feat: Spring Actuator 보안 강화 및 Prometheus 메트릭 수집 기능 구현 (#107)

* [BOOK-277] chore: apis, infra - infra 관련 yml 생성 및 aop logging 설정 infra yml로 이동

* [BOOK-277] chore: infra - LoggingAopProperties 클래스 Config 패키지로 이동

* [BOOK-277] chore: actuator 의존성 gateway에만 할당 및 prometheus 의존성 추가

* [BOOK-277] chore: infra - LoggingAopProperties의 패키지 이동으로 인한 import문 변동사항 반영

* [BOOK-277] chore: yml 파일 구체화 및 테스트 환경 더미 환경변수 값 추가

* [BOOK-277] chore: CI/CD - test secret 파일 삭제

- 테스트 환경변수는 yml에서 더미 값으로 관리

* [BOOK-277] refactor: gateway - ConfigurationProperties 파일을 구현하여 기존 @value 기반 프로퍼티 주입 방식을 개선

* [BOOK-277] feat: gateway - actuator-path를 화이트리스트에 추가

* [BOOK-277] chore: gateway - favicon.ico를 화이트리스트에 추가

- 불필요한 warn 로깅 방지

* [BOOK-277] refactor: buildSrc, gateway - 코드레빗 리뷰 반영

* [BOOK-277] chore: CI/CD - prod 성공/실패 여부 discord 웹훅 연동

* [BOOK-277] chore: CI/CD - transition 값 문자열로 전달

Author: move-hoon

.github/workflows/ci-pr.yml

@@ -30,7 +30,6 @@ jobs:
           mkdir ./secret
           echo "${{ secrets.DEV_SECRET_PROPERTIES }}" > ./secret/application-dev-secret.properties
           echo "${{ secrets.PROD_SECRET_PROPERTIES }}" > ./secret/application-prod-secret.properties
-          echo "${{ secrets.TEST_SECRET_PROPERTIES }}" > ./secret/application-test-secret.properties
           echo "${{ secrets.APPLE_AUTH_KEY }}" > ./secret/AuthKey.p8
           chmod 600 ./secret/*
 

.github/workflows/close-jira-issue.yml

@@ -29,4 +29,4 @@ jobs:
         uses: atlassian/gajira-transition@v3
         with:
           issue: ${{ env.JIRA_KEY }}
-          transition: 31
+          transition: "31"

.github/workflows/dev-ci-cd.yml

@@ -28,7 +28,6 @@ jobs:
         run: |
           mkdir ./secret
           echo "${{ secrets.DEV_SECRET_PROPERTIES }}" > ./secret/application-dev-secret.properties
-          echo "${{ secrets.TEST_SECRET_PROPERTIES }}" > ./secret/application-test-secret.properties
           echo "${{ secrets.APPLE_AUTH_KEY }}" > ./secret/AuthKey.p8
           chmod 600 ./secret/*
 

.github/workflows/prod-ci-cd.yml

@@ -28,7 +28,6 @@ jobs:
         run: |
           mkdir ./secret
           echo "${{ secrets.PROD_SECRET_PROPERTIES }}" > ./secret/application-prod-secret.properties
-          echo "${{ secrets.TEST_SECRET_PROPERTIES }}" > ./secret/application-test-secret.properties
           echo "${{ secrets.APPLE_AUTH_KEY }}" > ./secret/AuthKey.p8
           chmod 600 ./secret/*
 
@@ -80,3 +79,29 @@ jobs:
             cd ~/deploy
             chmod +x ./deploy.sh
             ./deploy.sh
+
+      - name: Send Discord notification on success
+        if: success()
+        uses: tsickert/discord-webhook@b217a69502f52803de774ded2b1ab7c282e99645
+        with:
+          webhook-url: ${{ secrets.PROD_DEPLOY_DISCORD_WEBHOOK_URL }}
+          content: "🚀 **Production Deploy Succeeded!**"
+          embed-title: "✅ [${{ github.repository }}] Release **${{ github.event.release.tag_name }}**"
+          embed-description: |
+            **Released by**: `${{ github.actor }}`
+            The new version has been successfully deployed to production.
+            [View Release Notes](https://github.com/${{ github.repository }}/releases/tag/${{ github.event.release.tag_name }})
+          embed-color: 65280 # Green
+
+      - name: Send Discord notification on failure
+        if: failure()
+        uses: tsickert/discord-webhook@b217a69502f52803de774ded2b1ab7c282e99645
+        with:
+          webhook-url: ${{ secrets.PROD_DEPLOY_DISCORD_WEBHOOK_URL }}
+          content: "🚨 **Production Deploy Failed!**"
+          embed-title: "❌ [${{ github.repository }}] Release **${{ github.event.release.tag_name }}**"
+          embed-description: |
+            **Released by**: `${{ github.actor }}`
+            An error occurred during the production deployment workflow.
+            [View Failed Workflow](https://github.com/${{ github.repository }}/actions/runs/${{ github.run_id }})
+          embed-color: 16711680 # Red

admin/build.gradle.kts

@@ -8,7 +8,6 @@ dependencies {
 	implementation(Dependencies.Spring.BOOT_STARTER_WEB)
 	implementation(Dependencies.Spring.BOOT_STARTER_SECURITY)
 	implementation(Dependencies.Spring.BOOT_STARTER_VALIDATION)
-	implementation(Dependencies.Spring.BOOT_STARTER_ACTUATOR)
 	testImplementation(Dependencies.Spring.BOOT_STARTER_TEST)
 
 	implementation(Dependencies.Database.MYSQL_CONNECTOR)

apis/build.gradle.kts

@@ -10,7 +10,6 @@ dependencies {
     implementation(Dependencies.Spring.BOOT_STARTER_DATA_JPA)
     implementation(Dependencies.Spring.BOOT_STARTER_SECURITY)
     implementation(Dependencies.Spring.BOOT_STARTER_VALIDATION)
-    implementation(Dependencies.Spring.BOOT_STARTER_ACTUATOR)
     implementation(Dependencies.Spring.BOOT_STARTER_OAUTH2_CLIENT)
 
     implementation(Dependencies.Database.MYSQL_CONNECTOR)

apis/src/main/resources/application.yml

@@ -9,17 +9,25 @@ spring:
     group:
       dev:
         - persistence
+        - crosscutting
         - jwt
+        - web
         - redis
         - external
       prod:
         - persistence
+        - crosscutting
         - jwt
+        - web
         - redis
         - external
       test:
         - persistence
+        - crosscutting
         - jwt
+        - web
+        - redis
+        - external
   servlet:
     multipart:
       max-file-size: 10MB
@@ -66,7 +74,6 @@ springdoc:
 ---
 spring:
   config:
-    import: optional:file:../secret/application-test-secret.properties
     activate:
       on-profile: test
 
@@ -75,18 +82,3 @@ springdoc:
     enabled: false
   api-docs:
     enabled: false
-
-aladin:
-  api:
-    ttb-key: dummy-aladin-key
-
-oauth:
-  kakao:
-    admin-key: DUMMYADMINKEY
-  apple:
-    client-id: dummy.client.id
-    key-id: DUMMYKEYID
-    team-id: DUMMYTEAMID
-    key-path: "path-ignored-by-mock"
-    audience: https://appleid.apple.com
-

batch/build.gradle.kts

@@ -8,7 +8,6 @@ dependencies {
     implementation(Dependencies.Spring.BOOT_STARTER_WEB)
     implementation(Dependencies.Spring.BOOT_STARTER_SECURITY)
     implementation(Dependencies.Spring.BOOT_STARTER_VALIDATION)
-    implementation(Dependencies.Spring.BOOT_STARTER_ACTUATOR)
     testImplementation(Dependencies.Spring.BOOT_STARTER_TEST)
 
     implementation(Dependencies.Database.MYSQL_CONNECTOR)

buildSrc/src/main/kotlin/Dependencies.kt

@@ -66,4 +66,8 @@ object Dependencies {
         const val BC_PROV = "org.bouncycastle:bcprov-jdk18on:1.78.1"
         const val BC_PKIX = "org.bouncycastle:bcpkix-jdk18on:1.78.1"
     }
+
+    object Prometheus {
+        const val MICROMETER_PROMETHEUS_REGISTRY = "io.micrometer:micrometer-registry-prometheus"
+    }
 }

gateway/build.gradle.kts

@@ -5,6 +5,10 @@ dependencies {
     implementation(Dependencies.Spring.BOOT_STARTER_WEB)
     implementation(Dependencies.Spring.BOOT_STARTER_SECURITY)
     implementation(Dependencies.Spring.BOOT_STARTER_OAUTH2_RESOURCE_SERVER)
+    implementation(Dependencies.Spring.BOOT_STARTER_ACTUATOR)
+
+    implementation(Dependencies.Prometheus.MICROMETER_PROMETHEUS_REGISTRY)
+
     testImplementation(Dependencies.Spring.BOOT_STARTER_TEST)
 }