Merge pull request #152 from Team-Smeme/sohyeon_#151

[CHORE] dev, prod 서버 분리

.github/workflows/cd.yml → .github/workflows/cd-dev.yml

@@ -1,4 +1,4 @@
-name: deploy
+name: deploy-dev
 
 on:
   push:

.github/workflows/cd-prod.yml

@@ -0,0 +1,67 @@
+name: deploy-prod
+
+on:
+  push:
+    branches: [ main ]
+
+jobs:
+  build:
+    runs-on: ubuntu-20.04
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: 17
+          distribution: 'temurin'
+          cache: gradle
+
+      - name: create .env file
+        working-directory: ./
+        run: |
+          pwd
+          touch .env
+          echo "${{ secrets.ENV }}" >> .env
+          cat .env
+
+      - name: Create application.yml
+        run: |
+          pwd
+          touch src/main/resources/application.yml
+          echo "${{ secrets.APPLICATION_PROD_YML }}" >> src/main/resources/application.yml
+          cat src/main/resources/application.yml
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_PROD_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.AWS_PROD_SECRET_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: Create FireBase JSON file From AWS
+        run: |
+          aws s3 cp --region ap-northeast-2 s3://${{ secrets.AWS_PROD_BUCKET_NAME }}/json/smeem_fcm.json src/main/resources/smeem_fcm.json
+
+      - name: Grant execute permission for gradlew
+        run: chmod +x ./gradlew
+        shell: bash
+
+      - name: Build with Gradle
+        run: ./gradlew build
+        shell: bash
+
+      - name: Make zip file
+        run: zip -r ./$GITHUB_SHA.zip .
+        shell: bash
+
+      - name: Upload to S3
+        run: aws s3 cp --region ap-northeast-2 ./$GITHUB_SHA.zip s3://${{ secrets.AWS_PROD_BUCKET_NAME }}/deploy/$GITHUB_SHA.zip
+
+      - name: Code Deploy
+        run: aws deploy create-deployment --application-name smeem-codedeploy
+          --deployment-config-name CodeDeployDefault.AllAtOnce
+          --deployment-group-name prod-group
+          --s3-location bucket=${{ secrets.AWS_PROD_BUCKET_NAME }},bundleType=zip,key=deploy/$GITHUB_SHA.zip

.gitignore

@@ -36,7 +36,10 @@ out/
 ### VS Code ###
 .vscode/
 
-*.yml
+application.properties
+application-dev.yml
+application-prod.yml
+application-oauth2.yml
 *.properties
 .env
 smeem_fcm.json

scripts/run_new_was.sh

@@ -20,6 +20,16 @@ if [ ! -z ${TARGET_PID} ]; then
   sudo kill ${TARGET_PID}
 fi
 
-nohup java -jar -Dserver.port=${TARGET_PORT} -Dspring.profiles.active=dev /home/ubuntu/smeme/build/libs/server-0.0.1-SNAPSHOT.jar > /dev/null 2> /dev/null < /dev/null &
-echo "> Now new WAS runs at ${TARGET_PORT}."
+if [ "$DEPLOYMENT_GROUP_NAME" == "prod-group" ]
+then
+   nohup java -jar -Dserver.port=${TARGET_PORT} -Dspring.profiles.active=prod /home/ubuntu/smeme/build/libs/server-0.0.1-SNAPSHOT.jar > /dev/null 2> /dev/null < /dev/null &
+   echo "> Now new WAS runs at ${TARGET_PORT}."
+fi
+
+if [ "$DEPLOYMENT_GROUP_NAME" == "smeme-group" ]
+then
+   nohup java -jar -Dserver.port=${TARGET_PORT} -Dspring.profiles.active=dev /home/ubuntu/smeme/build/libs/server-0.0.1-SNAPSHOT.jar > /dev/null 2> /dev/null < /dev/null &
+   echo "> Now new WAS runs at ${TARGET_PORT}."
+fi
+
 exit 0

src/main/java/com/smeme/server/config/SecurityConfig.java

@@ -21,7 +21,7 @@ public class SecurityConfig {
     private final JwtAuthenticationFilter jwtAuthenticationFilter;
     private final CustomJwtAuthenticationEntryPoint customJwtAuthenticationEntryPoint;
 
-    private static final String[] AUTH_WHITELIST = {
+    private static final String[] AUTH_WHITELIST_DEV = {
             "/api/v2/auth",
             "/api/v2/test",
             "/api/beta/token",
@@ -38,8 +38,19 @@ public class SecurityConfig {
             "/api/v2/goals/{type}"
     };
 
+    private static final String[] AUTH_WHITELIST_PROD = {
+            "/api/v2/auth",
+            "/api/v2/test",
+            "/api/beta/token",
+            "/error",
+            "/favicon.ico",
+            "/api/v2/members/nickname/check",
+            "/api/v2/goals",
+            "/api/v2/goals/{type}"
+    };
+
     @Bean
-    @Profile("!prod")
+    @Profile("dev")
     public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
         return http
                 .csrf().disable()
@@ -51,7 +62,27 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
                 .authenticationEntryPoint(customJwtAuthenticationEntryPoint)
                 .and()
                 .authorizeHttpRequests()
-                .requestMatchers(AUTH_WHITELIST).permitAll()
+                .requestMatchers(AUTH_WHITELIST_DEV).permitAll()
+                .anyRequest().authenticated()
+                .and()
+                .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)
+                .build();
+    }
+
+    @Bean
+    @Profile("prod")
+    public SecurityFilterChain filterChainProd(HttpSecurity http) throws Exception {
+        return http
+                .csrf().disable()
+                .formLogin().disable()
+                .sessionManagement()
+                .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and()
+                .exceptionHandling()
+                .authenticationEntryPoint(customJwtAuthenticationEntryPoint)
+                .and()
+                .authorizeHttpRequests()
+                .requestMatchers(AUTH_WHITELIST_PROD).permitAll()
                 .anyRequest().authenticated()
                 .and()
                 .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)