Merge pull request #38 from YAPP-Github/develop

[Ci] (프로덕션) 기획 변경으로 인한 인프라 변경점 적용

Author: lvalentine6

.coderabbit.yaml

@@ -0,0 +1,17 @@
+language: "ko-KR"
+early_access: false
+reviews:
+  profile: "chill"
+  request_changes_workflow: false
+  high_level_summary: true
+  poem: true
+  review_status: true
+  collapse_walkthrough: false
+  auto_review:
+    enabled: true
+    drafts: false
+    base_branches:
+      - "main"
+      - "develop"
+chat:
+  auto_reply: true

.github/config/pr-labeler-config.yml

@@ -1,32 +1,32 @@
 fix:
-  - head-branch: ['^fix/', '^bugfix/']
+  - head-branch: [ '^fix/', '^bugfix/' ]
 
 hotfix:
-  - head-branch: ['^hotfix/']
+  - head-branch: [ '^hotfix/' ]
 
 feat:
-  - head-branch: ['^feat/', '^feature/']
+  - head-branch: [ '^feat/', '^feature/' ]
 
 docs:
-  - head-branch: ['^docs/']
+  - head-branch: [ '^docs/' ]
 
 refactor:
-  - head-branch: ['^refactor/']
+  - head-branch: [ '^refactor/' ]
 
 test:
-  - head-branch: ['^test/']
+  - head-branch: [ '^test/' ]
 
 chore:
-  - head-branch: ['^chore/']
+  - head-branch: [ '^chore/' ]
 
 ci:
-  - head-branch: ['^ci/']
+  - head-branch: [ '^ci/' ]
 
 build:
-  - head-branch: ['^build/']
+  - head-branch: [ '^build/' ]
 
 perf:
-  - head-branch: ['^perf/']
+  - head-branch: [ '^perf/' ]
 
 revert:
-  - head-branch: ['^revert/']
+  - head-branch: [ '^revert/' ]

.github/workflows/auto-assign.yml

@@ -2,7 +2,7 @@ name: Auto Assign
 
 on:
   pull_request:
-    types: [opened, ready_for_review]
+    types: [ opened, ready_for_review ]
 
 jobs:
   add-reviews:

.github/workflows/auto-label.yml

@@ -2,7 +2,7 @@ name: Auto Label PRs
 
 on:
   pull_request:
-    types: [opened, synchronize, reopened]
+    types: [ opened, synchronize, reopened ]
 
 jobs:
   label:
@@ -11,4 +11,4 @@ jobs:
       - uses: actions/labeler@v5
         with:
           repo-token: ${{ secrets.GITHUB_TOKEN }}
-          configuration-path: '.github/config/pr-labeler-config.yml'
+          configuration-path: '.github/config/pr-labeler-config.yml'

.github/workflows/close-jira-issue.yml

@@ -29,3 +29,4 @@ jobs:
         uses: atlassian/gajira-transition@v3
         with:
           issue: ${{ env.JIRA_KEY }}
+          transition: 완료

.github/workflows/deploy-dev.yml

@@ -95,6 +95,7 @@ jobs:
           echo "ECS_CLUSTER=$(echo "$TF_OUTPUTS" | jq -r '.ecs_cluster_name.value')" >> $GITHUB_ENV
           echo "ECS_SERVICE=$(echo "$TF_OUTPUTS" | jq -r '.ecs_api_service_name.value')" >> $GITHUB_ENV
           echo "CONTAINER_NAME=$(echo "$TF_OUTPUTS" | jq -r '.ecs_api_container_name.value')" >> $GITHUB_ENV
+          echo "PRIVATE_IP=$(echo "$TF_OUTPUTS" | jq -r '.ec2_private_ip.value')" >> $GITHUB_ENV
 
       - name: Configure AWS credentials
         uses: aws-actions/configure-aws-credentials@v4
@@ -103,13 +104,29 @@ jobs:
           aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
           aws-region: ${{ env.AWS_REGION }}
 
+      - name: Update MYSQL_URL in Parameter Store
+        run: |
+          MYSQL_URL="jdbc:mysql://${PRIVATE_IP}:3306/eatda?useUnicode=true&characterEncoding=UTF-8"
+
+          aws ssm put-parameter \
+            --name "/dev/MYSQL_URL" \
+            --type "SecureString" \
+            --value "$MYSQL_URL" \
+            --overwrite
+
       - name: Set up Node.js
         uses: actions/setup-node@v4
         with:
           node-version: '22'
 
       - name: Install Semantic Release dependencies
-        run: npm install semantic-release @semantic-release/commit-analyzer @semantic-release/release-notes-generator conventional-changelog-conventionalcommits
+        run: |
+          npm install \
+            semantic-release \
+            @semantic-release/commit-analyzer \
+            @semantic-release/release-notes-generator \
+            @semantic-release/github \
+            conventional-changelog-conventionalcommits
 
       - name: Semantic Release
         id: get_version
@@ -134,11 +151,24 @@ jobs:
           architecture: 'x64'
           cache: 'gradle'
 
+      - name: Get TEST_JWT_SECRET_KEY from SSM
+        id: get-test-secret
+        run: |
+          SECRET_VALUE=$(aws ssm get-parameter \
+            --name "/common/TEST_JWT_SECRET_KEY" \
+            --with-decryption \
+            --region "${{ env.AWS_REGION }}" \
+            --query "Parameter.Value" \
+            --output text)
+          echo "TEST_JWT_SECRET_KEY=$SECRET_VALUE" >> $GITHUB_ENV
+
       - name: Build with Gradle
         run: |
           cd ${{ github.workspace }}
           chmod +x gradlew
-          ./gradlew clean build
+          ./gradlew clean build -Dspring.profiles.active=dev
+        env:
+          TEST_JWT_SECRET_KEY: ${{ env.TEST_JWT_SECRET_KEY }}
 
       - name: Login to Amazon ECR
         id: login-ecr
@@ -169,7 +199,7 @@ jobs:
           image: ${{ env.image }}
 
       - name: Deploy Amazon ECS task definition
-        uses: aws-actions/amazon-ecs-deploy-task-definition@v1
+        uses: aws-actions/amazon-ecs-deploy-task-definition@v2
         with:
           task-definition: ${{ steps.task-def.outputs.task-definition }}
           service: ${{ env.ECS_SERVICE }}
@@ -208,4 +238,4 @@ jobs:
             **시도 버전**: ${{ env.SEMANTIC_VERSION }}
             **커밋**: [${{ steps.vars.outputs.sha_short }}](${{ github.server_url }}/${{ github.repository }}/commit/${{ github.sha }})
             **요청자**: ${{ github.actor }}
-          embed-url: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"
+          embed-url: "${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }}"

.github/workflows/deploy-prod.yml

@@ -96,20 +96,30 @@ jobs:
           fetch-depth: 0
           fetch-tags: true
 
-      - name: Parse Terraform Outputs and Set Environment Variables
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Parse Terraform Outputs
+        id: parse-tf
         run: |
           TF_OUTPUTS='${{ needs.terraform-apply-prod.outputs.tf_outputs_json }}'
           echo "ECR_REPOSITORY=$(echo "$TF_OUTPUTS" | jq -r '.ecr_repository_name.value')" >> $GITHUB_ENV
           echo "ECS_CLUSTER=$(echo "$TF_OUTPUTS" | jq -r '.ecs_cluster_name.value')" >> $GITHUB_ENV
           echo "ECS_SERVICE=$(echo "$TF_OUTPUTS" | jq -r '.ecs_api_service_name.value')" >> $GITHUB_ENV
           echo "CONTAINER_NAME=$(echo "$TF_OUTPUTS" | jq -r '.ecs_api_container_name.value')" >> $GITHUB_ENV
+          echo "RDS_ENDPOINT=$(echo "$TF_OUTPUTS" | jq -r '.rds_endpoint.value')" >> $GITHUB_ENV
 
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: ${{ env.AWS_REGION }}
+      - name: Update DB URL in Parameter Store
+        run: |
+          aws ssm put-parameter \
+            --name "/prod/mysql-url" \
+            --value "jdbc:mysql://${{ env.RDS_ENDPOINT }}:3306/eatda?useUnicode=true&characterEncoding=UTF-8" \
+            --type SecureString \
+            --overwrite
 
       - name: Set up Node.js
         uses: actions/setup-node@v4
@@ -153,11 +163,24 @@ jobs:
           architecture: 'x64'
           cache: 'gradle'
 
+      - name: Get TEST_JWT_SECRET_KEY from SSM
+        id: get-test-secret
+        run: |
+          SECRET_VALUE=$(aws ssm get-parameter \
+            --name "/common/TEST_JWT_SECRET_KEY" \
+            --with-decryption \
+            --region "${{ env.AWS_REGION }}" \
+            --query "Parameter.Value" \
+            --output text)
+          echo "TEST_JWT_SECRET_KEY=$SECRET_VALUE" >> $GITHUB_ENV
+
       - name: Build with Gradle
         run: |
           cd ${{ github.workspace }}
           chmod +x gradlew
-          ./gradlew clean build
+          ./gradlew clean build -Dspring.profiles.active=prod
+        env:
+          TEST_JWT_SECRET_KEY: ${{ env.TEST_JWT_SECRET_KEY }}
 
       - name: Login to Amazon ECR
         id: login-ecr

.github/workflows/sonarcloud.yml

@@ -7,6 +7,9 @@ on:
   pull_request:
     branches:
       - main
+env:
+  AWS_REGION: ap-northeast-2
+
 jobs:
   test:
     runs-on: ubuntu-latest
@@ -21,6 +24,24 @@ jobs:
           java-version: 21
           distribution: 'temurin'
 
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Get TEST_JWT_SECRET_KEY from SSM
+        id: get-test-secret
+        run: |
+          SECRET_VALUE=$(aws ssm get-parameter \
+            --name "/common/TEST_JWT_SECRET_KEY" \
+            --with-decryption \
+            --region "${{ env.AWS_REGION }}" \
+            --query "Parameter.Value" \
+            --output text)
+          echo "TEST_JWT_SECRET_KEY=$SECRET_VALUE" >> $GITHUB_ENV
+
       - name: Grant execute permission for gradlew
         run: chmod +x ./gradlew
 
@@ -35,4 +56,5 @@ jobs:
         env:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
           SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
-        run: ./gradlew test jacocoTestReport sonar --info
+          TEST_JWT_SECRET_KEY: ${{ env.TEST_JWT_SECRET_KEY }}
+        run: ./gradlew test jacocoTestReport sonar --info

.gitignore

@@ -4,6 +4,8 @@ build/
 !gradle/wrapper/gradle-wrapper.jar
 !**/src/main/**/build/
 !**/src/test/**/build/
+.env-local
+.env.local
 
 ### STS ###
 .apt_generated
@@ -42,4 +44,4 @@ out/
 ### terraform ###
 .terraform/
 *.tfstate
-*.tfstate.*
+*.tfstate.*

.releaserc

@@ -30,13 +30,6 @@
         "preset": "conventionalcommits"
       }
     ],
-    "@semantic-release/changelog",
-    "@semantic-release/github",
-    [
-      "@semantic-release/git", {
-        "assets": ["CHANGELOG.md"],
-        "message": "chore(release): ${nextRelease.version} [skip ci]\n\n${nextRelease.notes}"
-      }
-    ]
+    "@semantic-release/github"
   ]
 }