refactor : secrets값 컨테이너 실행시 환경변수로 주입되도록 수정 (#120)

* refactor: 빌드 전 secrets.yml 파일 삭제

* refactor : 테스트 서버 환경변수 주입 설정

* refactor : 운영서버 환경변수 주입 설정

* refactor : 운영환경별 YML 분리 및 배포 환경 설정 구조 개선

* refactor : 로컬(dev,test).yml 복구

* refactor : 빌드전 테스트 secrets.yml V2로 변경

* refactor: gradle 테스트시 환경변수로 설정값 주입

* refactor: yml파일 들여쓰기 수정

* refactor: yml 플레이스홀더 네이밍 규칙 일관성 유지하도록 수정

Author: taekkong

.github/workflows/prod-server.yml

@@ -82,12 +82,42 @@ jobs:
               -p $NEW_PORT:8080 \
               --name $NEW_CONTAINER \
               --network common \
+              -e SPRING_PROFILES_ACTIVE=server \
               -e SPRING_DATASOURCE_URL="${{secrets.PROD_DB_URL}}" \
               -e SPRING_DATASOURCE_USERNAME="${{secrets.PROD_DB_USERNAME}}" \
               -e SPRING_DATASOURCE_PASSWORD="${{secrets.PROD_DB_PASSWORD}}" \
+              # AWS
+              -e AWS_ACCESS_KEY_ID="${{secrets.AWS_ACCESS_KEY_ID}}" \
+              -e AWS_SECRET_ACCESS_KEY="${{secrets.AWS_SECRET_ACCESS_KEY}}" \
+              -e AWS_S3_BUCKET_NAME="${{secrets.AWS_S3_BUCKET_NAME}}" \
+              # RabbitMQ
               -e SPRING_RABBITMQ_HOST="${{secrets.PROD_RABBITMQ_HOST}}" \
               -e SPRING_RABBITMQ_USERNAME="${{secrets.PROD_RABBITMQ_USERNAME}}" \
               -e SPRING_RABBITMQ_PASSWORD="${{secrets.PROD_RABBITMQ_PASSWORD}}" \
+              # Redis
+              -e REDIS_HOST="${{secrets.PROD_REDIS_HOST}}" \
+              -e REDIS_PASSWORD="${{secrets.PROD_REDIS_PASSWORD}}" \
+              # OAuth2
+              -e KAKAO_CLIENT_ID="${{secrets.OAUTH_KAKAO_CLIENT_ID}}" \
+              -e GOOGLE_CLIENT_ID="${{secrets.OAUTH_GOOGLE_CLIENT_ID}}" \
+              -e GOOGLE_CLIENT_SECRET="${{secrets.OAUTH_GOOGLE_CLIENT_SECRET}}" \
+              -e KAKAO_REDIRECT_URI="${{PROD_OAUTH_KAKAO_REDIRECT_URI}}" \
+              -e GOOGLE_REDIRECT_URI="${{PROD_OAUTH_GOOGLE_REDIRECT_URI}}" \
+              # Sentry
+              -e SENTRY_DSN="${{secrets.SENTRY_DSN}}" \
+              # OpenAI
+              -e OPENAI_API_KEY="${{secrets.OPENAI_API_KEY}}" \
+              # Liveblocks
+              -e LIVEBLOCKS_SECRET_KEY="${{secrets.LIVEBLOCKS_SECRET_KEY}}" \
+              # naver
+              -e NAVER_CLIENT_ID="${{secrets.NAVER_CLIENT_ID}}" \
+              -e NAVER_CLIENT_SECRET="${{secrets.NAVER_CLIENT_SECRET}}" \
+              # JWT
+              -e JWT_SECRET_KEY="${{secrets.JWT_SECRET_KEY}}" \
+              -e JWT_ACCESS_TOKEN_VALIDITY="${{secrets.JWT_ACCESS_TOKEN_VALIDITY}}" \
+              -e JWT_REFRESH_TOKEN_VALIDITY="${{secrets.JWT_REFRESH_TOKEN_VALIDITY}}" \
+              # Front
+              -e FRONT_REDIRECT_DOMAIN="${{secrets.FRONT_REDIRECT_DOMAIN}}" \
               ghcr.io/${{ github.repository }}/zoopzoop:latest
             
             

.github/workflows/test-server-cd.yml

@@ -59,12 +59,43 @@ jobs:
               -p $NEW_PORT:8080 \
               --name $NEW_CONTAINER \
               --network common \
+              -e SPRING_PROFILES_ACTIVE=server \
+              # DB
               -e SPRING_DATASOURCE_URL="${{secrets.TEST_DB_URL}}" \
               -e SPRING_DATASOURCE_USERNAME="${{secrets.TEST_DB_USERNAME}}" \
               -e SPRING_DATASOURCE_PASSWORD="${{secrets.TEST_DB_PASSWORD}}" \
+              # AWS
+              -e AWS_ACCESS_KEY_ID="${{secrets.AWS_ACCESS_KEY_ID}}" \
+              -e AWS_SECRET_ACCESS_KEY="${{secrets.AWS_SECRET_ACCESS_KEY}}" \
+              -e AWS_S3_BUCKECT_NAME="${{secrets.AWS_S3_BUCKET_NAME}}" \
+              # RabbitMQ
               -e SPRING_RABBITMQ_HOST="${{secrets.TEST_RABBITMQ_HOST}}" \
               -e SPRING_RABBITMQ_USERNAME="${{secrets.TEST_RABBITMQ_USERNAME}}" \
               -e SPRING_RABBITMQ_PASSWORD="${{secrets.TEST_RABBITMQ_PASSWORD}}" \
+              # Redis
+              -e REDIS_HOST="${{secrets.TEST_REDIS_HOST}}" \
+              -e REDIS_PASSWORD="${{secrets.TEST_REDIS_PASSWORD}}" \
+              # OAuth2
+              -e KAKAO_CLIENT_ID="${{secrets.OAUTH_KAKAO_CLIENT_ID}}" \
+              -e GOOGLE_CLIENT_ID="${{secrets.OAUTH_GOOGLE_CLIENT_ID}}" \
+              -e GOOGLE_CLIENT_SECRET="${{secrets.OAUTH_GOOGLE_CLIENT_SECRET}}" \
+              -e KAKAO_REDIRECT_URI="${{TEST_OAUTH_KAKAO_REDIRECT_URI}}" \
+              -e GOOGLE_REDIRECT_URI="${{TEST_OAUTH_GOOGLE_REDIRECT_URI}}" \
+              # Sentry
+              -e SENTRY_DSN="${{secrets.SENTRY_DSN}}" \
+              # OpenAI
+              -e OPENAI_API_KEY="${{secrets.OPENAI_API_KEY}}" \
+              # Liveblocks
+              -e LIVEBLOCKS_SECRET_KEY="${{secrets.LIVEBLOCKS_SECRET_KEY}}" \
+              # naver
+              -e NAVER_CLIENT_ID="${{secrets.NAVER_CLIENT_ID}}" \
+              -e NAVER_CLIENT_SECRET="${{secrets.NAVER_CLIENT_SECRET}}" \
+              # JWT
+              -e JWT_SECRET_KEY="${{secrets.JWT_SECRET_KEY}}" \
+              -e JWT_ACCESS_TOKEN_VALIDITY="${{secrets.JWT_ACCESS_TOKEN_VALIDITY}}" \
+              -e JWT_REFRESH_TOKEN_VALIDITY="${{secrets.JWT_REFRESH_TOKEN_VALIDITY}}" \
+              # Front
+              -e FRONT_REDIRECT_DOMAIN="${{secrets.FRONT_REDIRECT_DOMAIN}}" \
               ghcr.io/${{ github.repository }}/zoopzoop:latest
 
             # 헬스체크

.github/workflows/test-server-ci.yml

@@ -64,40 +64,32 @@ jobs:
       - name: Grant execute permission for gradlew
         run: chmod +x ./gradlew
 
-      # 5. application-secrets.yml 생성
-      - name: Generate application-secrets.yml
-        run: |
-          mkdir -p src/main/resources
-          echo "${{ secrets.APPLICATION_SECRET_YML }}" > src/main/resources/application-secrets.yml
-          echo "OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}" >> src/main/resources/application-secrets.yml
-
-          echo "spring.cloud.aws.region.static: ${{ secrets.AWS_REGION }}" >> src/main/resources/application-secrets.yml
-          echo "spring.cloud.aws.credentials.access-key: ${{ secrets.AWS_ACCESS_KEY_ID }}" >> src/main/resources/application-secrets.yml
-          echo "spring.cloud.aws.credentials.secret-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}" >> src/main/resources/application-secrets.yml
-          echo "spring.cloud.aws.s3.bucket: ${{ secrets.AWS_S3_BUCKET_NAME }}" >> src/main/resources/application-secrets.yml
-          echo "spring.cloud.aws.stack.auto: false" >> src/main/resources/application-secrets.yml
-
-          echo "liveblocks.secret-key: ${{ secrets.LIVEBLOCKS_SECRET_KEY }}" >> src/main/resources/application-secrets.yml
-
-      # 6. application-secrets-server.yml 생성
-      - name: Generate application-secrets-server.yml
-        run: |
-          mkdir -p src/main/resources
-          echo "${{ secrets.APPLICATION_SECRET_SERVER_YML }}" > src/main/resources/application-secrets-server.yml
-          echo "OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}" >> src/main/resources/application-secrets-server.yml
-
-      # 7. Gradle 테스트 실행
+      # 5. Gradle 테스트 실행
       - name: Test with Gradle
         # 테스트 단계에서 RabbitMQ 연결을 위한 환경 변수 설정
         env:
+          OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}
           SPRING_RABBITMQ_HOST: localhost
-          SPRING_RABBITMQ_PORT: 5672
           SPRING_RABBITMQ_USERNAME: guest
           SPRING_RABBITMQ_PASSWORD: guest
-        run: ./gradlew test
-
-      # 8. 테스트 결과 요약 출력
+          KAKAO_CLIENT_ID: ${{ secrets.OAUTH_KAKAO_CLIENT_ID }}
+          GOOGLE_CLIENT_ID: ${{ secrets.OAUTH_GOOGLE_CLIENT_ID }}
+          GOOGLE_CLIENT_SECRET: ${{ secrets.OAUTH_GOOGLE_CLIENT_SECRET }}
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_S3_BUCKET_NAME: ${{ secrets.AWS_S3_BUCKET_NAME }}
+          SENTRY_DSN: ${{ secrets.SENTRY_DSN }}
+          JWT_SECRET_KEY: ${{ secrets.JWT_SECRET_KEY }}
+          JWT_ACCESS_TOKEN_VALIDITY: ${{ secrets.JWT_ACCESS_TOKEN_VALIDITY }}
+          JWT_REFRESH_TOKEN_VALIDITY: ${{ secrets.JWT_REFRESH_TOKEN_VALIDITY }}
+          NAVER_CLIENT_ID: ${{ secrets.NAVER_CLIENT_ID }}
+          NAVER_CLIENT_SECRET: ${{ secrets.NAVER_CLIENT_SECRET }}
+          LIVEBLOCKS_SECRET_KEY: ${{ secrets.LIVEBLOCKS_SECRET_KEY }}
+        run: ./gradlew test --stacktrace
+
+      # 6. 테스트 결과 요약 출력
       - name: Show test results
+        if: always()  # 테스트 실패 여부와 상관없이 항상 실행
         run: |
           echo "==== Test Results ===="
           if compgen -G "build/test-results/test/TEST-*.xml" > /dev/null; then
@@ -113,28 +105,19 @@ jobs:
             echo "No test results found."
           fi
 
-      # 8-1. S3 자격 증명 제거 (빌드 전에만)
-      - name: Remove only S3 credentials before building
-        run: |
-          CONFIG_FILE="src/main/resources/application-secrets.yml"
-          sed -i '/spring.cloud.aws.credentials.access-key/d' $CONFIG_FILE
-          sed -i '/spring.cloud.aws.credentials.secret-key/d' $CONFIG_FILE
-          sed -i '/spring.cloud.aws.region.static/d' $CONFIG_FILE
-          sed -i '/spring.cloud.aws.stack.auto/d' $CONFIG_FILE
-
-      # 9. Gradle 빌드 실행 (테스트 성공 시)
+      # 7. Gradle 빌드 실행 (테스트 성공 시)
       - name: Build with Gradle
         run: ./gradlew build -x test
 
-      # 10. GHCR 로그인
+      # 8. GHCR 로그인
       - name: Log in to GHCR
         uses: docker/login-action@v2
         with:
           registry: ghcr.io
           username: ${{ github.repository_owner }}
           password: ${{ secrets.GITHUB_TOKEN }}
 
-      # 11. Docker 이미지 빌드 & 푸시
+      # 9. Docker 이미지 빌드 & 푸시
       - name: Build & Push Docker Image
         run: |
           IMAGE_NAME=ghcr.io/${{ github.repository }}/zoopzoop

src/main/resources/application-dev.yml

@@ -15,20 +15,20 @@ spring:
       host: localhost
       port: 6379
       timeout: 6000
-  cache: #Spring Cache를 사용하기 위한 Redis
-    type: redis
-    redis:
-      time-to-live: 300000
-      cache-null-values: false
 
+  security:
+    oauth2:
+      client:
+        registration:
+          kakao:
+            redirect-uri: http://localhost:8080/login/oauth2/code/kakao
+          google:
+            redirect-uri: http://localhost:8080/login/oauth2/code/google
 app:
   seed:
     enabled: true
 
 sentry:
-  dsn: https://60f1acad189d2994353d59b7895076ee@o4510100579155968.ingest.us.sentry.io/4510100584923136
-  # Add data like request headers and IP for users,
-  # see https://docs.sentry.io/platforms/java/guides/spring-boot/data-management/data-collected/ for more info
   send-default-pii: true
   environment: local
-  traces-sample-rate: 0.0
+  traces-sample-rate: 0.0

src/main/resources/application-server.yml

@@ -10,29 +10,33 @@ spring:
 
   data: #RedisTemplate 등을 사용하기 위한 직접 연결용
     redis:
-      host: 10.0.1.246
+      host: ${REDIS_HOST}
       port: 6379
       timeout: 6000
-      password: zoopzoopRedisTest!
+      password: ${REDIS_PASSWORD}
+
   cache: #Spring Cache를 사용하기 위한 Redis
     type: redis
     redis:
       time-to-live: 300000
       cache-null-values: false
 
-management:
-  endpoints:
-    web:
-      exposure:
-        include: health,info
-  endpoint:
-    health:
-      show-details: always
+  security:
+    oauth2:
+      client:
+        registration:
+          kakao:
+            redirect-uri: ${KAKAO_REDIRECT_URI}
+          google:
+            redirect-uri: ${GOOGLE_REDIRECT_URI}
+
+front:
+  redirect_domain: ${FRONT_REDIRECT_DOMAIN}
 
 sentry:
-  dsn: https://60f1acad189d2994353d59b7895076ee@o4510100579155968.ingest.us.sentry.io/4510100584923136
   # Add data like request headers and IP for users,
   # see https://docs.sentry.io/platforms/java/guides/spring-boot/data-management/data-collected/ for more info
   send-default-pii: true
   environment: prod
   traces-sample-rate: 0.2
+

src/main/resources/application-test.yml

@@ -13,6 +13,27 @@ spring:
       ddl-auto: create-drop
     show-sql: true
 
+  security:
+    oauth2:
+      client:
+        registration:
+            kakao:
+                redirect-uri: http://localhost:3000/oauth/callback/kakao
+            google:
+                redirect-uri: http://localhost:3000/oauth/callback/google
+
+front:
+  redirect_domain: http://localhost:3000
+
+  app:
+    seed:
+      enabled: false
+
+  sentry:
+    send-default-pii: true
+    environment: local
+    traces-sample-rate: 0.0
+
   sql:
     init:
       mode: never