[CHORE] 환경 분리를 위한 yml 파일 변경

.github/workflows/api-CD.yml

@@ -41,25 +41,22 @@ jobs:
         aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
         aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
         aws-region: ap-northeast-2
-
-    # 3) 환경변수 파일 생성
-    - name: make application.yml 파일 생성
+
+    # 3) AWS Secrets Manger 환경변수 사용
+    - name: Read secrets from AWS Secrets Manager into environment variables
+      uses: abhilash1in/[email protected]
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
+        aws-region: ap-northeast-2
+        secrets: /secret/umbba-dev
+        parse-json: false
+
+    # 4) FCM secret key 파일 생성
+    - name: FCM secret key 파일 생성
       run: |
-        # application.yml 파일 생성
         cd ./umbba-api/src/main/resources
-        rm application.yaml
-
-        touch ./application.yml
-
-        # GitHub-Actions 에서 설정한 값을 application.yml 파일에 쓰기
-        echo "${{ secrets.UMBBA_SECRET }}" >> ./application.yml
-
-        # 생성된 파일 확인
-        cat ./application.yml
-
-        ####################################
 
-        # FCM secret key 폴더 생성 
         mkdir ./firebase
         cd ./firebase
 

.github/workflows/api-CI.yml

@@ -49,25 +49,17 @@ jobs:
       with:
         java-version: '11'
         distribution: 'temurin'
-
-    # 3) 환경변수 파일 생성
-    - name: make application.yml 파일 생성
-      run: |
-        ## create application.yml
-        cd ./umbba-api/src/main/resources
-        rm application.yaml
-
-        # application.yml 파일 생성
-        touch ./application.yml
 
-        # GitHub-Actions 에서 설정한 값을 application.yml 파일에 쓰기
-        echo "${{ secrets.UMBBA_SECRET }}" >> ./application.yml
-
-        # application.yml 파일 확인
-        cat ./application.yml
+    # 3) AWS Secrets Manger 환경변수 사용
+    - name: Read secrets from AWS Secrets Manager into environment variables
+      uses: abhilash1in/[email protected]
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
+        aws-region: ap-northeast-2
+        secrets: /secret/umbba-dev
+        parse-json: false
 
-      shell: bash
-
     # 이 워크플로우는 gradle build
     - name: Grant execute permission for gradlew
       run: chmod +x gradlew

.github/workflows/notification-CD.yml

@@ -42,24 +42,21 @@ jobs:
         aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
         aws-region: ap-northeast-2
 
-    # 3) 환경변수 파일 생성
-    - name: make application.yml 파일 생성
+    # 3) AWS Secrets Manger 환경변수 사용
+    - name: Read secrets from AWS Secrets Manager into environment variables
+      uses: abhilash1in/[email protected]
+      with:
+        aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
+        aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
+        aws-region: ap-northeast-2
+        secrets: /secret/umbba-dev
+        parse-json: false
+
+    # 4) FCM secret key 파일 생성
+    - name: FCM secret key 파일 생성
       run: |
-        # application.yml 파일 생성
-        cd ./umbba-notification/src/main/resources
-        rm application.yaml
-
-        touch ./application.yml
-
-        # GitHub-Actions 에서 설정한 값을 application.yml 파일에 쓰기
-        echo "${{ secrets.UMBBA_SECRET }}" >> ./application.yml
-
-        # 생성된 파일 확인
-        cat ./application.yml
-
-        ####################################
+        cd ./umbba-api/src/main/resources
 
-        # FCM secret key 폴더 생성 
         mkdir ./firebase
         cd ./firebase
 

.github/workflows/notification-CI.yml

@@ -50,23 +50,15 @@ jobs:
           java-version: '11'
           distribution: 'temurin'
 
-      # 3) 환경변수 파일 생성
-      - name: make application.yml 파일 생성
-        run: |
-          ## create application.yml
-          cd ./umbba-notification/src/main/resources
-          rm application.yaml
-
-          # application.yml 파일 생성
-          touch ./application.yml
-
-          # GitHub-Actions 에서 설정한 값을 application.yml 파일에 쓰기
-          echo "${{ secrets.UMBBA_SECRET }}" >> ./application.yml
-
-          # application.yml 파일 확인
-          cat ./application.yml
-
-        shell: bash
+      # 3) AWS Secrets Manger 환경변수 사용
+      - name: Read secrets from AWS Secrets Manager into environment variables
+        uses: abhilash1in/[email protected]
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
+          aws-region: ap-northeast-2
+          secrets: /secret/umbba-dev
+          parse-json: false
 
       # 이 워크플로우는 gradle build
       - name: Grant execute permission for gradlew

build.gradle

@@ -42,6 +42,9 @@ subprojects {
 		// Health Check
 		implementation 'org.springframework.boot:spring-boot-starter-actuator'
 
+		// AWS Secrets Manager
+		implementation 'org.springframework.cloud:spring-cloud-starter-bootstrap:3.1.3'
+		implementation 'org.springframework.cloud:spring-cloud-starter-aws-secrets-manager-config:2.2.6.RELEASE'
 	}
 
 	test {

umbba-api/build.gradle

@@ -35,5 +35,9 @@ dependencies {
 
     // s3
 //    implementation "org.springframework.cloud:spring-cloud-starter-aws:2.2.6.RELEASE"
+
+    // AWS Secrets Manager
+    implementation 'org.springframework.cloud:spring-cloud-starter-bootstrap:3.1.3'
+    implementation 'org.springframework.cloud:spring-cloud-starter-aws-secrets-manager-config:2.2.6.RELEASE'
 }
 

umbba-api/src/main/resources/application.yml

@@ -0,0 +1,137 @@
+spring:
+  profiles:
+    group:
+      "local": "local_setting, common"
+      "local_notification": "local_notification_setting, common"
+      "set1": "set1_setting, common"
+      "set2": "set2_setting, common"
+      "notification": "notification_setting, common"
+    active: local
+
+# common
+---
+spring:
+  config:
+    activate:
+      on-profile: common
+
+  datasource:
+    driver-class-name: com.mysql.cj.jdbc.Driver
+    url: ${DB_URL}
+    username: ${DB_USER}
+    password: ${DB_PWD}
+    hikari:
+      pool-name: Hikari 커넥션 풀  # Pool
+      connection-timeout: 30000 # 30초(default: 30초)
+      maximum-pool-size: 10  # default: 10개
+      max-lifetime: 600000   # 10분(default: 30분)
+      leak-detection-threshold: 3500  # default: 0(이용X)
+
+  jpa:
+    show-sql: false
+    hibernate:
+      ddl-auto: update
+      ejb:
+        naming_strategy: org.springframework.boot.orm.jpa.hibernate.SpringPhysicalNamingStrategy
+    properties:
+      hibernate:
+        format_sql: true
+
+cloud:
+  aws:
+    credentials:
+      accessKey: ${CLOUD_ACCESS}
+      secretKey: ${CLOUD_SECRET}
+    region:
+      static: ${CLOUD_REGION}
+    s3:
+      bucket: ${BUCKET_NAME}
+    stack:
+      auto: false
+    sqs:
+      notification:
+        name: ${SQS_NOTIFICATION_NAME}
+        url: ${SQS_NOTIFICATION_URL}
+
+kakao:
+  client-id: ${KAKAO_ID}
+  authorization-grant-type: authorization_code
+  redirect-uri: ${KAKAO_REDIRECT}
+apple:
+  iss: ${APPLE_ISS}
+  client-id: ${APPLE_ID}
+#  nonce:
+
+jwt:
+  secret: ${JWT_SECRET}
+
+slack:
+  webhook:
+    url: ${SLACK_URL}
+
+fcm:
+  key:
+    path: ${FCM_JSON_PATH}
+    scope: ${FCM_SCOPE}
+  #    firebase-create-scoped: "https://www.googleapis.com/auth/firebase.messaging"
+  api:
+    url: ${FCM_API_URL}
+  topic:
+    "qna_notification"
+
+logging:
+  level:
+    com:
+      amazonaws:
+        util:
+          EC2MetadataUtils: error
+
+# local_setting
+---
+spring:
+  config:
+    activate:
+      on-profile: local_setting
+
+server:
+  port: 9091
+
+# local_notification_setting
+---
+spring:
+  config:
+    activate:
+      on-profile: local_notification_setting
+
+server:
+  port: 9092
+
+# set1_setting
+---
+spring:
+  config:
+    activate:
+      on-profile: set1_setting
+
+server:
+  port: 8081
+
+# set2_setting
+---
+spring:
+  config:
+    activate:
+      on-profile: set2_setting
+
+server:
+  port: 8082
+
+# notification_setting
+---
+spring:
+  config:
+    activate:
+      on-profile: notification_setting
+
+server:
+  port: 8083

umbba-api/src/main/resources/bootstrap.yml

@@ -0,0 +1,7 @@
+aws:
+  secretsmanager:
+    name: umbba-dev
+cloud:
+  aws:
+    region:
+      static: ap-northeast-2