AI-SIP · KiSeungMin · Sep 27, 2024 · Sep 21, 2024 · Sep 21, 2024 · Sep 21, 2024
diff --git a/.github/workflows/dev_docker_gradle.yml b/.github/workflows/dev_docker_gradle.yml
@@ -1,58 +1,74 @@
-name: Java CI with Gradle
+name: Java CI with Gradle  # 워크플로우의 이름 설정
 
 on:
   push:
-    branches: ["dev" ]
+    branches: ["develop"]  # dev 브랜치에 푸시될 때 워크플로우 실행
   pull_request:
-    branches: ["dev" ]
+    branches: ["develop"]  # dev 브랜치에 대한 PR이 생성되거나 업데이트될 때 워크플로우 실행
 
 permissions:
-  contents: read
+  contents: read  # 워크플로우의 권한 설정 (read-only)
 
 jobs:
   build:
 
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-latest  # 워크플로우가 실행될 환경 설정 (Ubuntu 최신 버전)
 
     steps:
-    - uses: actions/checkout@v3
-    - name: Set up JDK 17
-      uses: actions/setup-java@v3
-      with:
-        java-version: '17'
-        distribution: 'temurin'
-
-
-    - name: make application-prod.yml
-      run: |
-        cd ./src/main/resources
-        touch ./application-prod.yml
-        echo "${{ secrets.APPLICATION_PROD }}" > ./application-prod.yml
-
-
-    - name: Grant execute permission for gradlew
-      run: chmod +x gradlew
-
-    - name: Build with Gradle
-      run: ./gradlew build -x test
-
-    - name: Docker build
-      run: |
-        docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
-        docker build -t app .
-        docker tag app ${{ secrets.DOCKER_USERNAME }}/sejongmate:latest
-        docker push ${{ secrets.DOCKER_USERNAME }}/sejongmate:latest
-
-    - name: Deploy
-      uses: appleboy/ssh-action@master
-      with:
-        host: ${{ secrets.HOST }} # EC2 인스턴스 퍼블릭 DNS
-        username: ec2-user
-        key: ${{ secrets.PRIVATE_KEY }} # pem 키
-        # 도커 작업
-        script: |
-          docker pull ${{ secrets.DOCKER_USERNAME }}/sejongmate:latest
-          docker stop $(docker ps -a -q)
-          docker run -d --log-driver=syslog -p 8080:8080 ${{ secrets.DOCKER_USERNAME }}/sejongmate:latest
-          docker rm $(docker ps --filter 'status=exited' -a -q)
-          docker image prune -a -f
+      # 코드 체크아웃: GitHub Actions가 현재 리포지토리의 코드를 가져옵니다.
+      - uses: actions/checkout@v3
+
+      # JDK 17 설정: Java 17 버전을 사용하기 위해 JDK를 설치합니다.
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'  # JDK 버전 17 설정
+          distribution: 'temurin'  # Temurin JDK 배포판 사용
+
+      # application.properites 파일 생성: dev 환경의 설정 파일을 생성하고 secrets에서 값을 가져와 입력합니다.
+      - name: make application.properties
+        run: |
+          cd ./src/main/resources  # resources 디렉토리로 이동
+          touch ./application.properties  # application.properties 파일 생성
+          echo "${{ secrets.APPLICATION_DEV }}" > ./application.properties  # GitHub Secrets에서 설정값을 가져와 파일에 저장
+
+      # Gradle Wrapper 실행 권한 부여: gradlew에 실행 권한을 부여합니다.
+      - name: Grant execute permission for gradlew
+        run: chmod +x gradlew
+
+      # Gradle 빌드: Gradle을 사용해 프로젝트를 빌드하되, 테스트는 생략합니다.
+      - name: Build with Gradle
+        run: ./gradlew build -x test  # 테스트는 실행하지 않고 빌드만 수행
+
+      # Docker 이미지 빌드 및 푸시
+      - name: Docker build
+        run: |
+          docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}  # Docker Hub에 로그인
+          docker build -t app .  # Docker 이미지를 'app'이라는 이름으로 빌드
+          docker tag app ${{ secrets.DOCKER_USERNAME }}/ono:latest  # 이미지를 Docker Hub 저장소로 태깅
+          docker push ${{ secrets.DOCKER_USERNAME }}/ono:latest  # 이미지를 Docker Hub에 푸시
+
+      # Bastion 서버를 통해 스프링 서버로 배포
+      - name: Deploy via Bastion Server
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.DEV_BASTION_HOST }}  # Bastion 서버의 퍼블릭 IP 또는 DNS 주소
+          username: ubuntu  # Bastion 서버의 사용자 이름
+          key: ${{ secrets.DEV_BASTION_PRIVATE_KEY }}  # Bastion 서버의 SSH 개인 키 (GitHub Secrets에서 가져옴)
+          port: 22  # SSH 연결에 사용할 포트 (기본값 22)
+          script: |
+            # Bastion 서버에서 스프링 서버로 SSH 연결 및 도커 작업 수행
+            ssh -o StrictHostKeyChecking=no -i /home/ubuntu/new-dev-an2-ono-spring-key.pem ubuntu@${{ secrets.DEV_SPRING_SERVER_IP }} << 'EOSSH'
+              # 스프링 서버에서 Docker Hub에 로그인
+              docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
+              # 최신 Docker 이미지를 Docker Hub에서 Pull
+              docker pull ${{ secrets.DOCKER_USERNAME }}/ono:latest
+              # 실행 중인 모든 컨테이너를 중지 (실행 중인 컨테이너가 없을 경우 오류 무시)
+              docker stop $(docker ps -a -q) || true
+              # 중지된 모든 컨테이너를 제거 (없을 경우 오류 무시)
+              docker rm $(docker ps -a -q) || true
+              # 새로 받은 이미지를 기반으로 컨테이너 실행 (8080 포트 사용)
+              docker run -d --restart unless-stopped --log-driver=syslog -p 8080:8080 ${{ secrets.DOCKER_USERNAME }}/ono:latest
+              # 24시간 동안 사용되지 않은 모든 Docker 이미지를 삭제하여 공간 확보
+              docker image prune -a -f --filter "until=24h"
+            EOSSH
diff --git a/.github/workflows/gradle.yml b/.github/workflows/gradle.yml
@@ -1,116 +1,116 @@
-# This workflow uses actions that are not certified by GitHub.
-# They are provided by a third-party and are governed by
-# separate terms of service, privacy policy, and support
-# documentation.
-# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
-# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle
-
-name: Java CI with Gradle
-
-on:
-  push:
-    branches: [ "main" ]
-  #pull_request:
-    #branches: [ "main" ]
-
-env:
-  AWS_REGION: ap-northeast-2
-  AWS_S3_BUCKET: dev-an2-ono-bucket
-  AWS_CODE_DEPLOY_APPLICATION: dev-an2-ono-spring-application
-  AWS_CODE_DEPLOY_GROUP: prd-an2-ono-spring-bg
-
-jobs:
-  build:
-
-    runs-on: ubuntu-latest
-    permissions:
-      contents: read
-
-    steps:
-    - uses: actions/checkout@v4
-    - name: Set up JDK 17
-      uses: actions/setup-java@v4
-      with:
-        java-version: '17'
-        distribution: 'temurin'
-
-    # Configure Gradle for optimal use in GitHub Actions, including caching of downloaded dependencies.
-    # See: https://github.com/gradle/actions/blob/main/setup-gradle/README.md
-    - name: Setup Gradle
-      uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
-
-    # application.properties 파일 생성
-    - name: set application.properites
-      run: | 
-          mkdir -p src/main/resources
-          echo "${{ secrets.APPLICATION_PROPERTIES }}" | base64 --decode > src/main/resources/application.properties
-          find src
-
-    # Build
-    - name: Build with Gradle Wrapper
-      run: ./gradlew clean build --exclude-task test
-
-    # 전송할 파일을 담을 디렉토리 생성
-    - name: Make Directory for deliver
-      run: mkdir deploy
-
-    # Jar 파일 Copy
-    - name: Jar 파일 Copy
-      run: cp ./build/libs/*.jar ./deploy/
-
-    # 압축파일 형태로 전달
-    - name: Make zip file
-      run: zip -r -qq -j ./springboot-ono-backend-build.zip ./deploy
-
-    - name: AWS credential 설정
-      uses: aws-actions/configure-aws-credentials@v1
-      with:
-        aws-region: ${{ env.AWS_REGION }}
-        aws-access-key-id: ${{ secrets.AWS_CICD_ACCESS_KEY }}
-        aws-secret-access-key: ${{ secrets.AWS_CICD_SECRET_ACCESS_KEY }}
-
-    # # S3 Bucket으로 copy
-    # - name: S3에 배포
-    #   env:
-    #     AWS_ACCESS_KEY_ID: ${{ secrets.AWS_S3_ACCESS_KEY }}
-    #     AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_S3_SECRET_ACCESS_KEY }}
-    #   run: | 
-    #     aws s3 cp ./springboot-ono-backend-build.zip s3://dev-an2-ono-bucket/ \
-    #       --region ap-northeast-2 \
-    #       --acl private
-
-    - name: S3에 업로드
-      run: aws deploy push --application-name ${{ env.AWS_CODE_DEPLOY_APPLICATION }} --ignore-hidden-files --s3-location s3://$AWS_S3_BUCKET/$GITHUB_SHA.zip --source .
-          
-    - name: EC2에 배포
-      run: aws deploy create-deployment --application-name ${{ env.AWS_CODE_DEPLOY_APPLICATION }} --deployment-config-name CodeDeployDefault.AllAtOnce --deployment-group-name ${{ env.AWS_CODE_DEPLOY_GROUP }} --s3-location bucket=$AWS_S3_BUCKET,key=$GITHUB_SHA.zip,bundleType=zip
-
-    # NOTE: The Gradle Wrapper is the default and recommended way to run Gradle (https://docs.gradle.org/current/userguide/gradle_wrapper.html).
-    # If your project does not have the Gradle Wrapper configured, you can use the following configuration to run Gradle with a specified version.
-    #
-    # - name: Setup Gradle
-    #   uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
-    #   with:
-    #     gradle-version: '8.5'
-    #
-    # - name: Build with Gradle 8.5
-    #   run: gradle build
-
-  dependency-submission:
-
-    runs-on: ubuntu-22.04
-    permissions:
-      contents: write
-
-    steps:
-    - uses: actions/checkout@v4
-    - name: Set up JDK 17
-      uses: actions/setup-java@v4
-      with:
-        java-version: '17'
-        distribution: 'temurin'
-
-    # Generates and submits a dependency graph, enabling Dependabot Alerts for all project dependencies.
-    # See: https://github.com/gradle/actions/blob/main/dependency-submission/README.md
-    - name: Generate and submit dependency graph
-      uses: gradle/actions/dependency-submission@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
+## This workflow uses actions that are not certified by GitHub.
+## They are provided by a third-party and are governed by
+## separate terms of service, privacy policy, and support
+## documentation.
+## This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
+## For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle
+#
+#name: Java CI with Gradle
+#
+#on:
+#  push:
+#    branches: [ "main" ]
+#  #pull_request:
+#    #branches: [ "main" ]
+#
+#env:
+#  AWS_REGION: ap-northeast-2
+#  AWS_S3_BUCKET: dev-an2-ono-bucket
+#  AWS_CODE_DEPLOY_APPLICATION: dev-an2-ono-spring-application
+#  AWS_CODE_DEPLOY_GROUP: prd-an2-ono-spring-bg
+#
+#jobs:
+#  build:
+#
+#    runs-on: ubuntu-latest
+#    permissions:
+#      contents: read
+#
+#    steps:
+#    - uses: actions/checkout@v4
+#    - name: Set up JDK 17
+#      uses: actions/setup-java@v4
+#      with:
+#        java-version: '17'
+#        distribution: 'temurin'
+#
+#    # Configure Gradle for optimal use in GitHub Actions, including caching of downloaded dependencies.
+#    # See: https://github.com/gradle/actions/blob/main/setup-gradle/README.md
+#    - name: Setup Gradle
+#      uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
+#
+#    # application.properties 파일 생성
+#    - name: set application.properites
+#      run: |
+#          mkdir -p src/main/resources
+#          echo "${{ secrets.APPLICATION_PROPERTIES }}" | base64 --decode > src/main/resources/application.properties
+#          find src
+#
+#    # Build
+#    - name: Build with Gradle Wrapper
+#      run: ./gradlew clean build --exclude-task test
+#
+#    # 전송할 파일을 담을 디렉토리 생성
+#    - name: Make Directory for deliver
+#      run: mkdir deploy
+#
+#    # Jar 파일 Copy
+#    - name: Jar 파일 Copy
+#      run: cp ./build/libs/*.jar ./deploy/
+#
+#    # 압축파일 형태로 전달
+#    - name: Make zip file
+#      run: zip -r -qq -j ./springboot-ono-backend-build.zip ./deploy
+#
+#    - name: AWS credential 설정
+#      uses: aws-actions/configure-aws-credentials@v1
+#      with:
+#        aws-region: ${{ env.AWS_REGION }}
+#        aws-access-key-id: ${{ secrets.AWS_CICD_ACCESS_KEY }}
+#        aws-secret-access-key: ${{ secrets.AWS_CICD_SECRET_ACCESS_KEY }}
+#
+#    # # S3 Bucket으로 copy
+#    # - name: S3에 배포
+#    #   env:
+#    #     AWS_ACCESS_KEY_ID: ${{ secrets.AWS_S3_ACCESS_KEY }}
+#    #     AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_S3_SECRET_ACCESS_KEY }}
+#    #   run: |
+#    #     aws s3 cp ./springboot-ono-backend-build.zip s3://dev-an2-ono-bucket/ \
+#    #       --region ap-northeast-2 \
+#    #       --acl private
+#
+#    - name: S3에 업로드
+#      run: aws deploy push --application-name ${{ env.AWS_CODE_DEPLOY_APPLICATION }} --ignore-hidden-files --s3-location s3://$AWS_S3_BUCKET/$GITHUB_SHA.zip --source .
+#
+#    - name: EC2에 배포
+#      run: aws deploy create-deployment --application-name ${{ env.AWS_CODE_DEPLOY_APPLICATION }} --deployment-config-name CodeDeployDefault.AllAtOnce --deployment-group-name ${{ env.AWS_CODE_DEPLOY_GROUP }} --s3-location bucket=$AWS_S3_BUCKET,key=$GITHUB_SHA.zip,bundleType=zip
+#
+#    # NOTE: The Gradle Wrapper is the default and recommended way to run Gradle (https://docs.gradle.org/current/userguide/gradle_wrapper.html).
+#    # If your project does not have the Gradle Wrapper configured, you can use the following configuration to run Gradle with a specified version.
+#    #
+#    # - name: Setup Gradle
+#    #   uses: gradle/actions/setup-gradle@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0
+#    #   with:
+#    #     gradle-version: '8.5'
+#    #
+#    # - name: Build with Gradle 8.5
+#    #   run: gradle build
+#
+#  dependency-submission:
+#
+#    runs-on: ubuntu-22.04
+#    permissions:
+#      contents: write
+#
+#    steps:
+#    - uses: actions/checkout@v4
+#    - name: Set up JDK 17
+#      uses: actions/setup-java@v4
+#      with:
+#        java-version: '17'
+#        distribution: 'temurin'
+#
+#    # Generates and submits a dependency graph, enabling Dependabot Alerts for all project dependencies.
+#    # See: https://github.com/gradle/actions/blob/main/dependency-submission/README.md
+#    - name: Generate and submit dependency graph
+#      uses: gradle/actions/dependency-submission@417ae3ccd767c252f5661f1ace9f835f9654f2b5 # v3.1.0