diff --git a/.github/workflows/api-CD.yml b/.github/workflows/api-CD.yml index f71743ad..2c19a671 100644 --- a/.github/workflows/api-CD.yml +++ b/.github/workflows/api-CD.yml @@ -41,25 +41,22 @@ jobs: aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} aws-region: ap-northeast-2 - - # 3) 환경변수 파일 생성 - - name: make application.yml 파일 생성 + + # 3) AWS Secrets Manger 환경변수 사용 + - name: Read secrets from AWS Secrets Manager into environment variables + uses: abhilash1in/aws-secrets-manager-action@v1.1.0 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} + aws-region: ap-northeast-2 + secrets: /secret/umbba-dev + parse-json: false + + # 4) FCM secret key 파일 생성 + - name: FCM secret key 파일 생성 run: | - # application.yml 파일 생성 cd ./umbba-api/src/main/resources - rm application.yaml - - touch ./application.yml - - # GitHub-Actions 에서 설정한 값을 application.yml 파일에 쓰기 - echo "${{ secrets.UMBBA_SECRET }}" >> ./application.yml - - # 생성된 파일 확인 - cat ./application.yml - - #################################### - # FCM secret key 폴더 생성 mkdir ./firebase cd ./firebase diff --git a/.github/workflows/api-CI.yml b/.github/workflows/api-CI.yml index d8bd96ec..4dfc1830 100644 --- a/.github/workflows/api-CI.yml +++ b/.github/workflows/api-CI.yml @@ -49,25 +49,17 @@ jobs: with: java-version: '11' distribution: 'temurin' - - # 3) 환경변수 파일 생성 - - name: make application.yml 파일 생성 - run: | - ## create application.yml - cd ./umbba-api/src/main/resources - rm application.yaml - - # application.yml 파일 생성 - touch ./application.yml - # GitHub-Actions 에서 설정한 값을 application.yml 파일에 쓰기 - echo "${{ secrets.UMBBA_SECRET }}" >> ./application.yml - - # application.yml 파일 확인 - cat ./application.yml + # 3) AWS Secrets Manger 환경변수 사용 + - name: Read secrets from AWS Secrets Manager into environment variables + uses: abhilash1in/aws-secrets-manager-action@v1.1.0 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} + aws-region: ap-northeast-2 + secrets: /secret/umbba-dev + parse-json: false - shell: bash - # 이 워크플로우는 gradle build - name: Grant execute permission for gradlew run: chmod +x gradlew diff --git a/.github/workflows/notification-CD.yml b/.github/workflows/notification-CD.yml index c646b6f3..46d75420 100644 --- a/.github/workflows/notification-CD.yml +++ b/.github/workflows/notification-CD.yml @@ -42,24 +42,21 @@ jobs: aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} aws-region: ap-northeast-2 - # 3) 환경변수 파일 생성 - - name: make application.yml 파일 생성 + # 3) AWS Secrets Manger 환경변수 사용 + - name: Read secrets from AWS Secrets Manager into environment variables + uses: abhilash1in/aws-secrets-manager-action@v1.1.0 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} + aws-region: ap-northeast-2 + secrets: /secret/umbba-dev + parse-json: false + + # 4) FCM secret key 파일 생성 + - name: FCM secret key 파일 생성 run: | - # application.yml 파일 생성 - cd ./umbba-notification/src/main/resources - rm application.yaml - - touch ./application.yml - - # GitHub-Actions 에서 설정한 값을 application.yml 파일에 쓰기 - echo "${{ secrets.UMBBA_SECRET }}" >> ./application.yml - - # 생성된 파일 확인 - cat ./application.yml - - #################################### + cd ./umbba-api/src/main/resources - # FCM secret key 폴더 생성 mkdir ./firebase cd ./firebase diff --git a/.github/workflows/notification-CI.yml b/.github/workflows/notification-CI.yml index 04049db4..f0838dd2 100644 --- a/.github/workflows/notification-CI.yml +++ b/.github/workflows/notification-CI.yml @@ -50,23 +50,15 @@ jobs: java-version: '11' distribution: 'temurin' - # 3) 환경변수 파일 생성 - - name: make application.yml 파일 생성 - run: | - ## create application.yml - cd ./umbba-notification/src/main/resources - rm application.yaml - - # application.yml 파일 생성 - touch ./application.yml - - # GitHub-Actions 에서 설정한 값을 application.yml 파일에 쓰기 - echo "${{ secrets.UMBBA_SECRET }}" >> ./application.yml - - # application.yml 파일 확인 - cat ./application.yml - - shell: bash + # 3) AWS Secrets Manger 환경변수 사용 + - name: Read secrets from AWS Secrets Manager into environment variables + uses: abhilash1in/aws-secrets-manager-action@v1.1.0 + with: + aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }} + aws-region: ap-northeast-2 + secrets: /secret/umbba-dev + parse-json: false # 이 워크플로우는 gradle build - name: Grant execute permission for gradlew diff --git a/build.gradle b/build.gradle index 0252238c..ba29e21c 100644 --- a/build.gradle +++ b/build.gradle @@ -42,6 +42,9 @@ subprojects { // Health Check implementation 'org.springframework.boot:spring-boot-starter-actuator' + // AWS Secrets Manager + implementation 'org.springframework.cloud:spring-cloud-starter-bootstrap:3.1.3' + implementation 'org.springframework.cloud:spring-cloud-starter-aws-secrets-manager-config:2.2.6.RELEASE' } test { diff --git a/umbba-api/build.gradle b/umbba-api/build.gradle index fe36cb1d..42904e80 100644 --- a/umbba-api/build.gradle +++ b/umbba-api/build.gradle @@ -35,5 +35,9 @@ dependencies { // s3 // implementation "org.springframework.cloud:spring-cloud-starter-aws:2.2.6.RELEASE" + + // AWS Secrets Manager + implementation 'org.springframework.cloud:spring-cloud-starter-bootstrap:3.1.3' + implementation 'org.springframework.cloud:spring-cloud-starter-aws-secrets-manager-config:2.2.6.RELEASE' } diff --git a/umbba-api/src/main/resources/application.yaml b/umbba-api/src/main/resources/application.yaml deleted file mode 100644 index 6b561220..00000000 --- a/umbba-api/src/main/resources/application.yaml +++ /dev/null @@ -1,81 +0,0 @@ -cloud: - aws: - credentials: - accessKey: ${cloud-access} - secretKey: ${cloud-secret} - region: - static: ${cloud-region} - s3: - bucket: ${bucket-name} - stack: - auto: false - sqs: - notification: - name: ${sqs-notification-name} - url: ${sqs-notification-url} - #api: - # name: ${sqs-api-name} - # url: ${sqs-api-url} - - -spring: - datasource: - driver-class-name: com.mysql.cj.jdbc.Driver - url: ${db-url} - username: ${db-user} - password: ${db-pwd} - hikari: - pool-name: Hikari 커넥션 풀 # Pool - connection-timeout: 30000 # 30초(default: 30초) - maximum-pool-size: 10 # default: 10개 - max-lifetime: 600000 # 10분(default: 30분) - leak-detection-threshold: 2000 # default: 0(이용X) - - jpa: - show-sql: false - hibernate: - ddl-auto: update - ejb: - naming_strategy: org.springframework.boot.orm.jpa.hibernate.SpringPhysicalNamingStrategy - properties: - hibernate: - format_sql: false - -kakao: - client-id: ${kakao-id} - authorization-grant-type: authorization_code - redirect-uri: ${kakao-redirect} - -apple: - iss: ${apple-iss} - client-id: ${apple-id} -# nonce: ${apple-nonce} - -jwt: - secret: ${jwt-secret} - -slack: - webhook: - url: ${slack-url} - -fcm: - key: - path: ${fcm-json-path} - scope: ${fcm-scope} - # firebase-create-scoped: "https://www.googleapis.com/auth/firebase.messaging" - api: - url: ${fcm-api-url} - topic: - "qna_notification" - -logging: - level: - org: - hibernate: - type: - descriptor: - sql: debug - com.zaxxer.hikari.pool.HikariPool: debug - -server: - port: 9091 \ No newline at end of file diff --git a/umbba-api/src/main/resources/application.yml b/umbba-api/src/main/resources/application.yml new file mode 100644 index 00000000..e6da44be --- /dev/null +++ b/umbba-api/src/main/resources/application.yml @@ -0,0 +1,137 @@ +spring: + profiles: + group: + "local": "local_setting, common" + "local_notification": "local_notification_setting, common" + "set1": "set1_setting, common" + "set2": "set2_setting, common" + "notification": "notification_setting, common" + active: local + +# common +--- +spring: + config: + activate: + on-profile: common + + datasource: + driver-class-name: com.mysql.cj.jdbc.Driver + url: ${DB_URL} + username: ${DB_USER} + password: ${DB_PWD} + hikari: + pool-name: Hikari 커넥션 풀 # Pool + connection-timeout: 30000 # 30초(default: 30초) + maximum-pool-size: 10 # default: 10개 + max-lifetime: 600000 # 10분(default: 30분) + leak-detection-threshold: 3500 # default: 0(이용X) + + jpa: + show-sql: false + hibernate: + ddl-auto: update + ejb: + naming_strategy: org.springframework.boot.orm.jpa.hibernate.SpringPhysicalNamingStrategy + properties: + hibernate: + format_sql: true + +cloud: + aws: + credentials: + accessKey: ${CLOUD_ACCESS} + secretKey: ${CLOUD_SECRET} + region: + static: ${CLOUD_REGION} + s3: + bucket: ${BUCKET_NAME} + stack: + auto: false + sqs: + notification: + name: ${SQS_NOTIFICATION_NAME} + url: ${SQS_NOTIFICATION_URL} + +kakao: + client-id: ${KAKAO_ID} + authorization-grant-type: authorization_code + redirect-uri: ${KAKAO_REDIRECT} +apple: + iss: ${APPLE_ISS} + client-id: ${APPLE_ID} +# nonce: + +jwt: + secret: ${JWT_SECRET} + +slack: + webhook: + url: ${SLACK_URL} + +fcm: + key: + path: ${FCM_JSON_PATH} + scope: ${FCM_SCOPE} + # firebase-create-scoped: "https://www.googleapis.com/auth/firebase.messaging" + api: + url: ${FCM_API_URL} + topic: + "qna_notification" + +logging: + level: + com: + amazonaws: + util: + EC2MetadataUtils: error + +# local_setting +--- +spring: + config: + activate: + on-profile: local_setting + +server: + port: 9091 + +# local_notification_setting +--- +spring: + config: + activate: + on-profile: local_notification_setting + +server: + port: 9092 + +# set1_setting +--- +spring: + config: + activate: + on-profile: set1_setting + +server: + port: 8081 + +# set2_setting +--- +spring: + config: + activate: + on-profile: set2_setting + +server: + port: 8082 + +# notification_setting +--- +spring: + config: + activate: + on-profile: notification_setting + +server: + port: 8083 \ No newline at end of file diff --git a/umbba-api/src/main/resources/bootstrap.yml b/umbba-api/src/main/resources/bootstrap.yml new file mode 100644 index 00000000..25cfe945 --- /dev/null +++ b/umbba-api/src/main/resources/bootstrap.yml @@ -0,0 +1,7 @@ +aws: + secretsmanager: + name: umbba-dev +cloud: + aws: + region: + static: ap-northeast-2 \ No newline at end of file diff --git a/umbba-notification/src/main/resources/application.yaml b/umbba-notification/src/main/resources/application.yaml deleted file mode 100644 index 93c96e4d..00000000 --- a/umbba-notification/src/main/resources/application.yaml +++ /dev/null @@ -1,81 +0,0 @@ -cloud: - aws: - credentials: - accessKey: ${cloud-access} - secretKey: ${cloud-secret} - region: - static: ${cloud-region} - s3: - bucket: ${bucket-name} - stack: - auto: false - sqs: - notification: - name: ${sqs-notification-name} - url: ${sqs-notification-url} - #api: - # name: ${sqs-api-name} - # url: ${sqs-api-url} - - -spring: - datasource: - driver-class-name: com.mysql.cj.jdbc.Driver - url: ${db-url} - username: ${db-user} - password: ${db-pwd} - hikari: - pool-name: Hikari 커넥션 풀 # Pool - connection-timeout: 30000 # 30초(default: 30초) - maximum-pool-size: 10 # default: 10개 - max-lifetime: 600000 # 10분(default: 30분) - leak-detection-threshold: 2000 # default: 0(이용X) - jpa: - show-sql: false - hibernate: - ddl-auto: update - ejb: - naming_strategy: org.springframework.boot.orm.jpa.hibernate.SpringPhysicalNamingStrategy - properties: - hibernate: - format_sql: false - -kakao: - client-id: ${kakao-id} - authorization-grant-type: authorization_code - redirect-uri: ${kakao-redirect} - -apple: - iss: ${apple-iss} - client-id: ${apple-id} -# nonce: ${apple-nonce} - -jwt: - secret: ${jwt-secret} - -slack: - webhook: - url: ${slack-url} - -fcm: - key: - path: ${fcm-json-path} - scope: ${fcm-scope} - # firebase-create-scoped: "https://www.googleapis.com/auth/firebase.messaging" - api: - url: ${fcm-api-url} - topic: - "qna_notification" - -logging: - level: - org: - hibernate: - type: - descriptor: - sql: debug - com.zaxxer.hikari.pool.HikariPool: debug - - -server: - port: 9092 \ No newline at end of file diff --git a/umbba-notification/src/main/resources/application.yml b/umbba-notification/src/main/resources/application.yml new file mode 100644 index 00000000..9ff99358 --- /dev/null +++ b/umbba-notification/src/main/resources/application.yml @@ -0,0 +1,137 @@ +spring: + profiles: + group: + "local": "local_setting, common" + "local_notification": "local_notification_setting, common" + "set1": "set1_setting, common" + "set2": "set2_setting, common" + "notification": "notification_setting, common" + active: local_notification + +# common +--- +spring: + config: + activate: + on-profile: common + + datasource: + driver-class-name: com.mysql.cj.jdbc.Driver + url: ${DB_URL} + username: ${DB_USER} + password: ${DB_PWD} + hikari: + pool-name: Hikari 커넥션 풀 # Pool + connection-timeout: 30000 # 30초(default: 30초) + maximum-pool-size: 10 # default: 10개 + max-lifetime: 600000 # 10분(default: 30분) + leak-detection-threshold: 3500 # default: 0(이용X) + + jpa: + show-sql: false + hibernate: + ddl-auto: update + ejb: + naming_strategy: org.springframework.boot.orm.jpa.hibernate.SpringPhysicalNamingStrategy + properties: + hibernate: + format_sql: true + +cloud: + aws: + credentials: + accessKey: ${CLOUD_ACCESS} + secretKey: ${CLOUD_SECRET} + region: + static: ${CLOUD_REGION} + s3: + bucket: ${BUCKET_NAME} + stack: + auto: false + sqs: + notification: + name: ${SQS_NOTIFICATION_NAME} + url: ${SQS_NOTIFICATION_URL} + +kakao: + client-id: ${KAKAO_ID} + authorization-grant-type: authorization_code + redirect-uri: ${KAKAO_REDIRECT} +apple: + iss: ${APPLE_ISS} + client-id: ${APPLE_ID} +# nonce: + +jwt: + secret: ${JWT_SECRET} + +slack: + webhook: + url: ${SLACK_URL} + +fcm: + key: + path: ${FCM_JSON_PATH} + scope: ${FCM_SCOPE} + # firebase-create-scoped: "https://www.googleapis.com/auth/firebase.messaging" + api: + url: ${FCM_API_URL} + topic: + "qna_notification" + +logging: + level: + com: + amazonaws: + util: + EC2MetadataUtils: error + +# local_setting +--- +spring: + config: + activate: + on-profile: local_setting + +server: + port: 9091 + +# local_notification_setting +--- +spring: + config: + activate: + on-profile: local_notification_setting + +server: + port: 9092 + +# set1_setting +--- +spring: + config: + activate: + on-profile: set1_setting + +server: + port: 8081 + +# set2_setting +--- +spring: + config: + activate: + on-profile: set2_setting + +server: + port: 8082 + +# notification_setting +--- +spring: + config: + activate: + on-profile: notification_setting + +server: + port: 8083 \ No newline at end of file diff --git a/umbba-notification/src/main/resources/bootstrap.yml b/umbba-notification/src/main/resources/bootstrap.yml new file mode 100644 index 00000000..25cfe945 --- /dev/null +++ b/umbba-notification/src/main/resources/bootstrap.yml @@ -0,0 +1,7 @@ +aws: + secretsmanager: + name: umbba-dev +cloud: + aws: + region: + static: ap-northeast-2 \ No newline at end of file