diff --git a/.github/workflows/prod-server.yml b/.github/workflows/prod-server.yml index d4062802..85298b85 100644 --- a/.github/workflows/prod-server.yml +++ b/.github/workflows/prod-server.yml @@ -82,12 +82,42 @@ jobs: -p $NEW_PORT:8080 \ --name $NEW_CONTAINER \ --network common \ + -e SPRING_PROFILES_ACTIVE=server \ -e SPRING_DATASOURCE_URL="${{secrets.PROD_DB_URL}}" \ -e SPRING_DATASOURCE_USERNAME="${{secrets.PROD_DB_USERNAME}}" \ -e SPRING_DATASOURCE_PASSWORD="${{secrets.PROD_DB_PASSWORD}}" \ + # AWS + -e AWS_ACCESS_KEY_ID="${{secrets.AWS_ACCESS_KEY_ID}}" \ + -e AWS_SECRET_ACCESS_KEY="${{secrets.AWS_SECRET_ACCESS_KEY}}" \ + -e AWS_S3_BUCKET_NAME="${{secrets.AWS_S3_BUCKET_NAME}}" \ + # RabbitMQ -e SPRING_RABBITMQ_HOST="${{secrets.PROD_RABBITMQ_HOST}}" \ -e SPRING_RABBITMQ_USERNAME="${{secrets.PROD_RABBITMQ_USERNAME}}" \ -e SPRING_RABBITMQ_PASSWORD="${{secrets.PROD_RABBITMQ_PASSWORD}}" \ + # Redis + -e REDIS_HOST="${{secrets.PROD_REDIS_HOST}}" \ + -e REDIS_PASSWORD="${{secrets.PROD_REDIS_PASSWORD}}" \ + # OAuth2 + -e KAKAO_CLIENT_ID="${{secrets.OAUTH_KAKAO_CLIENT_ID}}" \ + -e GOOGLE_CLIENT_ID="${{secrets.OAUTH_GOOGLE_CLIENT_ID}}" \ + -e GOOGLE_CLIENT_SECRET="${{secrets.OAUTH_GOOGLE_CLIENT_SECRET}}" \ + -e KAKAO_REDIRECT_URI="${{PROD_OAUTH_KAKAO_REDIRECT_URI}}" \ + -e GOOGLE_REDIRECT_URI="${{PROD_OAUTH_GOOGLE_REDIRECT_URI}}" \ + # Sentry + -e SENTRY_DSN="${{secrets.SENTRY_DSN}}" \ + # OpenAI + -e OPENAI_API_KEY="${{secrets.OPENAI_API_KEY}}" \ + # Liveblocks + -e LIVEBLOCKS_SECRET_KEY="${{secrets.LIVEBLOCKS_SECRET_KEY}}" \ + # naver + -e NAVER_CLIENT_ID="${{secrets.NAVER_CLIENT_ID}}" \ + -e NAVER_CLIENT_SECRET="${{secrets.NAVER_CLIENT_SECRET}}" \ + # JWT + -e JWT_SECRET_KEY="${{secrets.JWT_SECRET_KEY}}" \ + -e JWT_ACCESS_TOKEN_VALIDITY="${{secrets.JWT_ACCESS_TOKEN_VALIDITY}}" \ + -e JWT_REFRESH_TOKEN_VALIDITY="${{secrets.JWT_REFRESH_TOKEN_VALIDITY}}" \ + # Front + -e FRONT_REDIRECT_DOMAIN="${{secrets.FRONT_REDIRECT_DOMAIN}}" \ ghcr.io/${{ github.repository }}/zoopzoop:latest diff --git a/.github/workflows/test-server-cd.yml b/.github/workflows/test-server-cd.yml index 4162dd05..40289eb8 100644 --- a/.github/workflows/test-server-cd.yml +++ b/.github/workflows/test-server-cd.yml @@ -59,12 +59,43 @@ jobs: -p $NEW_PORT:8080 \ --name $NEW_CONTAINER \ --network common \ + -e SPRING_PROFILES_ACTIVE=server \ + # DB -e SPRING_DATASOURCE_URL="${{secrets.TEST_DB_URL}}" \ -e SPRING_DATASOURCE_USERNAME="${{secrets.TEST_DB_USERNAME}}" \ -e SPRING_DATASOURCE_PASSWORD="${{secrets.TEST_DB_PASSWORD}}" \ + # AWS + -e AWS_ACCESS_KEY_ID="${{secrets.AWS_ACCESS_KEY_ID}}" \ + -e AWS_SECRET_ACCESS_KEY="${{secrets.AWS_SECRET_ACCESS_KEY}}" \ + -e AWS_S3_BUCKECT_NAME="${{secrets.AWS_S3_BUCKET_NAME}}" \ + # RabbitMQ -e SPRING_RABBITMQ_HOST="${{secrets.TEST_RABBITMQ_HOST}}" \ -e SPRING_RABBITMQ_USERNAME="${{secrets.TEST_RABBITMQ_USERNAME}}" \ -e SPRING_RABBITMQ_PASSWORD="${{secrets.TEST_RABBITMQ_PASSWORD}}" \ + # Redis + -e REDIS_HOST="${{secrets.TEST_REDIS_HOST}}" \ + -e REDIS_PASSWORD="${{secrets.TEST_REDIS_PASSWORD}}" \ + # OAuth2 + -e KAKAO_CLIENT_ID="${{secrets.OAUTH_KAKAO_CLIENT_ID}}" \ + -e GOOGLE_CLIENT_ID="${{secrets.OAUTH_GOOGLE_CLIENT_ID}}" \ + -e GOOGLE_CLIENT_SECRET="${{secrets.OAUTH_GOOGLE_CLIENT_SECRET}}" \ + -e KAKAO_REDIRECT_URI="${{TEST_OAUTH_KAKAO_REDIRECT_URI}}" \ + -e GOOGLE_REDIRECT_URI="${{TEST_OAUTH_GOOGLE_REDIRECT_URI}}" \ + # Sentry + -e SENTRY_DSN="${{secrets.SENTRY_DSN}}" \ + # OpenAI + -e OPENAI_API_KEY="${{secrets.OPENAI_API_KEY}}" \ + # Liveblocks + -e LIVEBLOCKS_SECRET_KEY="${{secrets.LIVEBLOCKS_SECRET_KEY}}" \ + # naver + -e NAVER_CLIENT_ID="${{secrets.NAVER_CLIENT_ID}}" \ + -e NAVER_CLIENT_SECRET="${{secrets.NAVER_CLIENT_SECRET}}" \ + # JWT + -e JWT_SECRET_KEY="${{secrets.JWT_SECRET_KEY}}" \ + -e JWT_ACCESS_TOKEN_VALIDITY="${{secrets.JWT_ACCESS_TOKEN_VALIDITY}}" \ + -e JWT_REFRESH_TOKEN_VALIDITY="${{secrets.JWT_REFRESH_TOKEN_VALIDITY}}" \ + # Front + -e FRONT_REDIRECT_DOMAIN="${{secrets.FRONT_REDIRECT_DOMAIN}}" \ ghcr.io/${{ github.repository }}/zoopzoop:latest # 헬스체크 diff --git a/.github/workflows/test-server-ci.yml b/.github/workflows/test-server-ci.yml index 14655ca7..d9b7c694 100644 --- a/.github/workflows/test-server-ci.yml +++ b/.github/workflows/test-server-ci.yml @@ -64,40 +64,32 @@ jobs: - name: Grant execute permission for gradlew run: chmod +x ./gradlew - # 5. application-secrets.yml 생성 - - name: Generate application-secrets.yml - run: | - mkdir -p src/main/resources - echo "${{ secrets.APPLICATION_SECRET_YML }}" > src/main/resources/application-secrets.yml - echo "OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}" >> src/main/resources/application-secrets.yml - - echo "spring.cloud.aws.region.static: ${{ secrets.AWS_REGION }}" >> src/main/resources/application-secrets.yml - echo "spring.cloud.aws.credentials.access-key: ${{ secrets.AWS_ACCESS_KEY_ID }}" >> src/main/resources/application-secrets.yml - echo "spring.cloud.aws.credentials.secret-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}" >> src/main/resources/application-secrets.yml - echo "spring.cloud.aws.s3.bucket: ${{ secrets.AWS_S3_BUCKET_NAME }}" >> src/main/resources/application-secrets.yml - echo "spring.cloud.aws.stack.auto: false" >> src/main/resources/application-secrets.yml - - echo "liveblocks.secret-key: ${{ secrets.LIVEBLOCKS_SECRET_KEY }}" >> src/main/resources/application-secrets.yml - - # 6. application-secrets-server.yml 생성 - - name: Generate application-secrets-server.yml - run: | - mkdir -p src/main/resources - echo "${{ secrets.APPLICATION_SECRET_SERVER_YML }}" > src/main/resources/application-secrets-server.yml - echo "OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }}" >> src/main/resources/application-secrets-server.yml - - # 7. Gradle 테스트 실행 + # 5. Gradle 테스트 실행 - name: Test with Gradle # 테스트 단계에서 RabbitMQ 연결을 위한 환경 변수 설정 env: + OPENAI_API_KEY: ${{ secrets.OPENAI_API_KEY }} SPRING_RABBITMQ_HOST: localhost - SPRING_RABBITMQ_PORT: 5672 SPRING_RABBITMQ_USERNAME: guest SPRING_RABBITMQ_PASSWORD: guest - run: ./gradlew test - - # 8. 테스트 결과 요약 출력 + KAKAO_CLIENT_ID: ${{ secrets.OAUTH_KAKAO_CLIENT_ID }} + GOOGLE_CLIENT_ID: ${{ secrets.OAUTH_GOOGLE_CLIENT_ID }} + GOOGLE_CLIENT_SECRET: ${{ secrets.OAUTH_GOOGLE_CLIENT_SECRET }} + AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }} + AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }} + AWS_S3_BUCKET_NAME: ${{ secrets.AWS_S3_BUCKET_NAME }} + SENTRY_DSN: ${{ secrets.SENTRY_DSN }} + JWT_SECRET_KEY: ${{ secrets.JWT_SECRET_KEY }} + JWT_ACCESS_TOKEN_VALIDITY: ${{ secrets.JWT_ACCESS_TOKEN_VALIDITY }} + JWT_REFRESH_TOKEN_VALIDITY: ${{ secrets.JWT_REFRESH_TOKEN_VALIDITY }} + NAVER_CLIENT_ID: ${{ secrets.NAVER_CLIENT_ID }} + NAVER_CLIENT_SECRET: ${{ secrets.NAVER_CLIENT_SECRET }} + LIVEBLOCKS_SECRET_KEY: ${{ secrets.LIVEBLOCKS_SECRET_KEY }} + run: ./gradlew test --stacktrace + + # 6. 테스트 결과 요약 출력 - name: Show test results + if: always() # 테스트 실패 여부와 상관없이 항상 실행 run: | echo "==== Test Results ====" if compgen -G "build/test-results/test/TEST-*.xml" > /dev/null; then @@ -113,20 +105,11 @@ jobs: echo "No test results found." fi - # 8-1. S3 자격 증명 제거 (빌드 전에만) - - name: Remove only S3 credentials before building - run: | - CONFIG_FILE="src/main/resources/application-secrets.yml" - sed -i '/spring.cloud.aws.credentials.access-key/d' $CONFIG_FILE - sed -i '/spring.cloud.aws.credentials.secret-key/d' $CONFIG_FILE - sed -i '/spring.cloud.aws.region.static/d' $CONFIG_FILE - sed -i '/spring.cloud.aws.stack.auto/d' $CONFIG_FILE - - # 9. Gradle 빌드 실행 (테스트 성공 시) + # 7. Gradle 빌드 실행 (테스트 성공 시) - name: Build with Gradle run: ./gradlew build -x test - # 10. GHCR 로그인 + # 8. GHCR 로그인 - name: Log in to GHCR uses: docker/login-action@v2 with: @@ -134,7 +117,7 @@ jobs: username: ${{ github.repository_owner }} password: ${{ secrets.GITHUB_TOKEN }} - # 11. Docker 이미지 빌드 & 푸시 + # 9. Docker 이미지 빌드 & 푸시 - name: Build & Push Docker Image run: | IMAGE_NAME=ghcr.io/${{ github.repository }}/zoopzoop diff --git a/src/main/resources/application-dev.yml b/src/main/resources/application-dev.yml index 28f49010..82d651d3 100644 --- a/src/main/resources/application-dev.yml +++ b/src/main/resources/application-dev.yml @@ -15,20 +15,20 @@ spring: host: localhost port: 6379 timeout: 6000 - cache: #Spring Cache를 사용하기 위한 Redis - type: redis - redis: - time-to-live: 300000 - cache-null-values: false + security: + oauth2: + client: + registration: + kakao: + redirect-uri: http://localhost:8080/login/oauth2/code/kakao + google: + redirect-uri: http://localhost:8080/login/oauth2/code/google app: seed: enabled: true sentry: - dsn: https://60f1acad189d2994353d59b7895076ee@o4510100579155968.ingest.us.sentry.io/4510100584923136 - # Add data like request headers and IP for users, - # see https://docs.sentry.io/platforms/java/guides/spring-boot/data-management/data-collected/ for more info send-default-pii: true environment: local - traces-sample-rate: 0.0 \ No newline at end of file + traces-sample-rate: 0.0 diff --git a/src/main/resources/application-server.yml b/src/main/resources/application-server.yml index 30b1df91..42aaf406 100644 --- a/src/main/resources/application-server.yml +++ b/src/main/resources/application-server.yml @@ -10,29 +10,33 @@ spring: data: #RedisTemplate 등을 사용하기 위한 직접 연결용 redis: - host: 10.0.1.246 + host: ${REDIS_HOST} port: 6379 timeout: 6000 - password: zoopzoopRedisTest! + password: ${REDIS_PASSWORD} + cache: #Spring Cache를 사용하기 위한 Redis type: redis redis: time-to-live: 300000 cache-null-values: false -management: - endpoints: - web: - exposure: - include: health,info - endpoint: - health: - show-details: always + security: + oauth2: + client: + registration: + kakao: + redirect-uri: ${KAKAO_REDIRECT_URI} + google: + redirect-uri: ${GOOGLE_REDIRECT_URI} + +front: + redirect_domain: ${FRONT_REDIRECT_DOMAIN} sentry: - dsn: https://60f1acad189d2994353d59b7895076ee@o4510100579155968.ingest.us.sentry.io/4510100584923136 # Add data like request headers and IP for users, # see https://docs.sentry.io/platforms/java/guides/spring-boot/data-management/data-collected/ for more info send-default-pii: true environment: prod traces-sample-rate: 0.2 + diff --git a/src/main/resources/application-test.yml b/src/main/resources/application-test.yml index c43018a5..220e4820 100644 --- a/src/main/resources/application-test.yml +++ b/src/main/resources/application-test.yml @@ -13,6 +13,27 @@ spring: ddl-auto: create-drop show-sql: true + security: + oauth2: + client: + registration: + kakao: + redirect-uri: http://localhost:3000/oauth/callback/kakao + google: + redirect-uri: http://localhost:3000/oauth/callback/google + +front: + redirect_domain: http://localhost:3000 + + app: + seed: + enabled: false + + sentry: + send-default-pii: true + environment: local + traces-sample-rate: 0.0 + sql: init: mode: never diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml index b730aec3..801c394b 100644 --- a/src/main/resources/application.yml +++ b/src/main/resources/application.yml @@ -1,32 +1,42 @@ spring: application: name: back + profiles: active: dev + output: ansi: enabled: always + datasource: hikari: auto-commit: false + jackson: serialization: fail-on-empty-beans: false + jpa: show-sql: true hibernate: ddl-auto: create-drop + properties: hibernate: format_sql: true highlight_sql: true use_sql_comments: true + config: import: optional:classpath:application-secrets.yml + servlet: multipart: max-file-size: 10MB max-request-size: 10MB + + # Spring AI 설정 ai: openai: base-url: https://api.groq.com/openai # 내부 서버를 groq으로 @@ -35,6 +45,8 @@ spring: options: model: meta-llama/llama-4-scout-17b-16e-instruct temperature: 0 + + # RabbitMQ 설정 rabbitmq: host: ${SPRING_RABBITMQ_HOST:localhost} port: 5672 @@ -46,11 +58,13 @@ spring: enabled: true initial-interval: 2000 max-attempts: 3 + data: #RedisTemplate 등을 사용하기 위한 직접 연결용 redis: host: localhost port: 6379 timeout: 6000 + cache: #Spring Cache를 사용하기 위한 Redis type: redis redis: @@ -58,6 +72,49 @@ spring: cache-null-values: false key-prefix: + #OAuth2 설정 + security: + oauth2: + client: + registration: + kakao: + client-id: ${KAKAO_CLIENT_ID} + scope: + - profile_nickname + - profile_image + authorization-grant-type: authorization_code + google: + client-id: ${GOOGLE_CLIENT_ID} + client-secret: ${GOOGLE_CLIENT_SECRET} + scope: + - profile + authorization-grant-type: authorization_code + provider: + kakao: + authorization-uri: https://kauth.kakao.com/oauth/authorize + token-uri: https://kauth.kakao.com/oauth/token + user-info-uri: https://kapi.kakao.com/v2/user/me + user-name-attribute: id + google: + authorization-uri: https://accounts.google.com/o/oauth2/v2/auth + token-uri: https://oauth2.googleapis.com/token + user-info-uri: https://www.googleapis.com/oauth2/v3/userinfo + user-name-attribute: sub + + #S3 설정 + cloud: + aws: + credentials: + access-key: ${AWS_ACCESS_KEY_ID} + secret-key: ${AWS_SECRET_ACCESS_KEY} + region: + static: ap-northeast-2 + s3: + bucket: ${AWS_S3_BUCKET_NAME} + stack: + auto: false + +#Spring doc 설정 springdoc: default-produces-media-type: application/json;charset=UTF-8 logging: @@ -73,4 +130,28 @@ server: app: seed: - enabled: true \ No newline at end of file + enabled: true + +management: + endpoints: + web: + exposure: + include: health,info + endpoint: + health: + show-details: always + +sentry: #Sentry 모니터렁 기본 설정. + dsn: ${SENTRY_DSN} + +jwt: + secret-key: ${JWT_SECRET_KEY} + access-token-validity: ${JWT_ACCESS_TOKEN_VALIDITY} + refresh-token-validity: ${JWT_REFRESH_TOKEN_VALIDITY} + +naver: + client_id: ${NAVER_CLIENT_ID} + client_secret: ${NAVER_CLIENT_SECRET} + +liveblocks: + secret-key: ${LIVEBLOCKS_SECRET_KEY} \ No newline at end of file