Feat[member]: 비밀번호 재설정 기능 추가 #152
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI-CD_Pipeline | |
| permissions: | |
| contents: read | |
| packages: write | |
| id-token: write | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main, develop ] | |
| workflow_dispatch: | |
| jobs: | |
| tests: | |
| runs-on: ubuntu-latest | |
| env: | |
| # 테스트 환경 설정 | |
| SPRING_PROFILES_ACTIVE: test-ci | |
| # JWT 설정 (보안상 중요하므로 환경변수 처리) | |
| CUSTOM_JWT_SECRET_KEY: test-secret-key-for-ci-testing-only-minimum-32-characters-required | |
| CUSTOM_JWT_ACCESS_TOKEN_EXPIRATION_SECONDS: 3600 | |
| services: | |
| redis: | |
| image: redis:7-alpine | |
| ports: | |
| - 6379:6379 | |
| options: >- | |
| --health-cmd "redis-cli ping" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '21' | |
| distribution: 'temurin' | |
| cache: gradle | |
| - name: Grant execute permission for gradlew | |
| run: chmod +x backend/gradlew | |
| - name: Test Redis connection | |
| run: | | |
| echo "Testing Redis connection..." | |
| timeout 10s bash -c 'until printf "" 2>>/dev/null >>/dev/tcp/localhost/6379; do sleep 1; done' | |
| echo "Redis is ready!" | |
| - name: Run tests | |
| run: ./gradlew clean test | |
| working-directory: backend | |
| - name: Upload Test Reports | |
| if: always() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: test-reports | |
| path: backend/build/reports/tests | |
| retention-days: 7 | |
| build-artifacts: | |
| needs: tests | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' | |
| env: | |
| # 빌드용 최소 환경변수 (컴파일 시 @Value 바인딩용) | |
| SPRING_PROFILES_ACTIVE: prod | |
| CUSTOM_JWT_SECRET_KEY: build-secret-key-for-compilation-only-minimum-32-characters-required | |
| CUSTOM_JWT_ACCESS_TOKEN_EXPIRATION_SECONDS: 3600 | |
| # 빌드 시 필요한 더미 값들 | |
| email_address: [email protected] | |
| send_email_password: build-password | |
| send_email_address: [email protected] | |
| PROD_DATASOURCE_URL: jdbc:mysql://localhost:3306/dummy | |
| PROD_DATASOURCE_DRIVER: com.mysql.cj.jdbc.Driver | |
| PROD_DATASOURCE_USERNAME: dummy | |
| PROD_DATASOURCE_PASSWORD: dummy | |
| PROD_JPA_HIBERNATE_DDL_AUTO: validate | |
| PROD_REDIS_HOST: localhost | |
| PROD_REDIS_PORT: 6379 | |
| PROD_REDIS_PASSWORD: dummy | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: 21 | |
| cache: gradle | |
| - name: Grant execute permission for gradlew | |
| run: chmod +x backend/gradlew | |
| - name: Gradle bootJar | |
| working-directory: backend | |
| run: ./gradlew --no-daemon clean bootJar -x test | |
| - name: Copy JAR to dist | |
| working-directory: backend | |
| run: | | |
| mkdir -p dist | |
| cp $(ls build/libs/*.jar | grep -v plain | head -n 1) dist/app.jar | |
| - name: Upload backend jar | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: backend-jar | |
| path: backend/dist/app.jar | |
| docker-build: | |
| needs: build-artifacts | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' | |
| env: | |
| REGISTRY: ghcr.io | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set lowercase repo name | |
| run: | | |
| echo "IMAGE_PREFIX=$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV | |
| - name: Download backend jar | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: backend-jar | |
| path: backend/dist | |
| - uses: docker/setup-buildx-action@v3 | |
| - uses: docker/login-action@v3 | |
| with: | |
| registry: ${{ env.REGISTRY }} | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build & push backend | |
| uses: docker/build-push-action@v6 | |
| with: | |
| context: backend | |
| file: backend/Dockerfile | |
| push: true | |
| tags: | | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/balaw:${{ github.sha }} | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/balaw:latest | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max | |
| deploy: | |
| needs: docker-build | |
| runs-on: ubuntu-latest | |
| if: github.ref == 'refs/heads/main' | |
| env: | |
| DOCKER_IMAGE_NAME: balaw | |
| REGISTRY: ghcr.io | |
| steps: | |
| - name: Set lowercase repo name | |
| run: | | |
| echo "IMAGE_PREFIX=$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV | |
| - name: AWS SSM Send-Command | |
| uses: peterkimzz/aws-ssm-send-command@master | |
| id: ssm | |
| with: | |
| aws-region: ${{ secrets.AWS_REGION }} | |
| aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }} | |
| aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }} | |
| instance-ids: "i-084a4704f4e017cc4" | |
| working-directory: / | |
| comment: Deploy | |
| command: | | |
| # EC2에서 실제 운영 환경변수로 prod.env 파일 생성 | |
| cat > /home/ec2-user/prod.env << 'EOF' | |
| SPRING_PROFILES_ACTIVE=prod | |
| # JWT 설정 (GitHub Secrets에서 가져옴) | |
| CUSTOM_JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }} | |
| CUSTOM_JWT_ACCESS_TOKEN_EXPIRATION_SECONDS=3600 | |
| # 데이터베이스 설정 (GitHub Secrets에서 가져옴) | |
| PROD_DATASOURCE_URL=jdbc:mysql://mysql_1:3306/${{ secrets.DB_NAME }}?useSSL=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Seoul | |
| PROD_DATASOURCE_DRIVER=com.mysql.cj.jdbc.Driver | |
| PROD_DATASOURCE_USERNAME=root | |
| PROD_DATASOURCE_PASSWORD=${{ secrets.DB_PASSWORD }} | |
| PROD_JPA_HIBERNATE_DDL_AUTO=validate | |
| # Redis 설정 (GitHub Secrets에서 가져옴) | |
| PROD_REDIS_HOST=redis_1 | |
| PROD_REDIS_PORT=6379 | |
| PROD_REDIS_PASSWORD=${{ secrets.REDIS_PASSWORD }} | |
| # 이메일 설정 (GitHub Secrets에서 가져옴) | |
| email_address=${{ secrets.EMAIL_ADDRESS }} | |
| send_email_password=${{ secrets.EMAIL_PASSWORD }} | |
| send_email_address=${{ secrets.SEND_EMAIL_ADDRESS }} | |
| EOF | |
| # GHCR 로그인 및 컨테이너 배포 | |
| echo "${{ secrets.GHCR_PAT }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin | |
| docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/${{ env.DOCKER_IMAGE_NAME }}:latest | |
| docker stop app1 2>/dev/null || true | |
| docker rm app1 2>/dev/null || true | |
| docker run --env-file /home/ec2-user/prod.env \ | |
| -d --name app1 \ | |
| --network common \ | |
| -p 8080:8080 \ | |
| ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/${{ env.DOCKER_IMAGE_NAME }}:latest | |
| # 정리 | |
| docker rmi $(docker images -f "dangling=true" -q) || true | |
| rm -f /home/ec2-user/prod.env |