ${{ secrets.DOCKER_REPOSITORY_NGINX }}
+
+      ## Spring Boot 도커 이미지 빌드 후 도커허브에 push하기
+      - name: Docker build & Push for Spring Boot
+        run: |
+          docker build -t ${{ secrets.DOCKER_REPOSITORY }} .
+          docker push ${{ secrets.DOCKER_REPOSITORY }}
+
+      # SSH로 서버에 연결
+      - name: Connect to Server
+        uses: appleboy/ssh-action@master
+        with:
+          username: ubuntu
+          host: ${{ secrets.AWS_DEV_HOSTNAME }}
+          key: ${{ secrets.AWS_DEV_PRIVATE_KEY }}
+          script: | # SSH 연결 후 실행할 명령어들
+            docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
+            export DOCKER_REPOSITORY=${{ secrets.DOCKER_REPOSITORY }}
+            export DOCKER_REPOSITORY_NGINX=${{ secrets.DOCKER_REPOSITORY_NGINX }}
+            export JASYPT_ENCRYPTOR_PASSWORD=${{ secrets.JASYPT_ENCRYPTOR_PASSWORD }}
+            # Pull 최신 이미지
+            docker-compose -f /home/ubuntu/docker-compose.yml pull
+            # 새 컨테이너 실행
+            docker-compose -f /home/ubuntu/docker-compose.yml up -d --build
+
+  discord-notify:
+    name: Discord Notify
+    runs-on: ubuntu-latest
+    environment: dev
+    needs: [ build, deploy ]
+    if: always()
+    env:
+      jasypt.encryptor.password: ${{ secrets.JASYPT_ENCRYPTOR_PASSWORD }}
+    steps:
+      - name: Send Discord Notification
+        uses: sarisia/actions-status-discord@v1
+        with:
+          webhook: ${{ secrets.DISCORD_WEBHOOK_URL }}
+          status: ${{ job.status }}
+          title: "CI/CD Pipeline Status"
+          description: |
+            ${{ format(
+              'The CI/CD pipeline has completed.\n- **Build Job Status**: {0}\n- **Deploy Job Status**: {1}\n- **Branch**: {2}\n- **Commit**: {3}\n- **Author**: {4}',
+              needs.build.result,
+              needs.deploy.result,
+              github.ref,
+              github.sha,
+              github.actor
+            ) }}
+          url: "https://github.com/sarisia/actions-status-discord"
+          username: GitHub Actions Bot

Dockerfile

@@ -4,4 +4,4 @@ ARG JAR_FILE=/build/libs/clothstar-0.0.1-SNAPSHOT.jar
 
 COPY ${JAR_FILE} app.jar
 
-ENTRYPOINT ["java","-jar","/app.jar"]
+ENTRYPOINT ["java","-Dspring.profiles.active=dev","-jar","/app.jar"]

Dockerfile-nginx

@@ -0,0 +1,2 @@
+FROM nginx
+COPY ./nginx/conf.d/nginx.conf /etc/nginx/conf.d

docker-compose.yml

@@ -0,0 +1,26 @@
+version: '3'
+
+services:
+
+  application:
+    container_name: clothstar-springboot-dev
+    image: ${DOCKER_REPOSITORY}:latest
+    environment:
+      - JASYPT_ENCRYPTOR_PASSWORD=${JASYPT_ENCRYPTOR_PASSWORD}
+    build:
+      context: ./
+      dockerfile: Dockerfile
+    ports:
+      - "8080:8080"
+    restart: on-failure
+    networks:
+      - preon_net
+
+
+#  nginx:
+#    container_name: nginx
+#    image: ${DOCKER_REPOSITORY_NGINX}:latest
+#    ports:
+#      - 80:80
+#    depends_on:
+#      - application

nginx/conf.d/nginx.conf

@@ -0,0 +1,13 @@
+server {
+    listen 80;
+    server_name *.compute.amazonaws.com
+    access_log off;
+
+    location / {
+        proxy_pass http://clothstar:8080;
+        proxy_set_header Host $host:$server_port;
+        proxy_set_header X-Forwarded-Host $server_name;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+    }
+}

src/main/kotlin/org/store/clothstar/common/config/JasyptConfig.kt

@@ -3,14 +3,19 @@ package org.store.clothstar.common.config
 import org.jasypt.encryption.StringEncryptor
 import org.jasypt.encryption.pbe.PooledPBEStringEncryptor
 import org.jasypt.encryption.pbe.config.SimpleStringPBEConfig
+import org.springframework.beans.factory.annotation.Value
 import org.springframework.context.annotation.Bean
 import org.springframework.context.annotation.Configuration
 
 @Configuration
 class JasyptConfig {
+
+    @Value("\${jasypt.encryptor.password}")  // 환경 변수 또는 application.yml에서 가져오기
+    private lateinit var key: String
+
     @Bean("jasyptStringEncryptor")
     fun stringEncryptor(): StringEncryptor {
-        val key = "my_jasypt_key"
+
         val encryptor = PooledPBEStringEncryptor()
         val config = SimpleStringPBEConfig()
 

src/main/resources/application.yml

@@ -1,6 +1,7 @@
 jasypt:
   encryptor:
     bean: jasyptStringEncryptor
+    password: ${ JASYPT_ENCRYPTOR_PASSWORD}
 
 spring:
   profiles: