festabook · soeun2537 · Dec 26, 2025 · Dec 3, 2025 · Dec 3, 2025 · Dec 22, 2025
diff --git a/.github/workflows/backend-cd-dev.yml b/.github/workflows/backend-cd-dev.yml
diff --git a/.github/workflows/ci-cd-dev.yml b/.github/workflows/ci-cd-dev.yml
@@ -0,0 +1,84 @@
+name: CI/CD Build, Upload, Deploy (Dev)
+
+on:
+  push:
+    branches: [ dev ]
+  workflow_dispatch:
+
+jobs:
+  build-and-upload:
+    runs-on: ubuntu-latest
+
+    permissions:
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 21
+          cache: gradle
+
+      - name: Create application-secret.yml
+        run: |
+          mkdir -p src/main/resources
+          echo "${{ secrets.DEV_SECRET_YML }}" > src/main/resources/application-secret.yml
+
+      - name: Create firebase-adminsdk-account.json
+        run: |
+          mkdir -p src/main/resources/firebase
+          echo '${{ secrets.FIREBASE_ADMINSDK_ACCOUNT_KEY }}' \
+            > src/main/resources/firebase/firebase-adminsdk-account.json
+
+      - name: Gradle build
+        run: |
+          chmod +x ./gradlew
+          ./gradlew clean build
+
+      - name: Find executable jar
+        id: jar
+        run: |
+          JAR_PATH=$(find build/libs -name "*.jar" ! -name "*plain.jar" | head -n 1)
+          if [ -z "$JAR_PATH" ]; then
+            echo "No executable jar found"; exit 1;
+          fi
+          echo "jar_path=$JAR_PATH" >> "$GITHUB_OUTPUT"
+          echo "jar_name=$(basename "$JAR_PATH")" >> "$GITHUB_OUTPUT"
+
+      - name: Create deploy bundle
+        id: bundle
+        run: |
+          mkdir -p deploy
+          cp "${{ steps.jar.outputs.jar_path }}" deploy/
+
+          cp infra/appspec.yml deploy/ 2>/dev/null || true
+          cp infra/*.sh deploy/ 2>/dev/null || true
+
+          cd deploy
+          ZIP_NAME="festabook-$(date +'%Y%m%d%H%M%S')-${GITHUB_SHA::7}.zip"
+          zip -r "$ZIP_NAME" .
+          echo "zip_name=$ZIP_NAME" >> "$GITHUB_OUTPUT"
+          echo "zip_path=$(pwd)/$ZIP_NAME" >> "$GITHUB_OUTPUT"
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ secrets.AWS_DEPLOY_REGION }}
+          role-to-assume: ${{ secrets.AWS_OIDC_ROLE_ARN }}
+          role-session-name: festabook-ci-cd
+
+      - name: Upload artifact to S3
+        run: |
+          aws s3 cp "${{ steps.bundle.outputs.zip_path }}" \
+            "s3://${{ secrets.S3_ARTIFACT_BUCKET }}/dev/builds/${{ steps.bundle.outputs.zip_name }}"
+
+      - name: Trigger CodeDeploy deployment
+        run: |
+          aws deploy create-deployment \
+            --application-name "${{ secrets.CODEDEPLOY_APP_NAME }}" \
+            --deployment-group-name "${{ secrets.CODEDEPLOY_DEPLOYMENT_GROUP_DEV }}" \
+            --s3-location bucket=${{ secrets.S3_ARTIFACT_BUCKET }},bundleType=zip,key=dev/builds/${{ steps.bundle.outputs.zip_name }}
diff --git a/.github/workflows/ci-cd-prod.yml b/.github/workflows/ci-cd-prod.yml
@@ -0,0 +1,84 @@
+name: CI/CD Build, Upload, Deploy (Prod)
+
+on:
+  push:
+    branches: [ prod ]
+  workflow_dispatch:
+
+jobs:
+  build-and-upload:
+    runs-on: ubuntu-latest
+
+    permissions:
+      id-token: write
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v4
+
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          distribution: temurin
+          java-version: 21
+          cache: gradle
+
+      - name: Create application-secret.yml
+        run: |
+          mkdir -p src/main/resources
+          echo "${{ secrets.PROD_SECRET_YML }}" > src/main/resources/application-secret.yml
+
+      - name: Create firebase-adminsdk-account.json
+        run: |
+          mkdir -p src/main/resources/firebase
+          echo '${{ secrets.FIREBASE_ADMINSDK_ACCOUNT_KEY }}' \
+            > src/main/resources/firebase/firebase-adminsdk-account.json
+
+      - name: Gradle build
+        run: |
+          chmod +x ./gradlew
+          ./gradlew clean build
+
+      - name: Find executable jar
+        id: jar
+        run: |
+          JAR_PATH=$(find build/libs -name "*.jar" ! -name "*plain.jar" | head -n 1)
+          if [ -z "$JAR_PATH" ]; then
+            echo "No executable jar found"; exit 1;
+          fi
+          echo "jar_path=$JAR_PATH" >> "$GITHUB_OUTPUT"
+          echo "jar_name=$(basename "$JAR_PATH")" >> "$GITHUB_OUTPUT"
+
+      - name: Create deploy bundle
+        id: bundle
+        run: |
+          mkdir -p deploy
+          cp "${{ steps.jar.outputs.jar_path }}" deploy/
+
+          cp infra/appspec.yml deploy/ 2>/dev/null || true
+          cp infra/*.sh deploy/ 2>/dev/null || true
+
+          cd deploy
+          ZIP_NAME="festabook-$(date +'%Y%m%d%H%M%S')-${GITHUB_SHA::7}.zip"
+          zip -r "$ZIP_NAME" .
+          echo "zip_name=$ZIP_NAME" >> "$GITHUB_OUTPUT"
+          echo "zip_path=$(pwd)/$ZIP_NAME" >> "$GITHUB_OUTPUT"
+
+      - name: Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          aws-region: ${{ secrets.AWS_DEPLOY_REGION }}
+          role-to-assume: ${{ secrets.AWS_OIDC_ROLE_ARN }}
+          role-session-name: festabook-ci-cd
+
+      - name: Upload artifact to S3
+        run: |
+          aws s3 cp "${{ steps.bundle.outputs.zip_path }}" \
+            "s3://${{ secrets.S3_ARTIFACT_BUCKET }}/prod/builds/${{ steps.bundle.outputs.zip_name }}"
+
+      - name: Trigger CodeDeploy deployment
+        run: |
+          aws deploy create-deployment \
+            --application-name "${{ secrets.CODEDEPLOY_APP_NAME }}" \
+            --deployment-group-name "${{ secrets.CODEDEPLOY_DEPLOYMENT_GROUP_PROD }}" \
+            --s3-location bucket=${{ secrets.S3_ARTIFACT_BUCKET }},bundleType=zip,key=prod/builds/${{ steps.bundle.outputs.zip_name }}
diff --git a/.github/workflows/backend-ci.yml → .github/workflows/ci.yml b/.github/workflows/backend-ci.yml → .github/workflows/ci.yml
@@ -1,16 +1,16 @@
-name: Backend CI Test
+name: CI Test
 
 on:
   pull_request:
     branches:
-      - backend-prod
-      - backend-dev
+      - prod
+      - dev
 
 jobs:
   Run-PR-Test:
     runs-on: ubuntu-latest
     permissions:
-      contents: read
+      contents: write
       pull-requests: write
       checks: write
 
@@ -24,33 +24,49 @@ jobs:
           java-version: '21'
           distribution: 'temurin'
 
+      - name: Cache SonarQube packages
+        uses: actions/cache@v4
+        with:
+          path: ~/.sonar/cache
+          key: ${{ runner.os }}-sonar
+          restore-keys: ${{ runner.os }}-sonar
+
       - name: Gradle cache
         uses: actions/cache@v4
         with:
           path: |
             ~/.gradle/caches
             ~/.gradle/wrapper
-          key: ${{ runner.os }}-gradle-${{ hashFiles('backend/**/*.gradle*', 'backend/**/gradle-wrapper.properties') }}
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
           restore-keys: |
             ${{ runner.os }}-gradle-
 
       - name: Grant execute permission for gradlew
-        run: chmod +x backend/gradlew
+        run: chmod +x ./gradlew
 
       - name: Create firebase-adminsdk-account.json
         run: |
-          mkdir -p backend/src/main/resources/firebase
-          echo "${{ secrets.FIREBASE_ADMINSDK_ACCOUNT_KEY }}" > backend/src/main/resources/firebase/firebase-adminsdk-account.json
+          mkdir -p src/main/resources/firebase
+          echo "${{ secrets.FIREBASE_ADMINSDK_ACCOUNT_KEY }}" > src/main/resources/firebase/firebase-adminsdk-account.json
 
       - name: Run Gradle Test
-        run: ./gradlew clean test
-        working-directory: backend
+        env:
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: ./gradlew clean test jacocoTestReport sonar
 
       - name: Publish Unit Test Results
         if: always()
         uses: EnricoMi/publish-unit-test-result-action@v2
         with:
-          files: backend/build/test-results/test/TEST-*.xml
+          files: build/test-results/test/TEST-*.xml
           check_name: '테스트 결과 🛠️'
           check_run_annotations: 'none'
           comment_mode: 'off'
+
+      - name: Comment coverage on PR
+        uses: madrapps/[email protected]
+        with:
+          paths: build/reports/jacoco/test/jacocoTestReport.xml
+          token: ${{ secrets.GITHUB_TOKEN }}
+          min-coverage-overall: 90
+          min-coverage-changed-files: 100
diff --git a/.github/workflows/release-drafter.yml b/.github/workflows/release-drafter.yml
@@ -4,7 +4,7 @@ on:
   push:
     branches:
       - release/*
-      - main
+      - prod
 
 permissions:
   contents: write
@@ -26,7 +26,7 @@ jobs:
           GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
 
       - name: Publish Release
-        if: github.ref == 'refs/heads/main'
+        if: github.ref == 'refs/heads/prod'
         id: drafter
         uses: release-drafter/release-drafter@v6
         with:

diff --git a/.../workflows/common-slack-notify-opened.yml → .github/workflows/slack-notify-opened.yml b/.../workflows/common-slack-notify-opened.yml → .github/workflows/slack-notify-opened.yml
diff --git a/...flows/common-slack-notify-rerequested.yml → ...ub/workflows/slack-notify-rerequested.yml b/...flows/common-slack-notify-rerequested.yml → ...ub/workflows/slack-notify-rerequested.yml
diff --git a/...rkflows/common-slack-notify-submitted.yml → .github/workflows/slack-notify-submitted.yml b/...rkflows/common-slack-notify-submitted.yml → .github/workflows/slack-notify-submitted.yml