KUSITMS-29th-TEAM-B · whereami2048 · May 3, 2024 · Apr 30, 2024 · Apr 30, 2024 · Apr 30, 2024
diff --git a/.github/workflows/CD-dev.yml b/.github/workflows/CD-dev.yml
@@ -0,0 +1,101 @@
+name: CD-dev
+
+on:
+  push:
+    branches: [ "main" ]
+
+permissions:
+  contents: read
+
+jobs:
+  deploy:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: checkout
+        uses: actions/checkout@v3
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'corretto'
+
+      - name: Gradle Caching
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.gradle/caches
+            ~/.gradle/wrapper
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
+          restore-keys: |
+            ${{ runner.os }}-gradle-
+
+      - name: Set .env for configuration
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.HOST }}
+          username: ubuntu
+          key: ${{ secrets.KEY }}
+          script: |
+            rm -rf ./.env
+            touch ./.env
+            echo "DOCKER_USERNAME=${{ secrets.DOCKER_USERNAME }}" >> ./.env
+            echo "DOCKER_REPOSITORY=${{ secrets.DOCKER_REPOSITORY }}" >> ./.env
+            echo "DB_URL=${{ secrets.DEV_DB_URL }}" >> ./.env
+            echo "DB_USERNAME=${{ secrets.DEV_DB_USERNAME }}" >> ./.env
+            echo "DB_PASSWORD=${{ secrets.DEV_DB_PASSWORD }}" >> ./.env
+#            echo "JWT_SECRET=${{ secrets.JWT_SECRET }}" >> ./.env
+#            echo "KAKAO_APP_ID=${{ secrets.KAKAO_APP_ID }}" >> ./.env
+#            echo "APPLE_APP_ID=${{ secrets.APPLE_APP_ID }}" >> ./.env
+#            echo "S3_BUCKET=${{ secrets.S3_BUCKET }}" >> ./.env
+#            echo "AWS_ACCESS_KEY=${{ secrets.AWS_ACCESS_KEY }}" >> ./.env
+#            echo "AWS_SECRET_KEY=${{ secrets.AWS_SECRET_KEY }}" >> ./.env
+
+      # gradle build
+      - name: Grant execute permission for gradlew
+        run: chmod +x gradlew
+
+      - name: Build with Gradle
+        run: ./gradlew build -x test
+
+      ## 도커 이미지 빌드 후 도커허브에 push
+      - name: docker build and push
+        run: |
+          docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
+          docker build -t ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_REPOSITORY }} .
+          docker push ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_REPOSITORY }}
+
+      ## deploy.sh 파일 서버로 전달
+      - name: Send deploy.sh
+        uses: appleboy/scp-action@master
+        with:
+          username: ubuntu
+          host: ${{ secrets.HOST }}
+          key: ${{ secrets.KEY }}
+          port: 22
+          source: "./scripts/"
+          target: "/home/ubuntu/"
+
+      - name: Send docker-compose.yml
+        uses: appleboy/scp-action@master
+        with:
+          username: ubuntu
+          host: ${{ secrets.HOST }}
+          key: ${{ secrets.KEY }}
+          port: 22
+          source: "./docker-compose.yml"
+          target: "/home/ubuntu/"
+
+      ## 도커 허브에서 jar파일 및 pull후에 컴포즈 up
+      - name: Deploy to Dev
+        uses: appleboy/ssh-action@master
+        with:
+          username: ubuntu
+          host: ${{ secrets.HOST }}
+          key: ${{ secrets.KEY }}
+          script: |
+            sudo docker pull ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_REPOSITORY }}
+            chmod 777 ./scripts/deploy.sh
+            cp ./scripts/deploy.sh ./deploy.sh
+            ./deploy.sh
+            docker image prune -f
diff --git a/.github/workflows/CI-dev.yml b/.github/workflows/CI-dev.yml
@@ -0,0 +1,36 @@
+name: CI-dev
+
+on:
+  pull_request:
+    branches:
+      - develop
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+
+    steps:
+      - uses: actions/checkout@v2
+
+      - name: Setup JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'corretto'
+
+      - name: Gradle Caching
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.gradle/caches
+            ~/.gradle/wrapper
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
+          restore-keys: |
+            ${{ runner.os }}-gradle-
+      - name: Grant Execute Permission For Gradlew
+        run: chmod +x gradlew
+
+      - name: Build With Gradle
+        run: |
+          ./gradlew build
+          ./gradlew bootJar
diff --git a/.gitignore b/.gitignore
@@ -38,3 +38,9 @@ out/
 
 ### Kotlin ###
 .kotlin
+
+### .env ###
+.env
+
+### .DS_Store ###
+.DS_Store/
diff --git a/Api-Module/src/main/kotlin/com/bamyanggang/apimodule/ApiModuleApplication.kt b/Api-Module/src/main/kotlin/com/bamyanggang/apimodule/ApiModuleApplication.kt
@@ -4,7 +4,10 @@ import org.springframework.boot.autoconfigure.SpringBootApplication
 import org.springframework.boot.autoconfigure.security.servlet.UserDetailsServiceAutoConfiguration
 import org.springframework.boot.runApplication
 
-@SpringBootApplication(exclude = [UserDetailsServiceAutoConfiguration::class])
+@SpringBootApplication(
+    scanBasePackages = ["com.bamyanggang.apimodule"],
+    exclude = [UserDetailsServiceAutoConfiguration::class]
+)
 class ApiModuleApplication {
 }
 

diff --git a/...c/main/kotlin/com/bamyanggang/apimodule/domain/auth/presentation/config/SecurityConfig.kt b/...c/main/kotlin/com/bamyanggang/apimodule/domain/auth/presentation/config/SecurityConfig.kt
@@ -0,0 +1,48 @@
+package com.bamyanggang.apimodule.domain.auth.presentation.config
+
+import org.springframework.context.annotation.Bean
+import org.springframework.context.annotation.Configuration
+import org.springframework.security.config.annotation.web.builders.HttpSecurity
+import org.springframework.security.config.annotation.web.builders.WebSecurity
+import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity
+import org.springframework.security.config.annotation.web.configuration.WebSecurityCustomizer
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer
+import org.springframework.security.config.http.SessionCreationPolicy
+import org.springframework.security.web.SecurityFilterChain
+
+
+@EnableWebSecurity
+@Configuration
+class SecurityConfig {
+    // TODO: api 추가될 때 white list url 확인해서 추가하기.
+    private val whiteList: Array<String> = arrayOf(
+        "/api/**",
+        "/api-docs/**",
+        "/",
+        "/error"
+    )
+
+    @Bean
+    fun webSecurityCustomizer(): WebSecurityCustomizer {
+        return WebSecurityCustomizer { web: WebSecurity -> web.ignoring().requestMatchers(*whiteList) }
+    }
+
+    @Bean
+    @Throws(Exception::class)
+    fun filterChain(http: HttpSecurity): SecurityFilterChain {
+        return http
+            .csrf { obj: AbstractHttpConfigurer<*, *> -> obj.disable() }
+            .formLogin { obj: AbstractHttpConfigurer<*, *> -> obj.disable() }
+            .httpBasic { obj: AbstractHttpConfigurer<*, *> -> obj.disable() }
+            .sessionManagement { sessionManagementConfigurer ->
+                sessionManagementConfigurer
+                    .sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+            }
+            .authorizeHttpRequests { authorizationManagerRequestMatcherRegistry ->
+                authorizationManagerRequestMatcherRegistry
+                    .anyRequest()
+                    .authenticated()
+            }
+            .build()
+    }
+}
diff --git a/Api-Module/src/main/resources/application.properties b/Api-Module/src/main/resources/application.properties
diff --git a/Api-Module/src/main/resources/application.yml b/Api-Module/src/main/resources/application.yml
@@ -0,0 +1,25 @@
+spring:
+  application:
+    name: Api-Module
+
+  datasource:
+    driver-class-name: com.mysql.cj.jdbc.Driver
+    url: ${DB_URL}
+    username: ${DB_USERNAME}
+    password: ${DB_PASSWORD}
+  jpa:
+    open-in-view: false
+    hibernate:
+      ddl-auto: update
+    database-platform: org.hibernate.dialect.MySQLDialect
+  security:
+    oauth2:
+      client:
+        registration:
+          google:
+            client-id: ${OAUTH_GOOGLE_CLIENT_ID}
+            client-secret: ${OAUTH_GOOGLE_CLIENT_SECRET}
+            scope:
+              - email
+              - profile
+            redirect-uri: ${OAUTH_GOOGLE_REDIRECT_URI}
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,10 @@
+FROM amazoncorretto:17-alpine-jdk
+
+# JAR_FILE 변수에 값을 저장
+ARG JAR_FILE=/Api-Module/build/libs/Api-Module-0.0.1-SNAPSHOT.jar
+
+# 변수에 저장된 것을 컨테이너 실행시 이름을 app.jar파일로 변경하여 컨테이너에 저장
+COPY ${JAR_FILE} app.jar
+
+# 빌드된 이미지가 run될 때 실행할 명령어
+ENTRYPOINT ["java","-jar","app.jar"]
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -3,7 +3,7 @@ import org.springframework.boot.gradle.tasks.bundling.BootJar
 
 plugins {
     id("java-test-fixtures")
-    id("org.springframework.boot") version "3.2.5"
+    id("org.springframework.boot") version "3.1.1"
     id("io.spring.dependency-management") version "1.1.4"
 
     kotlin("jvm") version "1.9.23"

diff --git a/docker-compose.yml b/docker-compose.yml
@@ -0,0 +1,24 @@
+version: '3'
+services:
+  blue:
+    container_name: blue
+    image: ${DOCKER_USERNAME}/${DOCKER_REPOSITORY}
+    expose:
+      - 8080
+    ports:
+      - "8082:8080"
+    environment:
+      - DB_URL=${DB_URL}
+      - DB_USERNAME=${DB_USERNAME}
+      - DB_PASSWORD=${DB_PASSWORD}
+  green:
+    container_name: green
+    image: ${DOCKER_USERNAME}/${DOCKER_REPOSITORY}
+    expose:
+      - 8080
+    ports:
+      - "8081:8080"
+    environment:
+      - DB_URL=${DB_URL}
+      - DB_USERNAME=${DB_USERNAME}
+      - DB_PASSWORD=${DB_PASSWORD}
diff --git a/scripts/deploy.sh b/scripts/deploy.sh
@@ -0,0 +1,59 @@
+#!/bin/bash
+
+IS_GREEN=$(docker ps | grep green) # 현재 실행중인 App이 blue인지 확인합니다.
+DEFAULT_CONF=" /etc/nginx/nginx.conf"
+
+if [ -z $IS_GREEN  ];then # blue라면
+
+  echo "### BLUE => GREEN ####"
+
+  echo "1. get green image"
+  docker-compose pull green # green으로 이미지를 내려받습니다.
+
+  echo "2. green container up"
+  docker-compose up -d green # green 컨테이너 실행
+
+  while [ 1 = 1 ]; do
+  echo "3. green health check..."
+  sleep 3
+
+  REQUEST=$(curl http://127.0.0.1:8081) # green으로 request
+    if [ -n "$REQUEST" ]; then # 서비스 가능하면 health check 중지
+            echo "health check success"
+            break ;
+            fi
+  done;
+
+  echo "4. reload nginx"
+  sudo cp /etc/nginx/nginx.green.conf /etc/nginx/nginx.conf
+  sudo nginx -s reload
+
+  echo "5. blue container down"
+  docker-compose stop blue
+else
+  echo "### GREEN => BLUE ###"
+
+  echo "1. get blue image"
+  docker-compose pull blue
+
+  echo "2. blue container up"
+  docker-compose up -d blue
+
+  while [ 1 = 1 ]; do
+    echo "3. blue health check..."
+    sleep 3
+    REQUEST=$(curl http://127.0.0.1:8082) # blue로 request
+
+    if [ -n "$REQUEST" ]; then # 서비스 가능하면 health check 중지
+      echo "health check success"
+      break ;
+    fi
+  done;
+
+  echo "4. reload nginx"
+  sudo cp /etc/nginx/nginx.blue.conf /etc/nginx/nginx.conf
+  sudo nginx -s reload
+
+  echo "5. green container down"
+  docker-compose stop green
+fi