Skip to content

[setting] MOA-84 백엔드 서버 오라클 클라우드로 이전 #546

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
PororoAndFriends merged 10 commits into from
Jul 20, 2025
Merged

[setting] MOA-84 백엔드 서버 오라클 클라우드로 이전 #546

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
10 commits
Select commit Hold shift + click to select a range
01721c9
오라클 클라우드 cicd 구현
Jul 14, 2025
9f554db
오라클 클라우드 cicd 구현
Jul 14, 2025
5640bdf
docker 머신 아키텍처 추가
Jul 14, 2025
d241ebf
gcs key 의존성 제거
Jul 14, 2025
0356498
배포서버 이전
Jul 17, 2025
b26a38d
배포서버 이전
Jul 17, 2025
0b0cf3a
배포서버 이전
Jul 17, 2025
911637e
코드 리팩터링 및 정리
Jul 17, 2025
e638d29
배포서버 데이터베이스 교체
Jul 18, 2025
182e89f
배포서버 데이터베이스 교체
Jul 18, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
62 changes: 12 additions & 50 deletions .github/workflows/oracle_server_cd_develop.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,10 +6,8 @@ on:
push:
branches:
- 'develop/be'
- 'feature/#517-oracle-cicd'
paths:
- 'backend/**'
- '.github/workflows/**'

jobs:

Expand All @@ -32,13 +30,16 @@ jobs:
uses: gradle/actions/setup-gradle@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.0.0

- name: Cache Gradle dependencies
uses: actions/cache@v4 # Gradle 의존성 캐시 설정
uses: actions/cache@v4
with:
path: ~/.gradle/caches # Gradle 캐시 경로
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }} # Gradle 파일 해시값 기반 키
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-


- name: make application.properties
run: |
cd ./backend/src/main/resources
Expand All @@ -51,34 +52,14 @@ jobs:
run: |
cd backend
./gradlew clean build -x test

- id: 'auth'
uses: 'google-github-actions/auth@v2'
with:
credentials_json: ${{ secrets.GCE_SA_KEY }}

# GCloud SDK 캐시 설정
- name: Cache Google Cloud SDK
uses: actions/cache@v4
with:
path: ~/.cache
key: gcloud-sdk-${{ runner.os }}
restore-keys: |
gcloud-sdk-

# Google Cloud CLI 설정
- name: Set up Google Cloud SDK
uses: google-github-actions/setup-gcloud@v2

- name: Log in to Docker Hub
uses: docker/login-action@v2
with:
project_id: ${{ secrets.GCE_PROJECT }}
username: ${{ secrets.SERVER_DOCKER_USERNAME }}
password: ${{ secrets.SERVER_DOCKER_PASSWORD }}

Comment on lines +56 to 61
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot Jul 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

docker/login-action 버전을 최신(v3)으로 올려야 합니다.

actionlint 경고: “the runner of docker/login-action@v2 action is too old”.
GH Actions 런타임과 호환성을 위해 v3로 업데이트하십시오.

-      - name: Log in to Docker Hub
-        uses: docker/login-action@v2
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Log in to Docker Hub
uses: docker/login-action@v2
with:
project_id: ${{ secrets.GCE_PROJECT }}
username: ${{ secrets.SERVER_DOCKER_USERNAME }}
password: ${{ secrets.SERVER_DOCKER_PASSWORD }}
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.SERVER_DOCKER_USERNAME }}
password: ${{ secrets.SERVER_DOCKER_PASSWORD }}
🧰 Tools
🪛 actionlint (1.7.7)

57-57: the runner of "docker/login-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents 
In .github/workflows/oracle_server_cd_develop.yml around lines 56 to 61, update
the version of the docker/login-action from v2 to v3 to ensure compatibility
with the latest GitHub Actions runtime and resolve the actionlint warning.
Change the uses line to use docker/login-action@v3 instead of v2.

# Docker 인증
- name: Authenticate Docker to Google Cloud Container Registry (GCR)
run: |
gcloud auth configure-docker asia-northeast3-docker.pkg.dev

# Docker 이미지 빌드 및 GCR 업로드
# ARM 전용 이미지 배포
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

Expand All @@ -87,7 +68,7 @@ jobs:
with:
context: ./backend
file: ./backend/Dockerfile
platforms: linux/arm64
platforms: linux/arm64,linux/amd64
push: true
tags: |
${{ secrets.DOCKER_IMAGE_DEV }}:latest
Expand All @@ -103,18 +84,6 @@ jobs:

steps:

# gcloud-setup workflow 호출
- id: 'auth'
uses: 'google-github-actions/auth@v2'
with:
credentials_json: ${{ secrets.GCE_SA_KEY }}

# Google Cloud CLI 설정
- name: Set up Google Cloud SDK
uses: google-github-actions/setup-gcloud@v2
with:
project_id: ${{ secrets.GCE_PROJECT }}

# oracle ssh 접속 후 배포
- name: Update Container on VM
uses: appleboy/ssh-action@master
Expand All @@ -124,13 +93,6 @@ jobs:
key: ${{ secrets.ORACLE_INSTANCE_DEV_PRIVATE_KEY }}
port: ${{ secrets.ORACLE_INSTANCE_DEV_PORT }}
script: |
gcloud auth activate-service-account --key-file=/home/${{ secrets.ORACLE_INSTANCE_USER }}/gce_sa_key.json
ACCESS_TOKEN=$(gcloud auth print-access-token)
docker login -u oauth2accesstoken --password-stdin https://asia-northeast3-docker.pkg.dev
docker pull asia-northeast3-docker.pkg.dev/pristine-valve-457508-k7/moadong/moadong-dev:latest

sudo usermod -aG docker $USER
newgrp docker
docker pull ${{ secrets.DOCKER_IMAGE_DEV }}:latest

export USERNAME=${{ secrets.ORACLE_INSTANCE_USER }}
Expand Down
99 changes: 39 additions & 60 deletions .github/workflows/server_cd_release.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,11 @@
# .github/workflows/server_cd_develop.yml

name: Release Server CD

on:
push:
branches:
- 'main'
- 'setting/#542-oracle_cloud'
paths:
- 'backend/**'
- '.github/workflows/**'
Expand All @@ -31,10 +31,12 @@ jobs:
uses: gradle/actions/setup-gradle@af1da67850ed9a4cedd57bfd976089dd991e2582 # v4.0.0

- name: Cache Gradle dependencies
uses: actions/cache@v4 # Gradle 의존성 캐시 설정
uses: actions/cache@v4
with:
path: ~/.gradle/caches # Gradle 캐시 경로
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }} # Gradle 파일 해시값 기반 키
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-

Expand All @@ -51,37 +53,26 @@ jobs:
cd backend
./gradlew clean build -x test

- id: 'auth'
uses: 'google-github-actions/auth@v2'
# Docker 인증
- name: Log in to Docker Hub
uses: docker/login-action@v2
with:
credentials_json: ${{ secrets.GCE_SA_KEY }}
username: ${{ secrets.SERVER_DOCKER_USERNAME }}
password: ${{ secrets.SERVER_DOCKER_PASSWORD }}

Comment on lines +57 to 62
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot Jul 17, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

docker/login-action v2 → v3 업그레이드 필요

develop 워크플로와 동일한 actionlint 오류가 발생합니다. 버전을 v3로 올려주세요.

-      - name: Log in to Docker Hub
-        uses: docker/login-action@v2
+      - name: Log in to Docker Hub
+        uses: docker/login-action@v3
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Log in to Docker Hub
uses: docker/login-action@v2
with:
credentials_json: ${{ secrets.GCE_SA_KEY }}
username: ${{ secrets.SERVER_DOCKER_USERNAME }}
password: ${{ secrets.SERVER_DOCKER_PASSWORD }}
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.SERVER_DOCKER_USERNAME }}
password: ${{ secrets.SERVER_DOCKER_PASSWORD }}
🧰 Tools
🪛 actionlint (1.7.7)

57-57: the runner of "docker/login-action@v2" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

🤖 Prompt for AI Agents 
In .github/workflows/server_cd_release.yml around lines 56 to 61, the
docker/login-action is currently using version v2, which causes actionlint
errors similar to the develop workflow. Update the version from v2 to v3 in the
uses field to fix these errors and keep consistency with the develop workflow.

# GCloud SDK 캐시 설정
- name: Cache Google Cloud SDK
uses: actions/cache@v4
with:
path: ~/.cache
key: gcloud-sdk-${{ runner.os }}
restore-keys: |
gcloud-sdk-
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3

# Google Cloud CLI 설정
- name: Set up Google Cloud SDK
uses: google-github-actions/setup-gcloud@v2
- name: Build and Push ARM64 Docker Image
uses: docker/build-push-action@v5
with:
project_id: ${{ secrets.GCE_PROJECT }}

# Docker 인증
- name: Authenticate Docker to Google Cloud Container Registry (GCR)
run: |
gcloud auth configure-docker asia-northeast3-docker.pkg.dev

# Docker 이미지 빌드 및 GCR 업로드
- name: Build and Push Docker Image
run: |
cd backend
docker build -t ${{ secrets.DOCKER_IMAGE_RELEASE }}:${{ github.sha }} -t ${{ secrets.DOCKER_IMAGE_DEV }}:latest .
docker push -a ${{ secrets.DOCKER_IMAGE_RELEASE }}
context: ./backend
file: ./backend/Dockerfile
platforms: linux/arm64,linux/amd64
push: true
tags: |
${{ secrets.DOCKER_IMAGE_RELEASE }}:latest
${{ secrets.DOCKER_IMAGE_RELEASE }}:${{ github.sha }}

deploy:
name: Deploy
Expand All @@ -93,33 +84,21 @@ jobs:

steps:

# gcloud-setup workflow 호출
- id: 'auth'
uses: 'google-github-actions/auth@v2'
with:
credentials_json: ${{ secrets.GCE_SA_KEY }}

# Google Cloud CLI 설정
- name: Set up Google Cloud SDK
uses: google-github-actions/setup-gcloud@v2
with:
project_id: ${{ secrets.GCE_PROJECT }}

# oracle ssh 접속 후 배포
- name: Update Container on VM
run: |
gcloud compute ssh ${{ secrets.GCE_INSTANCE_RELEASE }} --zone=${{ secrets.GCP_REGION }} --command="
gcloud auth configure-docker asia-northeast3-docker.pkg.dev
gcloud auth activate-service-account --key-file=/home/${{ secrets.GCE_INSTANCE_USER }}/gce_sa_key.json

sudo usermod -aG docker $USER
newgrp docker

docker pull ${{ secrets.DOCKER_IMAGE_RELEASE }}:latest

export USERNAME=${{ secrets.GCE_INSTANCE_USER }} # docker compose 파일에서 사용할 변수명 설정
export DOCKER_APP_IMAGE=${{ secrets.DOCKER_IMAGE_RELEASE }}:latest
sudo chmod +x /home/${{ secrets.GCE_INSTANCE_USER }}/deploy.sh # 실행 권한 부여
sudo -E /home/${{ secrets.GCE_INSTANCE_USER }}/deploy.sh # su권한으로 환경 변수 유지 및 실행

docker image prune -af
docker ps -a"
uses: appleboy/ssh-action@master
with:
host: ${{ secrets.ORACLE_INSTANCE_RELEASE_IP }}
username: ${{ secrets.ORACLE_INSTANCE_USER }}
key: ${{ secrets.ORACLE_INSTANCE_RELEASE_PRIVATE_KEY }}
port: ${{ secrets.ORACLE_INSTANCE_RELEASE_PORT }}
script: |
Comment on lines +89 to +95
Copy link
Copy Markdown
Contributor

@coderabbitai coderabbitai bot Jul 18, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

appleboy/ssh-action@master → 고정된 커밋/태그로 핀 고정 권장

@master 레퍼런스는 예기치 않은 브레이킹 변경·공급망 공격 위험이 있습니다. 신뢰할 수 있는 릴리스 태그(예: v1.0.0)나 커밋 SHA로 고정하세요.

🤖 Prompt for AI Agents 
In .github/workflows/server_cd_release.yml around lines 89 to 95, the usage of
appleboy/ssh-action@master should be replaced with a fixed commit SHA or a
specific release tag to avoid unexpected breaking changes or supply chain
attacks. Update the action reference from @master to a stable version like a
release tag (e.g., v1.0.0) or a commit SHA to ensure consistent and secure
workflow execution.


docker pull ${{ secrets.DOCKER_IMAGE_RELEASE }}:latest

export USERNAME=${{ secrets.ORACLE_INSTANCE_USER }}
export DOCKER_APP_IMAGE=${{ secrets.DOCKER_IMAGE_RELEASE }}:latest
sudo chmod +x /home/${{ secrets.ORACLE_INSTANCE_USER }}/deploy.sh
sudo -E /home/${{ secrets.ORACLE_INSTANCE_USER }}/deploy.sh

docker image prune -af
20 changes: 10 additions & 10 deletions backend/src/main/java/moadong/global/config/SecurityConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,8 +40,8 @@ public class SecurityConfig {

private final JwtProvider jwtProvider;
private final CustomUserDetailService userDetailsService;
@Value("${spring.cloud.gcp.credentials.location}")
private String credentialsLocation;
// @Value("${spring.cloud.gcp.credentials.location}")
// private String credentialsLocation;

public SecurityConfig(JwtProvider jwtProvider, CustomUserDetailService userDetailsService) {
this.jwtProvider = jwtProvider;
Expand All @@ -62,14 +62,14 @@ public SecurityFilterChain securityFilterChain(HttpSecurity http) throws Excepti
return http.build();
}

@Bean
public Storage storage() throws IOException {
InputStream keyFile = ResourceUtils.getURL(credentialsLocation).openStream();
return StorageOptions.newBuilder()
.setCredentials(GoogleCredentials.fromStream(keyFile))
.build()
.getService();
}
// @Bean
// public Storage storage() throws IOException {
// InputStream keyFile = ResourceUtils.getURL(credentialsLocation).openStream();
// return StorageOptions.newBuilder()
// .setCredentials(GoogleCredentials.fromStream(keyFile))
// .build()
// .getService();
// }

@Bean
public PasswordEncoder passwordEncoder() {
Expand Down
82 changes: 41 additions & 41 deletions backend/src/main/java/moadong/media/util/GoogleDriveConfig.java
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,41 +1,41 @@
package moadong.media.util;

import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
import com.google.api.client.json.jackson2.JacksonFactory;
import com.google.api.services.drive.Drive;
import com.google.api.services.drive.DriveScopes;
import com.google.auth.http.HttpCredentialsAdapter;
import com.google.auth.oauth2.GoogleCredentials;
import java.io.InputStream;
import java.util.Collections;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.util.ResourceUtils;

@Configuration
public class GoogleDriveConfig {

@Value("${spring.cloud.gcp.credentials.location}")
private String credentialsLocation;

@Value("${google.application.name}")
private String applicationName;

@Bean
public Drive googleDriveService() throws Exception {
InputStream in = ResourceUtils.getURL(credentialsLocation).openStream();
GoogleCredentials credentials = GoogleCredentials.fromStream(in)
.createScoped(Collections.singleton(DriveScopes.DRIVE));

return new Drive.Builder(
GoogleNetHttpTransport.newTrustedTransport(),
JacksonFactory.getDefaultInstance(),
new HttpCredentialsAdapter(credentials))
.setApplicationName(applicationName)
.build();

}


}
//package moadong.media.util;
//
//import com.google.api.client.googleapis.javanet.GoogleNetHttpTransport;
//import com.google.api.client.json.jackson2.JacksonFactory;
//import com.google.api.services.drive.Drive;
//import com.google.api.services.drive.DriveScopes;
//import com.google.auth.http.HttpCredentialsAdapter;
//import com.google.auth.oauth2.GoogleCredentials;
//import java.io.InputStream;
//import java.util.Collections;
//import org.springframework.beans.factory.annotation.Value;
//import org.springframework.context.annotation.Bean;
//import org.springframework.context.annotation.Configuration;
//import org.springframework.util.ResourceUtils;
//
//@Configuration
//public class GoogleDriveConfig {
//
// @Value("${spring.cloud.gcp.credentials.location}")
// private String credentialsLocation;
//
// @Value("${google.application.name}")
// private String applicationName;
//
// @Bean
// public Drive googleDriveService() throws Exception {
// InputStream in = ResourceUtils.getURL(credentialsLocation).openStream();
// GoogleCredentials credentials = GoogleCredentials.fromStream(in)
// .createScoped(Collections.singleton(DriveScopes.DRIVE));
//
// return new Drive.Builder(
// GoogleNetHttpTransport.newTrustedTransport(),
// JacksonFactory.getDefaultInstance(),
// new HttpCredentialsAdapter(credentials))
// .setApplicationName(applicationName)
// .build();
//
// }
//
//
//}
Loading