Merge pull request #40 from Geumpumta/ip

feat: 운영(Prod) 서버 CI/CD 구축 및 환경 설정 분리

Author: Juhye0k

.github/workflows/cd.yml .github/workflows/dev-cd.yml.github/workflows/cd.yml renamed to .github/workflows/dev-cd.yml

@@ -14,7 +14,7 @@ jobs:
     # CI가 성공했을 때만 실행
     if: ${{ github.event.workflow_run.conclusion == 'success' }}
     runs-on: [self-hosted]
-    
+
     # [설정] GitHub Environment의 'development' 변수들(32124 포트 등)을 사용
     environment:
       name: development

.github/workflows/ci.yml .github/workflows/dev-ci.yml.github/workflows/ci.yml renamed to .github/workflows/dev-ci.yml

@@ -15,7 +15,7 @@ permissions:
 jobs:
   build:
     runs-on: ubuntu-latest
-    
+
     services:
       redis:
         image: redis:alpine

.github/workflows/prod-cd.yml

@@ -0,0 +1,94 @@
+name: Prod - CD with Docker
+
+on:
+  workflow_run:
+    workflows: [ "Prod - Java CI with Gradle" ] # Prod CI 파일 이름과 일치해야 함
+    types: [ completed ]
+
+permissions:
+  contents: read
+  packages: write
+
+jobs:
+  build:
+    # Prod 브랜치인 경우에만 실행
+    if: ${{ github.event.workflow_run.conclusion == 'success' && github.event.workflow_run.head_branch == 'main' }}
+    runs-on: ubuntu-latest
+    outputs:
+      image-tag: ${{ steps.meta.outputs.tags }}
+
+    steps:
+      - name: Download artifact
+        uses: actions/download-artifact@v4
+        with:
+          run-id: ${{ github.event.workflow_run.id }}
+          github-token: ${{ secrets.ACTION_TOKEN }}
+          name: build-libs
+
+      - name: Setup Docker Buildx
+        uses: docker/setup-buildx-action@v3
+        with:
+          driver: docker-container
+          driver-opts: |
+            network=host
+
+      - name: Login to Github Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.ACTION_TOKEN }}
+
+      - name: Extract metadata
+        id: meta
+        uses: docker/metadata-action@v5
+        with:
+          images: ghcr.io/${{ github.repository }}
+          tags: |
+            type=sha
+
+      - name: Build and Push Docker image
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: Dockerfile
+          push: true
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
+          platforms: linux/amd64,linux/arm64
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+  deploy:
+    needs: build
+    runs-on: [self-hosted]
+
+    # [Prod] GitHub Environment 사용
+    environment:
+      name: production
+
+    steps:
+      - name: Login to GHCR
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.ACTION_TOKEN }}
+
+      - name: Pull latest image
+        run: docker pull ${{ needs.build.outputs.image-tag }}
+
+      - name: Clean up old container and image
+        run: |
+          docker rm -f ${{ vars.CONTAINER_NAME }} || true
+          docker image prune -f 
+
+      - name: Run New Container (Prod)
+        run: |
+          docker run -d \
+            --name ${{ vars.CONTAINER_NAME }} \
+            --network ${{ vars.NETWORK_NAME }} \
+            -p ${{ secrets.WEB_PORT }}:8080 \
+            -e SPRING_PROFILES_ACTIVE=prod \
+            -e TZ=Asia/Seoul \
+            ${{ needs.build.outputs.image-tag }}

.github/workflows/prod-ci.yml

@@ -0,0 +1,63 @@
+name: Prod - Java CI with Gradle
+
+on:
+  push:
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
+permissions:
+  contents: read
+  checks: write
+  pull-requests: write
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    services:
+      redis:
+        image: redis:alpine
+        ports:
+          - 6379:6379
+        options: >-
+          --health-cmd "redis-cli ping"
+          --health-interval 10s
+          --health-timeout 5s
+          --health-retries 5
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+        with:
+          submodules: true
+          token: ${{ secrets.ACTION_TOKEN }}
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          java-version: '21'
+          distribution: 'temurin'
+
+      - name: Setup Gradle
+        uses: gradle/actions/setup-gradle@v4
+
+      - name: Add +x permission to gradlew
+        run: chmod +x gradlew
+
+      - name: Build with Gradle
+        run: ./gradlew clean build
+
+      - name: Publish Test Report
+        uses: mikepenz/action-junit-report@v5
+        if: success() || failure()
+        with:
+          report_paths: '**/build/test-results/test/TEST-*.xml'
+
+      - name: Upload Build Artifacts
+        uses: actions/upload-artifact@v4
+        with:
+          name: build-libs
+          path: |
+            build/libs/*.jar
+            Dockerfile

src/main/resources/application-prod.yml

@@ -0,0 +1,58 @@
+spring:
+  config:
+    activate:
+      on-profile: prod
+    import:
+      - security/application-database.yml
+      - security/application-security.yml
+      - security/application-mail.yml
+      - security/application-swagger.yml
+      - security/application-wifi.yml
+      - security/application-cloudinary.yml
+
+  datasource:
+    url: ${geumpumta.mysql.url}
+    username: ${geumpumta.mysql.username}
+    password: ${geumpumta.mysql.password}
+    driver-class-name: com.mysql.cj.jdbc.Driver
+
+  data:
+    redis:
+      host: ${geumpumta.redis.host}
+      port: ${geumpumta.redis.port}
+      password: ${geumpumta.redis.password}
+      repositories:
+        enabled: false
+
+  mvc:
+    log-request-details: true
+
+  jpa:
+    hibernate:
+      ddl-auto: validate
+    open-in-view: false
+    show-sql: true
+    properties:
+      hibernate:
+        format_sql: false
+        highlight_sql: false
+        default_batch_fetch_size: 100
+  servlet:
+    multipart:
+      max-file-size: 10MB     # 한 파일 최대 크기
+      max-request-size: 100MB  # 전체 요청 최대 크기 (여러 파일 합산)
+
+server:
+  forward-headers-strategy: framework
+
+logging:
+  level:
+    # ---- HTTP 트래픽 흐름을 살펴봅니다.
+    org.springframework.web: info
+    # ---- Hibernate가 실행할 질의문을 살펴봅니다.
+    org.hibernate.SQL: warn
+    # ---- 질의문에 바인딩되는 파라미터를 살펴봅니다.
+    org.hibernate.orm.jdbc.bind: warn
+    # ---- 질의문 실행 결과를 살펴봅니다.
+    org.hibernate.orm.jdbc.extract: warn
+

src/main/resources/application.yml

@@ -5,6 +5,7 @@ spring:
     group:
       local: local
       dev: dev
+      prod: prod
 ---
 
 spring: