UMC-PRODUCT · kyeoungwoon · Jan 9, 2026 · Jan 4, 2026 · Jan 5, 2026 · Jan 6, 2026
@@ -315,7 +315,7 @@ public class ChallengerRequest {
 ### File Names
 
 | Type       | Pattern                                | Example                             |
-| ---------- | -------------------------------------- | ----------------------------------- |
+|------------|----------------------------------------|-------------------------------------|
 | Entity     | `{Domain}.java`                        | `Challenger.java`                   |
 | Enum       | `{Domain}{Type}.java`                  | `ChallengerStatus.java`             |
 | UseCase    | `{Action}{Domain}UseCase.java`         | `RegisterChallengerUseCase.java`    |

diff --git a/build.gradle.kts b/build.gradle.kts
@@ -61,6 +61,7 @@ dependencies {
     implementation("org.springframework.boot:spring-boot-starter-aop")
     implementation("org.springframework.boot:spring-boot-starter-actuator")
     implementation("org.springframework.boot:spring-boot-starter-security")
+    implementation("org.springframework.boot:spring-boot-starter-oauth2-client")  // OAuth2 Client
     implementation("org.springframework.boot:spring-boot-starter-data-jpa")
 
     // JWT

diff --git a/docker/app/dockerfile b/docker/app/dockerfile
@@ -0,0 +1,57 @@
+# =================================
+# Build stage
+# =================================
+FROM gradle:8.5-jdk21 AS build
+WORKDIR /app
+
+# Copy Gradle wrapper and build files first to leverage cache
+# gradle.properties는 나중에 다시 설정하면 추가하기
+COPY build.gradle settings.gradle gradlew ./
+COPY gradle ./gradle
+RUN chmod +x gradlew && ./gradlew dependencies --no-daemon
+
+# Copy source and build artifact
+COPY src ./src
+# Skip tests in build to speed up image build (optional)
+RUN ./gradlew bootJar --no-daemon -x test && mv build/libs/*.jar app.jar
+
+# =================================
+# Run stage
+# =================================
+FROM eclipse-temurin:21-jre-jammy
+WORKDIR /app
+
+LABEL maintainer="kyeoungwoon" \
+    version="1.0"
+
+# Create non-root user before copying files so --chown works
+RUN groupadd -r spring && useradd -r -g spring spring
+
+# Copy jar from build stage and set ownership to non-root user
+COPY --from=build --chown=spring:spring /app/app.jar ./app.jar
+RUN chmod 444 app.jar
+
+# 로그 디렉토리 생성 및 권한 설정 추가
+RUN mkdir -p /app/logs && chown -R spring:spring /app/logs
+
+# Switch to non-root user
+USER spring:spring
+
+# Expose application port
+EXPOSE 8080
+
+# JVM options (single line to avoid parsing issues)
+ENV JAVA_OPTS="-XX:+UseContainerSupport \
+               -XX:MaxRAMPercentage=75.0 \
+               -XX:+UseG1GC \
+               -XX:+ExitOnOutOfMemoryError \
+               -XX:+HeapDumpOnOutOfMemoryError \
+               -XX:HeapDumpPath=/tmp/heapdump.hprof \
+               -Duser.timezone=Asia/Seoul \
+               -Djava.security.egd=file:/dev/./urandom"
+
+# Use exec form with sh -c so JAVA_OPTS is expanded and signals forwarded
+ENTRYPOINT ["sh", "-c", "exec java $JAVA_OPTS -jar app.jar"]
+
-# JVM options (single line to avoid parsing issues)
-ENV JAVA_OPTS="-XX:+UseContainerSupport \
-               -XX:MaxRAMPercentage=75.0 \
-               -XX:+UseG1GC \
-               -XX:+ExitOnOutOfMemoryError \
-               -XX:+HeapDumpOnOutOfMemoryError \
-               -XX:HeapDumpPath=/tmp/heapdump.hprof \
-               -Duser.timezone=Asia/Seoul \
-               -Djava.security.egd=file:/dev/./urandom"
-
-# Use exec form with sh -c so JAVA_OPTS is expanded and signals forwarded
-ENTRYPOINT ["sh", "-c", "exec java $JAVA_OPTS -jar app.jar"]
+# JVM options are passed directly via exec-form ENTRYPOINT to avoid shell parsing issues
+ENTRYPOINT ["java", \
+           "-XX:+UseContainerSupport", \
+           "-XX:MaxRAMPercentage=75.0", \
+           "-XX:+UseG1GC", \
+           "-XX:+ExitOnOutOfMemoryError", \
+           "-XX:+HeapDumpOnOutOfMemoryError", \
+           "-XX:HeapDumpPath=/tmp/heapdump.hprof", \
+           "-Duser.timezone=Asia/Seoul", \
+           "-Djava.security.egd=file:/dev/./urandom", \
+           "-jar", \
+           "app.jar"]
-# JVM options (single line to avoid parsing issues)
-ENV JAVA_OPTS="-XX:+UseContainerSupport \
-               -XX:MaxRAMPercentage=75.0 \
-               -XX:+UseG1GC \
-               -XX:+ExitOnOutOfMemoryError \
-               -XX:+HeapDumpOnOutOfMemoryError \
-               -XX:HeapDumpPath=/tmp/heapdump.hprof \
-               -Duser.timezone=Asia/Seoul \
-               -Djava.security.egd=file:/dev/./urandom"
-
-# Use exec form with sh -c so JAVA_OPTS is expanded and signals forwarded
-ENTRYPOINT ["sh", "-c", "exec java $JAVA_OPTS -jar app.jar"]
+# JVM options are passed directly via exec-form ENTRYPOINT to avoid shell parsing issues
+ENTRYPOINT ["java", \
+           "-XX:+UseContainerSupport", \
+           "-XX:MaxRAMPercentage=75.0", \
+           "-XX:+UseG1GC", \
+           "-XX:+ExitOnOutOfMemoryError", \
+           "-XX:+HeapDumpOnOutOfMemoryError", \
+           "-XX:HeapDumpPath=/tmp/heapdump.hprof", \
+           "-Duser.timezone=Asia/Seoul", \
+           "-Djava.security.egd=file:/dev/./urandom", \
+           "-jar", \
+           "app.jar"]
+# Optional healthcheck (uncomment if actuator/health endpoint exists)
+# HEALTHCHECK --interval=30s --timeout=5s CMD curl -f http://localhost:8080/actuator/health || exit 1