feat(CICD) : CICD 설정

Author: PlusUltraCode

.dockerignore

@@ -0,0 +1,11 @@
+.git
+.github
+.idea
+*.iml
+.gradle
+build
+out
+*.log
+.env
+.env.*
+!.env.example

.github/workflows/deploy-docker-ec2.yml

@@ -0,0 +1,95 @@
+# -----------------------------------------------------------------------------
+# EC2 배포는 아래 워크플로만 사용합니다 (별도 shell 스크립트 없음).
+#
+# GitHub → Settings → Secrets and variables → Actions → Repository secrets
+#
+# Docker Hub
+#   DOCKERHUB_USERNAME
+#   DOCKERHUB_TOKEN
+#
+# EC2 SSH
+#   EC2_HOST
+#   EC2_USER
+#   EC2_SSH_KEY
+#   EC2_SSH_PASSPHRASE   (선택)
+#
+# 앱 (application.yml / GitHub Secrets)
+#   SPRING_DATASOURCE_URL
+#   SPRING_DATASOURCE_USERNAME
+#   SPRING_DATASOURCE_PASSWORD
+#   GOOGLE_CLIENT_ID
+#   JWT_SECRET_BASE64
+#
+# EC2 준비: Docker 설치, 보안 그룹 SSH(22)·앱(9090) 허용
+#
+# Deploy 단계 (SSH 원격에서 실행):
+#   1) docker pull <이미지:커밋SHA>
+#   2) 기존 컨테이너 stop/rm
+#   3) docker run (아래 Secrets 값을 컨테이너에 전달 — EC2 에 .env 파일 없음)
+#   4) docker image prune -f
+# -----------------------------------------------------------------------------
+
+name: Build, push Docker Hub, deploy EC2
+
+on:
+  push:
+    branches: [main]
+  workflow_dispatch:
+
+jobs:
+  build-push-deploy:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKERHUB_USERNAME }}
+          password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+      - name: Build and push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          push: true
+          tags: |
+            ${{ secrets.DOCKERHUB_USERNAME }}/your_voice_back:latest
+            ${{ secrets.DOCKERHUB_USERNAME }}/your_voice_back:${{ github.sha }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      - name: Deploy to EC2
+        uses: appleboy/ssh-action@v1.2.0
+        with:
+          host: ${{ secrets.EC2_HOST }}
+          username: ${{ secrets.EC2_USER }}
+          key: ${{ secrets.EC2_SSH_KEY }}
+          passphrase: ${{ secrets.EC2_SSH_PASSPHRASE }}
+          port: 22
+          script_stop: true
+          script: |
+            set -e
+            IMAGE="${{ secrets.DOCKERHUB_USERNAME }}/your_voice_back:${{ github.sha }}"
+            NAME="your-voice-back"
+            docker pull "$IMAGE"
+            docker stop "$NAME" 2>/dev/null || true
+            docker rm "$NAME" 2>/dev/null || true
+            docker run -d \
+              --name "$NAME" \
+              --restart unless-stopped \
+              -p 9090:9090 \
+              -e SPRING_DATASOURCE_URL="${{ secrets.SPRING_DATASOURCE_URL }}" \
+              -e SPRING_DATASOURCE_USERNAME="${{ secrets.SPRING_DATASOURCE_USERNAME }}" \
+              -e SPRING_DATASOURCE_PASSWORD="${{ secrets.SPRING_DATASOURCE_PASSWORD }}" \
+              -e GOOGLE_CLIENT_ID="${{ secrets.GOOGLE_CLIENT_ID }}" \
+              -e JWT_SECRET_BASE64="${{ secrets.JWT_SECRET_BASE64 }}" \
+              "$IMAGE"
+            docker image prune -f

Dockerfile

@@ -0,0 +1,26 @@
+# Build
+FROM eclipse-temurin:21-jdk-alpine AS build
+WORKDIR /app
+
+COPY gradle gradle
+COPY gradlew build.gradle settings.gradle ./
+RUN chmod +x ./gradlew
+COPY src src
+RUN ./gradlew bootJar --no-daemon -x test -Pdeploy
+
+# Run
+FROM eclipse-temurin:21-jre-alpine
+WORKDIR /app
+
+RUN addgroup -S spring && adduser -S spring -G spring
+
+# bootJar는 *-plain.jar 와 실행용 JAR를 함께 만듈 수 있음
+COPY --from=build /app/build/libs/ /app/libs-tmp/
+RUN f="$(find /app/libs-tmp -name '*.jar' ! -name '*-plain.jar' | head -n1)" && \
+    test -n "$f" && mv "$f" /app/app.jar && rm -rf /app/libs-tmp && \
+    chown spring:spring /app/app.jar
+
+USER spring:spring
+
+EXPOSE 9090
+ENTRYPOINT ["java", "-jar", "/app/app.jar"]

build.gradle

@@ -37,6 +37,13 @@ dependencies {
     testAnnotationProcessor 'org.projectlombok:lombok'
 }
 
+tasks.named('processResources') {
+    // Docker/배포 JAR: application-local.yml 제외 → application.yml 만 런타임 설정으로 포함
+    if (project.hasProperty('deploy')) {
+        exclude '**/application-local.yml'
+    }
+}
+
 tasks.named('test') {
     useJUnitPlatform()
 }

src/main/resources/application-local.yml

@@ -0,0 +1,15 @@
+# 로컬 전용 (Gradle -Pdeploy / Docker 빌드 시 JAR 에 포함되지 않음)
+
+spring:
+  datasource:
+    url: jdbc:mysql://localhost:3306/yourvoice?useSSL=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Seoul&characterEncoding=UTF-8
+    username: root
+    password: root
+    driver-class-name: com.mysql.cj.jdbc.Driver
+  jpa:
+    hibernate:
+      ddl-auto: update
+    properties:
+      hibernate:
+        format_sql: true
+    show-sql: true

src/main/resources/application.yml

@@ -1,16 +1,20 @@
+# 배포(JAR/Docker) 시에는 application-local.yml 을 넣지 않으므로 이 파일만 적용됩니다.
+# 로컬: spring.profiles.default=local + application-local.yml 이 아래 설정을 덮어씁니다.
+
 spring:
+  profiles:
+    default: local
+
   datasource:
-    url: jdbc:mysql://localhost:3306/yourvoice?useSSL=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Seoul&characterEncoding=UTF-8
-    username: root
-    password: root
+    url: ${SPRING_DATASOURCE_URL}
+    username: ${SPRING_DATASOURCE_USERNAME}
+    password: ${SPRING_DATASOURCE_PASSWORD}
     driver-class-name: com.mysql.cj.jdbc.Driver
+
   jpa:
     hibernate:
       ddl-auto: update
-    properties:
-      hibernate:
-        format_sql: true
-    show-sql: true
+    show-sql: false
 
 server:
   port: 9090
@@ -25,7 +29,6 @@ auth:
   google:
     client-id: ${GOOGLE_CLIENT_ID:498950596222-tncs8b6ce662tiuga816ai9pda03e3fr.apps.googleusercontent.com}
   jwt:
-    # Base64 encoded secret. Change in production.
     secret: ${JWT_SECRET_BASE64:ZGV2LXNlY3JldC1rZXktZm9yLWp3dC1zaG91bGQtYmUtbG9uZy1lbm91Z2gtMTIzNDU2}
     access-expiration-seconds: 1800
     refresh-expiration-seconds: 1209600