[Release] 자동 배포

.github/workflows/spring-boot-cd.yml

@@ -0,0 +1,92 @@
+name: Deploy to AWS ECR
+
+on:
+  push:
+    branches: 
+      - release
+
+env:
+  AWS_REGION: ap-northeast-2
+  IMAGE_TAG: latest
+  ECR_REPOSITORY: wasin
+
+defaults:
+  run:
+    working-directory: ./wasin
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+
+      - name: get Github Action Public IP
+        id: ip
+        uses: haythem/public-ip@v1.3
+
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'adopt'
+
+      - name: Grant execute permission for gradlew
+        run: chmod +x ./gradlew
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ap-northeast-2
+
+      - name: Login to Amazon ECR
+        uses: aws-actions/amazon-ecr-login@v2
+        id: login-ecr
+
+      - name: docker build
+        env: 
+          REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+
+        run: docker build -t $REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG -f DockerFileProd .
+
+      - name: docker build2
+        env:
+          REGISTRY: ${{ steps.login-ecr.outputs.registry }}
+
+        run: |
+          docker push $REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
+      
+      - name: add Github Actions IP to Security group
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: ap-northeast-2
+        run: |
+          aws ec2 authorize-security-group-ingress --group-name ${{ secrets.AWS_SECURITY_GROUP }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
+          
+      - name: deploy ec2 server
+        uses: appleboy/ssh-action@v1.0.3
+        with:
+          host: ${{ secrets.AWS_HOST }}
+          username: ${{ secrets.AWS_USER_NAME }}
+          key: ${{ secrets.AWS_SSH_KEY }}
+          script: |
+            cd ~/wasin-backend/wasin
+            sudo git pull
+            aws ecr get-login-password --region ap-northeast-2 | sudo docker login --username AWS --password-stdin ${{ steps.login-ecr.outputs.registry }}
+            sudo docker compose -f docker-compose.prod.yml pull
+            sudo docker compose -f docker-compose.prod.yml down nginx wasin
+            sudo docker compose -f docker-compose.prod.yml up -d
+            sudo docker image prune -f
+
+      - name: remove github Actions IP from security group
+        env:
+          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          AWS_DEFAULT_REGION: ap-northeast-2
+        run: |
+          aws ec2 revoke-security-group-ingress --group-name ${{ secrets.AWS_SECURITY_GROUP }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32

wasin/DockerFileProd

@@ -7,16 +7,15 @@ COPY . .
 
 #ENV TESTCONTAINERS_HOST_OVERRIDE=host.docker.internal
 RUN gradle wrapper
-RUN ./gradlew clean build -Penv=prod -x test
+RUN ./gradlew clean build -Pprofile=prod -x test
 
 # 2. Run the application
 FROM eclipse-temurin:17-jdk-jammy
 
 WORKDIR /opt/wasin
-
-COPY --from=build /home/gradle/project/build/libs/wasin.jar .
+COPY --from=build /home/gradle/project/build/libs/wasin-0.0.1-SNAPSHOT.jar .
 
 ENV DB_URL=${DB_URL}
 ENV DB_PASSWORD=${DB_PASSWORD}
 
-CMD ["java", "-Dspring.profiles.active=prod", "-jar", "wasin.jar"]
+CMD ["java", "-Dspring.profiles.active=prod", "-jar", "wasin-0.0.1-SNAPSHOT.jar"]

wasin/Dockerfile

@@ -7,16 +7,17 @@ COPY . .
 
 #ENV TESTCONTAINERS_HOST_OVERRIDE=host.docker.internal
 RUN gradle wrapper
-RUN ./gradlew clean build
+RUN ./gradlew clean build -x test
 
 # 2. Run the application
 FROM eclipse-temurin:17-jdk-jammy
 
 WORKDIR /opt/wasin
 
-COPY --from=build /home/gradle/project/build/libs/wasin.jar .
+COPY --from=build /home/gradle/project/build/libs/wasin-0.0.1-SNAPSHOT.jar .
 
 ENV DB_URL=${DB_LOCAL_URL}
 ENV DB_PASSWORD=${DB_LOCAL_PASSWORD}
 
-CMD ["java", "-Dspring.profiles.active=prod", "-jar", "wasin.jar"]
+CMD ["java", "-Dspring.profiles.active=prod", "-jar", "wasin-0.0.1-SNAPSHOT.jar"]
+

wasin/nginx/nginx.conf

@@ -0,0 +1,46 @@
+
+server {
+    listen 80;
+    server_name wasin.site;
+    server_tokens off;
+
+    location /.well-known/acme-challenge/ {
+        root /var/www/certbot;
+    }
+
+    location / {
+        return 301 https://$host$request_uri;
+    }
+}
+
+server {
+    listen 443 ssl;
+    server_name wasin.site;
+    server_tokens off;
+
+    # access_log /var/log/nginx/access.log;
+    # error_log /var/log/nginx/error.log;
+
+    include mime.types;
+
+   ssl_certificate /etc/letsencrypt/live/wasin.site/fullchain.pem;
+    ssl_certificate_key /etc/letsencrypt/live/wasin.site/privkey.pem;
+    include /etc/letsencrypt/options-ssl-nginx.conf;
+    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem;
+
+    location /hc {
+        default_type application/json;
+        return 200 '{"status":200, "message":"server is healthy"}';
+    }
+
+    location /api {
+        if ($http_host !~* ^(wasin\.site)$ ) {
+            return 444;
+        }
+        proxy_pass http://wasin:8080;
+        proxy_set_header Host $http_host;
+        proxy_set_header X-Real-IP $remote_addr;
+        proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
+        proxy_set_header X-RequestID $request_id;
+    }
+}

wasin/settings.gradle

@@ -1 +1 @@
-rootProject.name = 'backend'
+rootProject.name = 'wasin'

wasin/src/main/java/com/wasin/backend/WasinApplication.java → wasin/src/main/java/com/wasin/wasin/WasinApplication.java

@@ -1,4 +1,4 @@
-package com.wasin.backend;
+package com.wasin.wasin;
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;

wasin/src/main/java/com/wasin/backend/_core/config/AwsS3Config.java → wasin/src/main/java/com/wasin/wasin/_core/config/AwsS3Config.java

@@ -1,4 +1,4 @@
-package com.wasin.backend._core.config;
+package com.wasin.wasin._core.config;
 
 import com.amazonaws.auth.AWSStaticCredentialsProvider;
 import com.amazonaws.auth.BasicAWSCredentials;

wasin/src/main/java/com/wasin/backend/_core/config/MailConfig.java → wasin/src/main/java/com/wasin/wasin/_core/config/MailConfig.java

@@ -1,4 +1,4 @@
-package com.wasin.backend._core.config;
+package com.wasin.wasin._core.config;
 
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;

wasin/src/main/java/com/wasin/backend/_core/config/ScheduleConfig.java → wasin/src/main/java/com/wasin/wasin/_core/config/ScheduleConfig.java

@@ -1,25 +1,27 @@
-package com.wasin.backend._core.config;
+package com.wasin.wasin._core.config;
 
 import com.fasterxml.jackson.databind.ObjectMapper;
-import com.wasin.backend._core.exception.BaseException;
-import com.wasin.backend._core.exception.error.ServerException;
-import com.wasin.backend.domain.dto.ProfileDTO;
-import com.wasin.backend.domain.entity.Profile;
-import com.wasin.backend.domain.mapper.ProfileMapper;
-import com.wasin.backend.repository.ProfileJPARepository;
-import com.wasin.backend.repository.ProfileJdbcRepository;
+import com.wasin.wasin._core.exception.BaseException;
+import com.wasin.wasin._core.exception.error.ServerException;
+import com.wasin.wasin.domain.dto.ProfileDTO;
+import com.wasin.wasin.domain.entity.Profile;
+import com.wasin.wasin.domain.mapper.ProfileMapper;
+import com.wasin.wasin.repository.ProfileJPARepository;
+import com.wasin.wasin.repository.ProfileJdbcRepository;
 import jakarta.annotation.PostConstruct;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.core.io.ClassPathResource;
 import org.springframework.scheduling.annotation.Scheduled;
+import org.springframework.transaction.annotation.Transactional;
 
 import java.io.InputStream;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.List;
 
+@Transactional(readOnly = true)
 @Slf4j
 @RequiredArgsConstructor
 @Configuration
@@ -35,6 +37,7 @@ public void init() {
         scheduleProfileSave();
     }
 
+    @Transactional
     @Scheduled(cron = "0 0 3 * * *", zone = "Asia/Seoul")
     public void scheduleProfileSave() {
         try {

wasin/src/main/java/com/wasin/backend/_core/config/SecurityConfig.java → wasin/src/main/java/com/wasin/wasin/_core/config/SecurityConfig.java

@@ -1,12 +1,12 @@
-package com.wasin.backend._core.config;
-
-import com.wasin.backend._core.exception.BaseException;
-import com.wasin.backend._core.exception.error.ForbiddenException;
-import com.wasin.backend._core.exception.error.UnauthorizedException;
-import com.wasin.backend._core.security.FilterResponse;
-import com.wasin.backend._core.security.JWTProvider;
-import com.wasin.backend._core.security.JwtAuthenticationFilter;
-import com.wasin.backend._core.security.JwtExceptionFilter;
+package com.wasin.wasin._core.config;
+
+import com.wasin.wasin._core.exception.BaseException;
+import com.wasin.wasin._core.exception.error.ForbiddenException;
+import com.wasin.wasin._core.exception.error.UnauthorizedException;
+import com.wasin.wasin._core.security.FilterResponse;
+import com.wasin.wasin._core.security.JWTProvider;
+import com.wasin.wasin._core.security.JwtAuthenticationFilter;
+import com.wasin.wasin._core.security.JwtExceptionFilter;
 import lombok.RequiredArgsConstructor;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;

wasin/src/main/java/com/wasin/backend/_core/config/WebClientConfig.java → wasin/src/main/java/com/wasin/wasin/_core/config/WebClientConfig.java

@@ -1,4 +1,4 @@
-package com.wasin.backend._core.config;
+package com.wasin.wasin._core.config;
 
 import io.netty.channel.ChannelOption;
 import io.netty.resolver.DefaultAddressResolverGroup;

wasin/src/main/java/com/wasin/backend/_core/exception/BaseException.java → wasin/src/main/java/com/wasin/wasin/_core/exception/BaseException.java

@@ -1,4 +1,4 @@
-package com.wasin.backend._core.exception;
+package com.wasin.wasin._core.exception;
 
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
@@ -74,6 +74,9 @@ public enum BaseException {
 
     PROFILE_UPDATED_JUST_NOW( "최근 프로파일이 변경된지 30분 이후 변경 가능합니다.", HttpStatus.BAD_REQUEST),
     PROFILE_MODE_ALREADY_BE("현재 해당 프로파일로 동작하고 있습니다.", HttpStatus.BAD_REQUEST),
+    POWER_SAVING_MODE_CHANGE_FAIL("파워 세이빙 모드로 바꾸는 데 실패했습니다.", HttpStatus.INTERNAL_SERVER_ERROR),
+    SSH_CONNECTION_FAIL("SSH 연결에 실패했습니다.", HttpStatus.INTERNAL_SERVER_ERROR),
+
     ;
 
 

wasin/src/main/java/com/wasin/backend/_core/exception/CustomException.java → wasin/src/main/java/com/wasin/wasin/_core/exception/CustomException.java

@@ -1,6 +1,6 @@
-package com.wasin.backend._core.exception;
+package com.wasin.wasin._core.exception;
 
-import com.wasin.backend._core.util.ApiUtils;
+import com.wasin.wasin._core.util.ApiUtils;
 import org.springframework.http.HttpStatus;
 
 public abstract class CustomException extends RuntimeException {