ci[test]: ci 테스트의 환경변수 세팅을 테스트 성공 기점으로 롤백 이후 이메일 환경변수만 추가

Author: asowjdan

.github/workflows/CI-CD_Pipeline.yml

@@ -14,14 +14,21 @@ on:
 
 jobs:
   tests:
-    runs-on: ubuntu-latest
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest ]
+        include:
+          - os: ubuntu-latest
+            gradle_cmd: "./gradlew"
+            report_path: "backend/build/reports/tests"
+            domain_tasks: "testUser testExchange testTrade_log testWallet testCoin"
+
+    runs-on: ${{ matrix.os }}
     env:
-      # 테스트 환경 설정
       SPRING_PROFILES_ACTIVE: test-ci
-      # JWT 설정 (보안상 중요하므로 환경변수 처리)
-      CUSTOM_JWT_SECRET_KEY: test-secret-key-for-ci-testing-only-minimum-32-characters-required
-      CUSTOM_JWT_ACCESS_TOKEN_EXPIRATION_SECONDS: 3600
 
+    # ✅ Redis 서비스 추가
     services:
       redis:
         image: redis:7-alpine
@@ -32,59 +39,72 @@ jobs:
           --health-interval 10s
           --health-timeout 5s
           --health-retries 5
+        env:
+          REDIS_PASSWORD: ""
 
     steps:
       - uses: actions/checkout@v4
-
       - name: Set up JDK 21
         uses: actions/setup-java@v4
         with:
           java-version: '21'
           distribution: 'temurin'
           cache: gradle
 
+      # ✅ gradlew 실행 권한 부여
       - name: Grant execute permission for gradlew
         run: chmod +x backend/gradlew
 
+      # ✅ Redis 연결 테스트
       - name: Test Redis connection
         run: |
           echo "Testing Redis connection..."
           timeout 10s bash -c 'until printf "" 2>>/dev/null >>/dev/tcp/localhost/6379; do sleep 1; done'
           echo "Redis is ready!"
 
-      - name: Run tests
-        run: ./gradlew clean test
+      # ✅ application-test.yml에서 사용하는 모든 환경변수를 .env 파일에 생성
+      - name: Create test .env file
+        working-directory: backend
+        run: |
+          cat > .env << 'EOF'
+          # Datasource 설정 (application-test.yml에서 참조)
+          TEST_DATASOURCE_URL=jdbc:h2:mem:db_test;MODE=MySQL
+          TEST_DATASOURCE_USERNAME=sa
+          TEST_DATASOURCE_PASSWORD=
+          TEST_DATASOURCE_DRIVER=org.h2.Driver
+
+          # JPA 설정 (application-test.yml에서 참조)
+          TEST_JPA_HIBERNATE_DDL_AUTO=create-drop
+
+          # Redis 설정 (application-test.yml에서 참조, GitHub Actions 서비스 사용)
+          TEST_REDIS_HOST=localhost
+          TEST_REDIS_PORT=6379
+          TEST_REDIS_PASSWORD=
+          
+          # CI/CD 환경에서는 Embedded Redis 끄기
+          SPRING_DATA_REDIS_EMBEDDED=false
+
+          # JWT 설정 (application-test.yml에서 참조)
+          CUSTOM_JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}
+          CUSTOM_JWT_ACCESS_TOKEN_EXPIRATION_SECONDS=3600
+          EOF
+
+      - name: Run unit, and domain tests
+        run: ${{ matrix.gradle_cmd }} clean test
         working-directory: backend
 
       - name: Upload Test Reports
         if: always()
         uses: actions/upload-artifact@v4
         with:
-          name: test-reports
-          path: backend/build/reports/tests
+          name: test-reports-${{ matrix.os }}
+          path: ${{ matrix.report_path }}
           retention-days: 7
 
   build-artifacts:
     needs: tests
     runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/main'
-    env:
-      # 빌드용 최소 환경변수 (컴파일 시 @Value 바인딩용)
-      SPRING_PROFILES_ACTIVE: prod
-      CUSTOM_JWT_SECRET_KEY: build-secret-key-for-compilation-only-minimum-32-characters-required
-      CUSTOM_JWT_ACCESS_TOKEN_EXPIRATION_SECONDS: 3600
-      # 빌드 시 필요한 더미 값들
-      email_address: [email protected]
-      send_email_password: build-password
-      send_email_address: [email protected]
-      PROD_DATASOURCE_URL: jdbc:mysql://localhost:3306/dummy
-      PROD_DATASOURCE_DRIVER: com.mysql.cj.jdbc.Driver
-      PROD_DATASOURCE_USERNAME: dummy
-      PROD_DATASOURCE_PASSWORD: dummy
-      PROD_JPA_HIBERNATE_DDL_AUTO: validate
-      PROD_REDIS_HOST: localhost
-      PROD_REDIS_PORT: 6379
-      PROD_REDIS_PASSWORD: dummy
+    if: github.ref == 'refs/heads/main'   # ✅ main 브랜치일 때만 실행
 
     steps:
       - uses: actions/checkout@v4
@@ -95,9 +115,20 @@ jobs:
           java-version: 21
           cache: gradle
 
+      # ✅ gradlew 실행 권한 부여
       - name: Grant execute permission for gradlew
         run: chmod +x backend/gradlew
 
+      # ✅ 빌드용 .env 파일 생성 (Configuration Properties 바인딩용 최소 환경변수만)
+      - name: Create build .env file
+        working-directory: backend
+        run: |
+          cat > .env << 'EOF'
+          # JWT Configuration Properties 바인딩용 (빌드 시 필요)
+          CUSTOM_JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}
+          CUSTOM_JWT_ACCESS_TOKEN_EXPIRATION_SECONDS=3600
+          EOF
+
       - name: Gradle bootJar
         working-directory: backend
         run: ./gradlew --no-daemon clean bootJar -x test
@@ -117,7 +148,7 @@ jobs:
   docker-build:
     needs: build-artifacts
     runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/main'
+    if: github.ref == 'refs/heads/main'   # ✅ main 브랜치일 때만 실행
     env:
       REGISTRY: ghcr.io
 
@@ -142,7 +173,7 @@ jobs:
           username: ${{ github.actor }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Build & push backend
+      - name: Build & push backend (runtime-only)
         uses: docker/build-push-action@v6
         with:
           context: backend
@@ -153,11 +184,10 @@ jobs:
             ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/balaw:latest
           cache-from: type=gha
           cache-to: type=gha,mode=max
-
   deploy:
     needs: docker-build
     runs-on: ubuntu-latest
-    if: github.ref == 'refs/heads/main'
+    if: github.ref == 'refs/heads/main'   # ✅ main 브랜치일 때만 실행
     env:
       DOCKER_IMAGE_NAME: balaw
       REGISTRY: ghcr.io
@@ -167,6 +197,19 @@ jobs:
         run: |
           echo "IMAGE_PREFIX=$(echo $GITHUB_REPOSITORY | tr '[:upper:]' '[:lower:]')" >> $GITHUB_ENV
 
+      - name: Create prod .env file
+        run: |
+          cat > .env << 'EOF'
+          SPRING_PROFILES_ACTIVE=prod
+          PROD_DATASOURCE_URL=jdbc:mysql://mysql_1:3306/${{ secrets.DB_NAME }}
+          PROD_DATASOURCE_USERNAME=${{ secrets.DB_USER }}
+          PROD_DATASOURCE_PASSWORD=${{ secrets.DB_PASSWORD }}
+          
+          PROD_REDIS_HOST=redis_1
+          PROD_REDIS_PORT=6379
+          PROD_REDIS_PASSWORD=${{ secrets.REDIS_PASSWORD }}
+          EOF
+
       - name: AWS SSM Send-Command
         uses: peterkimzz/aws-ssm-send-command@master
         id: ssm
@@ -178,34 +221,27 @@ jobs:
           working-directory: /
           comment: Deploy
           command: |
-            # EC2에서 실제 운영 환경변수로 prod.env 파일 생성
+            # EC2 내부에서 prod.env 파일 생성
             cat > /home/ec2-user/prod.env << 'EOF'
             SPRING_PROFILES_ACTIVE=prod
-            
-            # JWT 설정 (GitHub Secrets에서 가져옴)
+
             CUSTOM_JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}
             CUSTOM_JWT_ACCESS_TOKEN_EXPIRATION_SECONDS=3600
             
-            # 데이터베이스 설정 (GitHub Secrets에서 가져옴)
             PROD_DATASOURCE_URL=jdbc:mysql://mysql_1:3306/${{ secrets.DB_NAME }}?useSSL=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Seoul
             PROD_DATASOURCE_DRIVER=com.mysql.cj.jdbc.Driver
             PROD_DATASOURCE_USERNAME=root
             PROD_DATASOURCE_PASSWORD=${{ secrets.DB_PASSWORD }}
-            PROD_JPA_HIBERNATE_DDL_AUTO=validate
             
-            # Redis 설정 (GitHub Secrets에서 가져옴)
             PROD_REDIS_HOST=redis_1
             PROD_REDIS_PORT=6379
             PROD_REDIS_PASSWORD=${{ secrets.REDIS_PASSWORD }}
-            
-            # 이메일 설정 (GitHub Secrets에서 가져옴)
-            email_address=${{ secrets.EMAIL_ADDRESS }}
-            send_email_password=${{ secrets.EMAIL_PASSWORD }}
-            send_email_address=${{ secrets.SEND_EMAIL_ADDRESS }}
             EOF
             
-            # GHCR 로그인 및 컨테이너 배포
+            # EC2에서 GHCR 로그인
             echo "${{ secrets.GHCR_PAT }}" | docker login ghcr.io -u ${{ github.actor }} --password-stdin
+            
+            # 최신 이미지 pull & 컨테이너 실행
             docker pull ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/${{ env.DOCKER_IMAGE_NAME }}:latest
             docker stop app1 2>/dev/null || true
             docker rm app1 2>/dev/null || true
@@ -215,6 +251,6 @@ jobs:
               -p 8080:8080 \
               ${{ env.REGISTRY }}/${{ env.IMAGE_PREFIX }}/${{ env.DOCKER_IMAGE_NAME }}:latest
             
-            # 정리
+            # dangling image 정리 + .env 삭제
             docker rmi $(docker images -f "dangling=true" -q) || true
             rm -f /home/ec2-user/prod.env

backend/src/main/resources/application.yml

@@ -96,6 +96,3 @@ custom:
     secretKey: ${CUSTOM_JWT_SECRET_KEY}
     accessToken:
       expirationSeconds: ${CUSTOM_JWT_ACCESS_TOKEN_EXPIRATION_SECONDS}
-
-
-

backend/src/test/resources/application-test-ci.yml

@@ -1,15 +1,14 @@
 spring:
   application:
-    name: test-ci
+    name: test
   output:
     ansi:
       enabled: always
 
-  # CI 환경에서는 H2 메모리 DB 하드코딩 (환경변수 불필요)
   datasource:
     url: jdbc:h2:mem:db_test;MODE=MySQL
     username: sa
-    password: ""
+    password:
     driver-class-name: org.h2.Driver
 
   jpa:
@@ -22,14 +21,29 @@ spring:
         format_sql: true
         highlight_sql: true
 
-  # Redis는 GitHub Actions 서비스 컨테이너 사용 (하드코딩)
+  mail:
+    host: smtp.gmail.com
+    port: 587
+    username: ${email_address}
+    password: ${send_email_password}
+    from: ${send_email_address}
+    properties:
+      mail:
+        smtp:
+          auth: true
+          starttls:
+            enable: true
+            required: true
+          connectiontimeout: 5000
+          timeout: 5000
+          writetimeout: 5000
+      auth-code-expiration-millis: 1800000
+
+  # 로컬 환경: Embedded Redis 사용
   data:
     redis:
-      host: localhost
-      port: 6379
-      password: ""
+      port: 6370  # 기본 포트와 충돌 방지
 
-  # 테스트용 OAuth 설정 (하드코딩)
   security:
     oauth2:
       client:
@@ -66,9 +80,8 @@ logging:
     org.hibernate: INFO
     com.ai.lawyer: DEBUG
 
-# JWT만 환경변수로 처리 (보안상 중요)
 custom:
   jwt:
-    secretKey: ${CUSTOM_JWT_SECRET_KEY}
+    secretKey: test-secret-key-for-local-testing-only
     accessToken:
-      expirationSeconds: ${CUSTOM_JWT_ACCESS_TOKEN_EXPIRATION_SECONDS:3600}
+      expirationSeconds: 3600

backend/src/test/resources/application-test.yml

@@ -21,6 +21,24 @@ spring:
         format_sql: true
         highlight_sql: true
 
+  mail:
+    host: smtp.gmail.com
+    port: 587
+    username: ${email_address}
+    password: ${send_email_password}
+    from: ${send_email_address}
+    properties:
+      mail:
+        smtp:
+          auth: true
+          starttls:
+            enable: true
+            required: true
+          connectiontimeout: 5000
+          timeout: 5000
+          writetimeout: 5000
+      auth-code-expiration-millis: 1800000
+
   # 로컬 환경: Embedded Redis 사용
   data:
     redis: