From 5cf28dc7fbedd5f743836cc4a876ae1714a937a6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=EC=9D=B4=EB=AA=85=EB=B2=94?= <72181693+mungmnb777@users.noreply.github.com> Date: Thu, 18 Jan 2024 00:58:02 +0900 Subject: [PATCH] =?UTF-8?q?feat:=20=EB=B0=B0=ED=8F=AC=20=ED=8C=8C=EC=9D=B4?= =?UTF-8?q?=ED=94=84=EB=9D=BC=EC=9D=B8=20=EA=B5=AC=EC=84=B1=20(#7)?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit * feat: 시큐리티 기본 설정 추가 * chore: src/main/resources/application.yml 삭제 및 gitignore 설정 * chore: Spring Actuator 의존성 추가 * chore: bootBuildImage 태스크 수정 * feat: 배포 파이프라인 추가 * fix: secrets 프로퍼티 이름 수정 * fix: distribution 설정 추가 * fix: 개행 제거 * fix: SSH 접속한 인스턴스에서 도커 스크립트를 실행하도록 수정 * fix: JVM 메모리 옵션 수정 * refactor: Kotlin DSL로 통일 * refactor: 중복된 task 제거 * chore: 적용 브랜치를 develop으로 변경 --- .github/workflows/dev-cd-jobs.yml | 42 +++++++++++++++++++ .gitignore | 3 ++ build.gradle | 25 +++++++++-- .../global/security/SecurityConfig.java | 21 ++++++++++ src/main/resources/application.yml | 10 ----- 5 files changed, 87 insertions(+), 14 deletions(-) create mode 100644 .github/workflows/dev-cd-jobs.yml create mode 100644 src/main/java/com/tteokguk/tteokguk/global/security/SecurityConfig.java delete mode 100644 src/main/resources/application.yml diff --git a/.github/workflows/dev-cd-jobs.yml b/.github/workflows/dev-cd-jobs.yml new file mode 100644 index 0000000..cd6ec37 --- /dev/null +++ b/.github/workflows/dev-cd-jobs.yml @@ -0,0 +1,42 @@ +name: Deploy to Develop Environment + +on: + push: + branches: + - develop + +jobs: + deploy: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Setup Java 17 + uses: actions/setup-java@v3 + with: + java-version: '17' + distribution: 'adopt' + + - name: Update Git submodules + run: git submodule update --remote --recursive + + - name: Build and test with Gradle + run: ./gradlew test + + - name: Build and push Docker image + run: ./gradlew clean bootBuildImage -PDOCKERHUB_ID=${{ secrets.DOCKERHUB_ID }} -PDOCKERHUB_TOKEN=${{ secrets.DOCKERHUB_TOKEN }} + + - name: SSH into EC2 instance + uses: appleboy/ssh-action@master + with: + host: ${{ secrets.DEV_EC2_HOST }} + username: ${{ secrets.DEV_EC2_USERNAME }} + key: ${{ secrets.DEV_EC2_PRIVATE_KEY }} + port: ${{ secrets.DEV_EC2_SSH_PORT }} + script: | + docker pull mungmnb777/tteokguk:latest + docker ps -f name=be-server -q | xargs --no-run-if-empty docker container stop + docker ps -a -f name=be-server -q | xargs --no-run-if-empty docker container rm + docker run -d --name be-server -p 80:8080 mungmnb777/tteokguk:latest \ No newline at end of file diff --git a/.gitignore b/.gitignore index 87a9a37..0183454 100644 --- a/.gitignore +++ b/.gitignore @@ -41,3 +41,6 @@ out/ ### VS Code ### .vscode/ + +### local properties ### +/src/main/resources/application.yml \ No newline at end of file diff --git a/build.gradle b/build.gradle index 8fbece5..292e1d7 100644 --- a/build.gradle +++ b/build.gradle @@ -48,21 +48,38 @@ dependencies { annotationProcessor "com.querydsl:querydsl-apt:${dependencyManagement.importedProperties['querydsl.version']}:jakarta" annotationProcessor "jakarta.annotation:jakarta.annotation-api" annotationProcessor "jakarta.persistence:jakarta.persistence-api" + + // Actuator + implementation 'org.springframework.boot:spring-boot-starter-actuator' } tasks.named('test') { + systemProperty "spring.profiles.active", "test" useJUnitPlatform() } -task copyGitSubmodule(type: Copy) { +tasks.register('copyGitSubmodule', Copy) { from './tteokguk-config' include '*.yml' into './src/main/resources' } -test { - systemProperty "spring.profiles.active", "test" - useJUnitPlatform() +tasks.named('bootBuildImage') { + environment["BPE_DELIM_JAVA_TOOL_OPTIONS"] = " " + environment["BPE_APPEND_JAVA_TOOL_OPTIONS"] = "-XX:+ExitOnOutOfMemoryError -XX:MaxDirectMemorySize=10M " + + "-XX:MaxMetaspaceSize=100M -XX:ReservedCodeCacheSize=60M -Xss256K" + + def dockerhubId = project.property("DOCKERHUB_ID") + def dockerhubToken = project.property("DOCKERHUB_TOKEN") + + imageName = dockerhubId + "/${project.name}" + publish = true + docker { + publishRegistry { + username = dockerhubId + password = dockerhubToken + } + } } processResources { diff --git a/src/main/java/com/tteokguk/tteokguk/global/security/SecurityConfig.java b/src/main/java/com/tteokguk/tteokguk/global/security/SecurityConfig.java new file mode 100644 index 0000000..cc466a7 --- /dev/null +++ b/src/main/java/com/tteokguk/tteokguk/global/security/SecurityConfig.java @@ -0,0 +1,21 @@ +package com.tteokguk.tteokguk.global.security; + +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; +import org.springframework.security.config.annotation.web.builders.HttpSecurity; +import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; +import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer; +import org.springframework.security.web.SecurityFilterChain; + +@Configuration +@EnableWebSecurity +public class SecurityConfig { + + @Bean + public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { + return http + .csrf(AbstractHttpConfigurer::disable) + .formLogin(AbstractHttpConfigurer::disable) + .build(); + } +} diff --git a/src/main/resources/application.yml b/src/main/resources/application.yml deleted file mode 100644 index a176bd7..0000000 --- a/src/main/resources/application.yml +++ /dev/null @@ -1,10 +0,0 @@ -spring: - profiles: - group: - test: - - test - dev: - - dev - db: - - db - default: db