♻️ Spring Security 설정 정리 및 불필요한 로직 제거 #41
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Deploy to Staging (RaspberryPi) | |
| on: | |
| push: | |
| branches: [ staging ] | |
| jobs: | |
| build-and-deploy: | |
| runs-on: ubuntu-latest | |
| environment: staging | |
| steps: | |
| - uses: actions/checkout@v2 | |
| # JDK 셋팅 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v2 | |
| with: | |
| java-version: '17' | |
| distribution: 'adopt' | |
| # AuthKey.p8 생성 | |
| - name: Create AuthKey.p8 | |
| run: | | |
| echo "${{ secrets.APPLE_AUTH_KEY }}" > ./src/main/resources/key/AuthKey.p8 | |
| # 빌드 | |
| - name: Build with Gradle | |
| run: | | |
| chmod +x ./gradlew | |
| ./gradlew build | |
| # 빌드 후 HTML 파일만 따로 Raspberry Pi로 전송 | |
| - name: Copy API Docs to Raspberry Pi (Staging) | |
| uses: appleboy/scp-action@master | |
| with: | |
| host: ${{ secrets.PI_HOST }} | |
| port: ${{ secrets.PI_PORT }} | |
| username: ${{ secrets.PI_USERNAME }} | |
| password: ${{ secrets.PI_PASSWORD }} | |
| source: "./src/main/resources/static/docs/*" | |
| target: "Project/bbaegok/docs/" | |
| strip_components: 5 | |
| # DockerHub 로그인 | |
| - name: Login to DockerHub | |
| uses: docker/login-action@v1 | |
| with: | |
| username: ${{ secrets.DOCKERHUB_USERNAME }} | |
| password: ${{ secrets.DOCKERHUB_TOKEN }} | |
| # Docker 이미지 빌드 & 푸시 (+스테이징용 태그) | |
| - name: Build and push Docker image | |
| uses: docker/build-push-action@v2 | |
| with: | |
| context: . | |
| push: true | |
| platforms: linux/arm64 | |
| tags: ${{ secrets.DOCKERHUB_USERNAME }}/bbegok:staging | |
| # .env 파일 생성 | |
| - name: Create .env file | |
| run: | | |
| envsubst < ./configuration/staging/.env.template > ./configuration/staging/.env | |
| env: | |
| DOCKERHUB_USERNAME: ${{ secrets.DOCKERHUB_USERNAME }} | |
| DOCKERHUB_TOKEN: ${{ secrets.DOCKERHUB_TOKEN }} | |
| DOMAIN_NAME: ${{ secrets.DOMAIN_NAME }} | |
| ROOT_DOMAIN_NAME: ${{ secrets.ROOT_DOMAIN_NAME }} | |
| FRONT_DEV_DOMAIN_NAME: ${{ secrets.FRONT_DEV_DOMAIN_NAME }} | |
| MYSQL_URL: ${{ secrets.MYSQL_URL }} | |
| MYSQL_ROOT_PASSWORD: ${{ secrets.MYSQL_ROOT_PASSWORD }} | |
| MYSQL_USER: ${{ secrets.MYSQL_USER }} | |
| MYSQL_PASSWORD: ${{ secrets.MYSQL_PASSWORD }} | |
| REDIS_PREFIX: ${{ secrets.REDIS_PREFIX }} | |
| REDIS_PORT: ${{ secrets.REDIS_PORT }} | |
| REDIS_TERMS_KEY: ${{ secrets.REDIS_TERMS_KEY }} | |
| ALADIN_TTB_KEY: ${{ secrets.ALADIN_TTB_KEY }} | |
| ALADIN_SERVER_URL: ${{ secrets.ALADIN_SERVER_URL }} | |
| JWT_SECRET: ${{ secrets.JWT_SECRET }} | |
| KAKAO_CLIENT: ${{ secrets.KAKAO_CLIENT }} | |
| KAKAO_SECRET: ${{ secrets.KAKAO_SECRET }} | |
| GOOGLE_CLIENT_ID: ${{ secrets.GOOGLE_CLIENT_ID }} | |
| GOOGLE_CLIENT_SECRET: ${{ secrets.GOOGLE_CLIENT_SECRET }} | |
| APPLE_AUD : ${{ secrets.APPLE_AUD }} | |
| APPLE_TEAM_ID : ${{ secrets.APPLE_TEAM_ID }} | |
| APPLE_KEY_ID : ${{ secrets.APPLE_KEY_ID }} | |
| OAUTH_REDIRECT_URI: ${{ secrets.OAUTH_REDIRECT_URI }} | |
| # 서버로 파일 복사 | |
| - name: Copy files to Raspberry Pi (Staging) | |
| uses: appleboy/scp-action@master | |
| with: | |
| host: ${{ secrets.PI_HOST }} | |
| port: ${{ secrets.PI_PORT }} | |
| username: ${{ secrets.PI_USERNAME }} | |
| password: ${{ secrets.PI_PASSWORD }} | |
| source: "./configuration/staging/*" | |
| target: "Project/bbaegok/staging/" | |
| strip_components: 2 | |
| # 스테이징 서버에 배포 | |
| - name: Deploy to Raspberry Pi (Staging) | |
| uses: appleboy/ssh-action@master | |
| with: | |
| host: ${{ secrets.PI_HOST }} | |
| port: ${{ secrets.PI_PORT }} | |
| username: ${{ secrets.PI_USERNAME }} | |
| password: ${{ secrets.PI_PASSWORD }} | |
| script: | | |
| cd Project/bbaegok/staging/ | |
| # 현재 실행중인 app color와 포트 | |
| if docker ps --filter "name=app_blue" --filter "status=running" | grep app_blue; then | |
| CURRENT="blue" | |
| NEXT="green" | |
| else | |
| CURRENT="green" | |
| NEXT="blue" | |
| fi | |
| if [ "$NEXT" = "blue" ]; then | |
| NEXT_PORT=8090 | |
| else | |
| NEXT_PORT=8091 | |
| fi | |
| echo "Current active app: $CURRENT" | |
| echo "Deploying next app: $NEXT : $NEXT_PORT" | |
| ACTIVE_COLOR=$NEXT envsubst '${ACTIVE_COLOR}' < nginx.conf > nginx_final.conf | |
| mv nginx_final.conf nginx.conf | |
| # 새 버전 pull 및 앱 컨테이너 실행 | |
| docker-compose pull app_${NEXT} | |
| docker-compose up -d app_${NEXT} | |
| # 새 인스턴스에 대한 헬스체크(최대 1분까지 5회 재시도) | |
| for i in {1..12}; do | |
| sleep 5 | |
| if curl -fs http://localhost:$NEXT_PORT/actuator/health | grep '"status":"UP"' > /dev/null; then | |
| echo "✅ Health check passed" | |
| break | |
| fi | |
| if [ "$i" -eq 12 ]; then | |
| echo "❌ Health check failed for app_${NEXT}" | |
| # 컨테이너 중지 및 삭제 (optional) | |
| docker-compose stop app_${NEXT} | |
| docker-compose rm -f app_${NEXT} | |
| # 실패 알림용 파일 생성 | |
| echo "DEPLOY_FAILED" > .deploy_status | |
| exit 1 | |
| fi | |
| done | |
| # nginx에 새 color 적용 | |
| ACTIVE_COLOR=$NEXT envsubst '${ACTIVE_COLOR}' < nginx.conf > nginx_final.conf | |
| mv nginx_final.conf nginx.conf | |
| docker-compose restart nginx | |
| # 5. 기존 컨테이너 종료 | |
| docker-compose stop app_${CURRENT} | |
| - name: Discord Webhook when success | |
| if: success() | |
| env: | |
| DISCORD_WEBHOOK: ${{ secrets.DISCORD_SUCCESS_WEBHOOK }} | |
| uses: Ilshidur/action-discord@master | |
| with: | |
| args: | | |
| ## **:rocket: 백엔드 스테이징 서버 배포 성공 ** | |
| ``` | |
| message | ${{ github.event.head_commit.message }} | |
| ``` | |
| - name: Discord Webhook when fail | |
| if: failure() | |
| env: | |
| DISCORD_WEBHOOK: ${{ secrets.DISCORD_FAILURE_WEBHOOK }} | |
| uses: Ilshidur/action-discord@master | |
| with: | |
| args: | | |
| ## **:x: 백엔드 스테이징 서버 배포 실패 ** |