refactor : secrets값 컨테이너 실행시 환경변수로 주입되도록 수정 #65
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # 워크플로우 이름 | |
| name: Spring CI/CD Pipeline (Develop) | |
| on: | |
| pull_request: | |
| branches: | |
| - develop | |
| paths: | |
| - 'src/**' | |
| - 'build.gradle*' | |
| - 'settings.gradle*' | |
| - 'gradle/**' | |
| - 'Dockerfile' | |
| - '.github/workflows/**' | |
| jobs: | |
| ci: | |
| runs-on: ubuntu-latest | |
| env: | |
| SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }} | |
| services: | |
| rabbitmq: | |
| image: rabbitmq:3-management | |
| ports: | |
| - 5672:5672 | |
| options: >- | |
| --health-cmd "rabbitmq-diagnostics check_running" | |
| --health-interval 10s | |
| --health-timeout 5s | |
| --health-retries 5 | |
| steps: | |
| - name: Checkout source code | |
| uses: actions/checkout@v4 | |
| - name: Set up JDK 21 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '21' | |
| distribution: 'temurin' | |
| - name: Cache Gradle packages | |
| uses: actions/cache@v4 | |
| with: | |
| path: | | |
| ~/.gradle/caches | |
| ~/.gradle/wrapper | |
| key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }} | |
| restore-keys: | | |
| ${{ runner.os }}-gradle- | |
| - name: Grant execute permission for gradlew | |
| run: chmod +x ./gradlew | |
| # ---------------------------------- | |
| # 1. 테스트용 임시 디렉토리 생성 + secrets yml 생성 | |
| # ---------------------------------- | |
| - name: Create temp directory for secrets | |
| run: | | |
| TMP_DIR=$(mktemp -d) | |
| # application-secrets.yml | |
| echo "${{ secrets.APPLICATION_SECRET_YML }}" > $TMP_DIR/application-secrets.yml | |
| echo "OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}" >> $TMP_DIR/application-secrets.yml | |
| echo "spring.cloud.aws.region.static: ${{ secrets.AWS_REGION }}" >> $TMP_DIR/application-secrets.yml | |
| echo "spring.cloud.aws.credentials.access-key: ${{ secrets.AWS_ACCESS_KEY_ID }}" >> $TMP_DIR/application-secrets.yml | |
| echo "spring.cloud.aws.credentials.secret-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}" >> $TMP_DIR/application-secrets.yml | |
| echo "spring.cloud.aws.s3.bucket: ${{ secrets.AWS_S3_BUCKET_NAME }}" >> $TMP_DIR/application-secrets.yml | |
| echo "spring.cloud.aws.stack.auto: false" >> $TMP_DIR/application-secrets.yml | |
| echo "liveblocks.secret-key: ${{ secrets.LIVEBLOCKS_SECRET_KEY }}" >> $TMP_DIR/application-secrets.yml | |
| # application-secrets-server.yml | |
| echo "${{ secrets.APPLICATION_SECRET_SERVER_YML }}" > $TMP_DIR/application-secrets-server.yml | |
| echo "OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}" >> $TMP_DIR/application-secrets-server.yml | |
| echo "TMP_DIR=$TMP_DIR" >> $GITHUB_ENV | |
| # ---------------------------------- | |
| # 2. Gradle 테스트 실행 | |
| # ---------------------------------- | |
| - name: Test with Gradle | |
| env: | |
| SPRING_RABBITMQ_HOST: localhost | |
| SPRING_RABBITMQ_PORT: 5672 | |
| SPRING_RABBITMQ_USERNAME: guest | |
| SPRING_RABBITMQ_PASSWORD: guest | |
| run: ./gradlew test -Dspring.config.additional-location=${TMP_DIR}/ | |
| # ---------------------------------- | |
| # 3. 테스트 결과 요약 | |
| # ---------------------------------- | |
| - name: Show test results | |
| run: | | |
| echo "==== Test Results ====" | |
| if compgen -G "build/test-results/test/TEST-*.xml" > /dev/null; then | |
| total=$(grep '<testcase ' build/test-results/test/TEST-*.xml | wc -l) | |
| failed=$(grep -h '<failure' build/test-results/test/TEST-*.xml | wc -l) | |
| error=$(grep -h '<error' build/test-results/test/TEST-*.xml | wc -l) | |
| passed=$((total - failed - error)) | |
| echo "Total tests: $total" | |
| echo "Passed tests: $passed" | |
| echo "Failed tests: $failed" | |
| echo "Errored tests: $error" | |
| else | |
| echo "No test results found." | |
| fi | |
| # ---------------------------------- | |
| # 4. 테스트용 secrets 임시 디렉토리 삭제 | |
| # ---------------------------------- | |
| - name: Remove temp secrets directory | |
| run: rm -rf ${TMP_DIR} | |
| # ---------------------------------- | |
| # 5. Gradle 빌드 (테스트 제외) | |
| # ---------------------------------- | |
| - name: Build with Gradle | |
| run: ./gradlew build -x test | |
| - name: Log in to GHCR | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build & Push Docker Image | |
| run: | | |
| IMAGE_NAME=ghcr.io/${{ github.repository }}/zoopzoop | |
| docker build -t $IMAGE_NAME:${GITHUB_SHA} . | |
| docker tag $IMAGE_NAME:${GITHUB_SHA} $IMAGE_NAME:latest | |
| docker push $IMAGE_NAME:${GITHUB_SHA} | |
| docker push $IMAGE_NAME:latest |