Skip to content

모니터링 및 구현 고도화 #11

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
jungeunyooon merged 5 commits into from
Sep 14, 2025
Merged

모니터링 및 구현 고도화 #11

Show file tree
Hide file tree
Changes from 3 commits
Commits
Show all changes
5 commits
Select commit Hold shift + click to select a range
21ffe2e
set: 모니터링 세팅
jungeunyooon Sep 12, 2025
41d7339
set: k6 테스트
jungeunyooon Sep 13, 2025
4056038
feat : 구현 고도화
jungeunyooon Sep 13, 2025
f5846c3
리드미 작성
jungeunyooon Sep 13, 2025
2fe396c
불필요한 파일 제거
jungeunyooon Sep 13, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
47 changes: 47 additions & 0 deletions .dockerignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,47 @@
# Gradle
.gradle/
build/
gradle-app.setting
!gradle-wrapper.jar

# IDE
.idea/
.vscode/
*.iws
*.iml
*.ipr

# OS
.DS_Store
Thumbs.db

# Git
.git/
.gitignore

# Documentation
README.md
*.md

# Docker
Dockerfile*
docker-compose*.yml

# Monitoring
monitoring/

# Test files
src/test/

# Temporary files
*.tmp
*.log
*.pid
*.seed
*.pid.lock

# Node modules (if any)
node_modules/

Comment on lines +36 to +45
Copy link

@coderabbitai coderabbitai bot Sep 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Exclude secrets from the Docker build context.

Prevent accidental leakage of env files/keys into image layers.

Apply:

 # Temporary files
 *.tmp
 *.log
 *.pid
 *.seed
 *.pid.lock
+
+# Secrets
+.env
+.env.*
+**/*.pem
+**/*.key
+**/*_rsa
+**/*_ed25519
+**/*secret*
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# Temporary files
*.tmp
*.log
*.pid
*.seed
*.pid.lock
# Node modules (if any)
node_modules/
# Temporary files
*.tmp
*.log
*.pid
*.seed
*.pid.lock
# Secrets
.env
.env.*
**/*.pem
**/*.key
**/*_rsa
**/*_ed25519
**/*secret*
# Node modules (if any)
node_modules/
🤖 Prompt for AI Agents 
In .dockerignore around lines 36–45, the file currently ignores temp files and
node_modules but does not exclude environment files or secret keys; update the
Docker ignore entries to explicitly exclude secrets from the build context by
adding patterns such as .env, .env.*, *.key, *.pem, id_rsa*, .aws, .aws/*,
.git-credentials, .gpg, .secrets, secrets/, and any project-specific secret
filenames or directories so environment variables, private keys, and credential
files are not sent to Docker during build.

# Maven (if any)
target/
12 changes: 12 additions & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -51,3 +51,15 @@ build/

# Backup files
*.bak

bin/
bin/main/
bin/main/application.yml
bin/test/
bin/test/resources/
bin/test/resources/application.yml
bin/test/resources/application.yml.bak
bin/test/resources/application.yml.bak.bak
bin/test/resources/application.yml.bak.bak.bak
bin/test/resources/application.yml.bak.bak.bak.bak
bin/test/resources/application.yml.bak.bak.bak.bak.bak
24 changes: 15 additions & 9 deletions Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,13 +1,19 @@
# Build stage
FROM gradle:8.3-jdk17-alpine AS build
WORKDIR /app
COPY build.gradle.kts settings.gradle.kts /app/
COPY src /app/src
RUN gradle build --no-daemon
FROM gradle:8.3-jdk17 AS builder
WORKDIR /home/gradle/project
COPY . .
RUN gradle build --no-daemon -x test
Copy link

@coderabbitai coderabbitai bot Sep 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue

Wildcard COPY may fail: two jars (boot + plain) commonly exist.

build/libs/*.jar -> app.jar is ambiguous if both boot and plain jars are present. Prefer building a single bootJar with a fixed name and disable the plain jar.

Apply:

-RUN gradle build --no-daemon -x test
+RUN gradle bootJar --no-daemon -x test
@@
-COPY --from=builder /home/gradle/project/build/libs/*.jar app.jar
+COPY --from=builder /home/gradle/project/build/libs/app.jar app.jar

And in build.gradle (outside this file):

+tasks.named('jar') { enabled = false }
+tasks.named('bootJar') {
+  archiveFileName = 'app.jar'
+}

Also applies to: 12-13

🤖 Prompt for AI Agents 
In Dockerfile around lines 5 and also affecting lines 12-13, the current build
and COPY use a wildcard jar (build/libs/*.jar -> app.jar) which is ambiguous
when both boot and plain jars are produced; change the Gradle build to produce a
single bootJar with a fixed name and disable the plain (jar) artifact in
build.gradle (e.g., enable bootJar, disable plain jar, and set
archiveBaseName/archiveFileName), run gradle bootJar (or gradle build ensuring
only the bootJar is created), and update the Dockerfile to COPY the fixed boot
jar filename (e.g., build/libs/my-app.jar) instead of using a wildcard.


# Runtime stage
FROM openjdk:17-slim
RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/*
Comment on lines +8 to +9
Copy link

@coderabbitai coderabbitai bot Sep 13, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion

Harden runtime image: drop root and simplify JVM flags.

  • Run as a non-root user.
  • -XX:+UseContainerSupport is on by default in JDK 17; you can omit it.

Apply:

 FROM openjdk:17-slim
-RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists/*
+RUN apt-get update && apt-get install -y curl && rm -rf /var/lib/apt/lists* \
+  && useradd -m -u 10001 appuser
@@
-ENV JAVA_OPTS="-XX:+UseContainerSupport -XX:MaxRAMPercentage=75.0"
+ENV JAVA_OPTS="-XX:MaxRAMPercentage=75.0"
-CMD ["sh", "-c", "java $JAVA_OPTS -jar app.jar"]
+USER appuser
+CMD ["sh", "-c", "java $JAVA_OPTS -jar app.jar"]

Also applies to: 18-19

🤖 Prompt for AI Agents 
In Dockerfile around lines 8-9, the image installs packages and runs as root and
the JVM flags include -XX:+UseContainerSupport which is redundant in JDK 17;
modify the Dockerfile to create a dedicated non-root user (e.g.,
addgroup/adduser or useradd), set ownership of the application directories to
that user, switch to that user with the USER instruction before runtime, and
remove -XX:+UseContainerSupport from any JVM options; ensure any files or
directories the app needs are chowned appropriately and that the image still
exposes the required ports and environment variables for the non-root user.


# Package stage
FROM openjdk:17-jdk-slim
WORKDIR /app
COPY --from=build /app/build/libs/*.jar /app/app.jar
COPY --from=builder /home/gradle/project/build/libs/*.jar app.jar

EXPOSE 8080
CMD ["java", "-jar", "/app/app.jar"]
HEALTHCHECK --interval=30s --timeout=10s --start-period=60s --retries=3 \
CMD curl -f http://localhost:8080/actuator/health || exit 1

ENV JAVA_OPTS="-XX:+UseContainerSupport -XX:MaxRAMPercentage=75.0"
CMD ["sh", "-c", "java $JAVA_OPTS -jar app.jar"]
Loading