From 2b3f1c906f9ea10dc63edb371577eae8de763960 Mon Sep 17 00:00:00 2001 From: thguss Date: Tue, 5 Sep 2023 23:31:19 +0900 Subject: [PATCH 1/6] =?UTF-8?q?[ADD]=20cd-prod=20=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/cd.yml | 67 ---------------------------------------- 1 file changed, 67 deletions(-) delete mode 100644 .github/workflows/cd.yml diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml deleted file mode 100644 index 803db42c..00000000 --- a/.github/workflows/cd.yml +++ /dev/null @@ -1,67 +0,0 @@ -name: deploy - -on: - push: - branches: [ develop ] - -jobs: - build: - runs-on: ubuntu-20.04 - - steps: - - name: Checkout - uses: actions/checkout@v3 - - - name: Set up JDK 17 - uses: actions/setup-java@v3 - with: - java-version: 17 - distribution: 'temurin' - cache: gradle - - - name: create .env file - working-directory: ./ - run: | - pwd - touch .env - echo "${{ secrets.ENV }}" >> .env - cat .env - - - name: Create application.yml - run: | - pwd - touch src/main/resources/application.yml - echo "${{ secrets.APPLICATION_YML }}" >> src/main/resources/application.yml - cat src/main/resources/application.yml - - - name: Configure AWS credentials - uses: aws-actions/configure-aws-credentials@v1 - with: - aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} - aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} - aws-region: ${{ secrets.AWS_REGION }} - - - name: Create FireBase JSON file From AWS - run: | - aws s3 cp --region ap-northeast-2 s3://${{ secrets.AWS_BUCKET_NAME }}/json/smeem_fcm.json src/main/resources/smeem_fcm.json - - - name: Grant execute permission for gradlew - run: chmod +x ./gradlew - shell: bash - - - name: Build with Gradle - run: ./gradlew build - shell: bash - - - name: Make zip file - run: zip -r ./$GITHUB_SHA.zip . - shell: bash - - - name: Upload to S3 - run: aws s3 cp --region ap-northeast-2 ./$GITHUB_SHA.zip s3://${{ secrets.AWS_BUCKET_NAME }}/deploy/$GITHUB_SHA.zip - - - name: Code Deploy - run: aws deploy create-deployment --application-name smeme-codedeploy - --deployment-config-name CodeDeployDefault.AllAtOnce - --deployment-group-name smeme-group - --s3-location bucket=${{ secrets.AWS_BUCKET_NAME }},bundleType=zip,key=deploy/$GITHUB_SHA.zip \ No newline at end of file From 4a60f681c6dacf49f8ac44abe9d5c19456b35c1b Mon Sep 17 00:00:00 2001 From: thguss Date: Tue, 5 Sep 2023 23:34:42 +0900 Subject: [PATCH 2/6] =?UTF-8?q?[FIX]=20workflows=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/cd-dev.yml | 67 +++++++++++++++++++++++++++++++++++ .github/workflows/cd-prod.yml | 67 +++++++++++++++++++++++++++++++++++ .gitignore | 5 ++- 3 files changed, 138 insertions(+), 1 deletion(-) create mode 100644 .github/workflows/cd-dev.yml create mode 100644 .github/workflows/cd-prod.yml diff --git a/.github/workflows/cd-dev.yml b/.github/workflows/cd-dev.yml new file mode 100644 index 00000000..803db42c --- /dev/null +++ b/.github/workflows/cd-dev.yml @@ -0,0 +1,67 @@ +name: deploy + +on: + push: + branches: [ develop ] + +jobs: + build: + runs-on: ubuntu-20.04 + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: 'temurin' + cache: gradle + + - name: create .env file + working-directory: ./ + run: | + pwd + touch .env + echo "${{ secrets.ENV }}" >> .env + cat .env + + - name: Create application.yml + run: | + pwd + touch src/main/resources/application.yml + echo "${{ secrets.APPLICATION_YML }}" >> src/main/resources/application.yml + cat src/main/resources/application.yml + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + + - name: Create FireBase JSON file From AWS + run: | + aws s3 cp --region ap-northeast-2 s3://${{ secrets.AWS_BUCKET_NAME }}/json/smeem_fcm.json src/main/resources/smeem_fcm.json + + - name: Grant execute permission for gradlew + run: chmod +x ./gradlew + shell: bash + + - name: Build with Gradle + run: ./gradlew build + shell: bash + + - name: Make zip file + run: zip -r ./$GITHUB_SHA.zip . + shell: bash + + - name: Upload to S3 + run: aws s3 cp --region ap-northeast-2 ./$GITHUB_SHA.zip s3://${{ secrets.AWS_BUCKET_NAME }}/deploy/$GITHUB_SHA.zip + + - name: Code Deploy + run: aws deploy create-deployment --application-name smeme-codedeploy + --deployment-config-name CodeDeployDefault.AllAtOnce + --deployment-group-name smeme-group + --s3-location bucket=${{ secrets.AWS_BUCKET_NAME }},bundleType=zip,key=deploy/$GITHUB_SHA.zip \ No newline at end of file diff --git a/.github/workflows/cd-prod.yml b/.github/workflows/cd-prod.yml new file mode 100644 index 00000000..e79bf959 --- /dev/null +++ b/.github/workflows/cd-prod.yml @@ -0,0 +1,67 @@ +name: deploy + +on: + push: + branches: [ main ] + +jobs: + build: + runs-on: ubuntu-20.04 + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: 'temurin' + cache: gradle + + - name: create .env file + working-directory: ./ + run: | + pwd + touch .env + echo "${{ secrets.ENV }}" >> .env + cat .env + + - name: Create application.yml + run: | + pwd + touch src/main/resources/application.yml + echo "${{ secrets.APPLICATION_PROD_YML }}" >> src/main/resources/application.yml + cat src/main/resources/application.yml + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_PROD_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.AWS_PROD_SECRET_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + + - name: Create FireBase JSON file From AWS + run: | + aws s3 cp --region ap-northeast-2 s3://${{ secrets.AWS_PROD_BUCKET_NAME }}/json/smeem_fcm.json src/main/resources/smeem_fcm.json + + - name: Grant execute permission for gradlew + run: chmod +x ./gradlew + shell: bash + + - name: Build with Gradle + run: ./gradlew build + shell: bash + + - name: Make zip file + run: zip -r ./$GITHUB_SHA.zip . + shell: bash + + - name: Upload to S3 + run: aws s3 cp --region ap-northeast-2 ./$GITHUB_SHA.zip s3://${{ secrets.AWS_PROD_BUCKET_NAME }}/deploy/$GITHUB_SHA.zip + + - name: Code Deploy # prod code deploy 생성 + run: aws deploy create-deployment --application-name smeem-codedeploy + --deployment-config-name CodeDeployDefault.AllAtOnce + --deployment-group-name prod-group + --s3-location bucket=${{ secrets.AWS_PROD_BUCKET_NAME }},bundleType=zip,key=deploy/$GITHUB_SHA.zip \ No newline at end of file diff --git a/.gitignore b/.gitignore index 1c50ffc5..4e0ae009 100644 --- a/.gitignore +++ b/.gitignore @@ -36,7 +36,10 @@ out/ ### VS Code ### .vscode/ -*.yml +application.properties +application-dev.yml +application-prod.yml +application-oauth2.yml *.properties .env smeem_fcm.json From 06d53933caeda93e32ef5c85b79f74d6adbd58c8 Mon Sep 17 00:00:00 2001 From: thguss Date: Tue, 5 Sep 2023 23:48:10 +0900 Subject: [PATCH 3/6] =?UTF-8?q?[FIX]=20profile=20=EB=B3=80=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- scripts/run_new_was.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/scripts/run_new_was.sh b/scripts/run_new_was.sh index 22b77265..e3c6d5ba 100644 --- a/scripts/run_new_was.sh +++ b/scripts/run_new_was.sh @@ -20,6 +20,6 @@ if [ ! -z ${TARGET_PID} ]; then sudo kill ${TARGET_PID} fi -nohup java -jar -Dserver.port=${TARGET_PORT} -Dspring.profiles.active=dev /home/ubuntu/smeme/build/libs/server-0.0.1-SNAPSHOT.jar > /dev/null 2> /dev/null < /dev/null & +nohup java -jar -Dserver.port=${TARGET_PORT} -Dspring.profiles.active=prod /home/ubuntu/smeme/build/libs/server-0.0.1-SNAPSHOT.jar > /dev/null 2> /dev/null < /dev/null & echo "> Now new WAS runs at ${TARGET_PORT}." exit 0 \ No newline at end of file From ac1d17686dc9c94677532382a967b54e3993c5c4 Mon Sep 17 00:00:00 2001 From: thguss Date: Wed, 6 Sep 2023 00:06:39 +0900 Subject: [PATCH 4/6] =?UTF-8?q?[FIX]=20=EC=84=A4=EC=A0=95=20=ED=8C=8C?= =?UTF-8?q?=EC=9D=BC=20=EC=88=98=EC=A0=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/cd-prod.yml | 2 +- scripts/run_new_was.sh | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 3 deletions(-) diff --git a/.github/workflows/cd-prod.yml b/.github/workflows/cd-prod.yml index e79bf959..9816518f 100644 --- a/.github/workflows/cd-prod.yml +++ b/.github/workflows/cd-prod.yml @@ -60,7 +60,7 @@ jobs: - name: Upload to S3 run: aws s3 cp --region ap-northeast-2 ./$GITHUB_SHA.zip s3://${{ secrets.AWS_PROD_BUCKET_NAME }}/deploy/$GITHUB_SHA.zip - - name: Code Deploy # prod code deploy 생성 + - name: Code Deploy run: aws deploy create-deployment --application-name smeem-codedeploy --deployment-config-name CodeDeployDefault.AllAtOnce --deployment-group-name prod-group diff --git a/scripts/run_new_was.sh b/scripts/run_new_was.sh index e3c6d5ba..3ae9af08 100644 --- a/scripts/run_new_was.sh +++ b/scripts/run_new_was.sh @@ -20,6 +20,16 @@ if [ ! -z ${TARGET_PID} ]; then sudo kill ${TARGET_PID} fi -nohup java -jar -Dserver.port=${TARGET_PORT} -Dspring.profiles.active=prod /home/ubuntu/smeme/build/libs/server-0.0.1-SNAPSHOT.jar > /dev/null 2> /dev/null < /dev/null & -echo "> Now new WAS runs at ${TARGET_PORT}." +if [ "$DEPLOYMENT_GROUP_NAME" == "prod-group" ] +then + nohup java -jar -Dserver.port=${TARGET_PORT} -Dspring.profiles.active=prod /home/ubuntu/smeme/build/libs/server-0.0.1-SNAPSHOT.jar > /dev/null 2> /dev/null < /dev/null & + echo "> Now new WAS runs at ${TARGET_PORT}." +fi + +if [ "$DEPLOYMENT_GROUP_NAME" == "smeme-group" ] +then + nohup java -jar -Dserver.port=${TARGET_PORT} -Dspring.profiles.active=dev /home/ubuntu/smeme/build/libs/server-0.0.1-SNAPSHOT.jar > /dev/null 2> /dev/null < /dev/null & + echo "> Now new WAS runs at ${TARGET_PORT}." +fi + exit 0 \ No newline at end of file From dca1fa30c5cfa05a1700db16c32095b8b767a691 Mon Sep 17 00:00:00 2001 From: thguss Date: Wed, 6 Sep 2023 00:39:00 +0900 Subject: [PATCH 5/6] =?UTF-8?q?[ADD]=20prod=EC=9A=A9=20filterChain=20?= =?UTF-8?q?=EC=B6=94=EA=B0=80?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../smeme/server/config/SecurityConfig.java | 37 +++++++++++++++++-- 1 file changed, 34 insertions(+), 3 deletions(-) diff --git a/src/main/java/com/smeme/server/config/SecurityConfig.java b/src/main/java/com/smeme/server/config/SecurityConfig.java index 01e73bda..c9fb00b3 100644 --- a/src/main/java/com/smeme/server/config/SecurityConfig.java +++ b/src/main/java/com/smeme/server/config/SecurityConfig.java @@ -21,7 +21,7 @@ public class SecurityConfig { private final JwtAuthenticationFilter jwtAuthenticationFilter; private final CustomJwtAuthenticationEntryPoint customJwtAuthenticationEntryPoint; - private static final String[] AUTH_WHITELIST = { + private static final String[] AUTH_WHITELIST_DEV = { "/api/v2/auth", "/api/v2/test", "/api/beta/token", @@ -38,8 +38,19 @@ public class SecurityConfig { "/api/v2/goals/{type}" }; + private static final String[] AUTH_WHITELIST_PROD = { + "/api/v2/auth", + "/api/v2/test", + "/api/beta/token", + "/error", + "/favicon.ico", + "/api/v2/members/nickname/check", + "/api/v2/goals", + "/api/v2/goals/{type}" + }; + @Bean - @Profile("!prod") + @Profile("dev") public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { return http .csrf().disable() @@ -51,7 +62,27 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { .authenticationEntryPoint(customJwtAuthenticationEntryPoint) .and() .authorizeHttpRequests() - .requestMatchers(AUTH_WHITELIST).permitAll() + .requestMatchers(AUTH_WHITELIST_DEV).permitAll() + .anyRequest().authenticated() + .and() + .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class) + .build(); + } + + @Bean + @Profile("prod") + public SecurityFilterChain filterChainProd(HttpSecurity http) throws Exception { + return http + .csrf().disable() + .formLogin().disable() + .sessionManagement() + .sessionCreationPolicy(SessionCreationPolicy.STATELESS) + .and() + .exceptionHandling() + .authenticationEntryPoint(customJwtAuthenticationEntryPoint) + .and() + .authorizeHttpRequests() + .requestMatchers(AUTH_WHITELIST_PROD).permitAll() .anyRequest().authenticated() .and() .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class) From c70c292e0e24ec247b57d7c6527c24a0f600d041 Mon Sep 17 00:00:00 2001 From: thguss Date: Wed, 6 Sep 2023 00:47:37 +0900 Subject: [PATCH 6/6] =?UTF-8?q?[FIX]=20=EC=8A=A4=ED=81=AC=EB=A6=BD?= =?UTF-8?q?=ED=8A=B8=EB=AA=85=20=EB=B3=80=EA=B2=BD?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .github/workflows/cd-dev.yml | 2 +- .github/workflows/cd-prod.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/cd-dev.yml b/.github/workflows/cd-dev.yml index 803db42c..969bd967 100644 --- a/.github/workflows/cd-dev.yml +++ b/.github/workflows/cd-dev.yml @@ -1,4 +1,4 @@ -name: deploy +name: deploy-dev on: push: diff --git a/.github/workflows/cd-prod.yml b/.github/workflows/cd-prod.yml index 9816518f..f9af02d9 100644 --- a/.github/workflows/cd-prod.yml +++ b/.github/workflows/cd-prod.yml @@ -1,4 +1,4 @@ -name: deploy +name: deploy-prod on: push: