Skip to content

[CI/CD] CI/CD 전략 변경 #5

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
taek2222 merged 34 commits into from
Dec 3, 2025
Merged

[CI/CD] CI/CD 전략 변경 #5

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
34 commits
Select commit Hold shift + click to select a range
b84ae5c
chore: CI/CD 스크립트 초안 작성
taek2222 Nov 26, 2025
0d3f0c2
chore: 쓰기 권한 추가
taek2222 Nov 26, 2025
a842c21
chore: 버킷 이름 수정
taek2222 Nov 26, 2025
830e423
chore: 주석 삭제 및 캐시 적용
taek2222 Nov 26, 2025
7952741
chore: CodeDeploy 요청 적용
taek2222 Nov 26, 2025
46bcf62
chore: CodeDeploy 설정 변경 삭제
taek2222 Nov 26, 2025
674848a
chore: appspec 경로 수정
taek2222 Nov 27, 2025
6fce1e8
chore: 실행, 검증, 시작 스크립트 변경
taek2222 Nov 27, 2025
31c31a7
refactor: CloudWatchMetricsConfig 수정
taek2222 Nov 27, 2025
be8cf8f
refactor: start 스크립트 수정
taek2222 Nov 27, 2025
e4ddd1e
chore: 헬스 체크 시간 2분 증가
taek2222 Nov 27, 2025
b7c2f5a
chore: clean, stop 트리거 추가
taek2222 Nov 27, 2025
7c76efd
chore: 권한 root, 이름 변경
taek2222 Nov 27, 2025
237583f
chore: clean 이름 변경
taek2222 Nov 27, 2025
46c831b
chore: 파일 이름 변경
taek2222 Nov 27, 2025
0fc0529
chore: 최종 dev prod CI/CD 생성
taek2222 Nov 27, 2025
26bb79e
chore: 이름 간소화
taek2222 Nov 27, 2025
0d899f0
chore: ci-cd 버킷 시크릿 이름 변경
taek2222 Nov 27, 2025
35c5ea7
chore: 환경 변수 명확한 네이밍 수정
taek2222 Nov 27, 2025
5a66841
chore: Dev 서버 배포를 위한 브랜치 잠시 변경
taek2222 Nov 29, 2025
c1282b6
chore: 잘못된 버킷 환경 변수 이름 수정
taek2222 Nov 29, 2025
1e5ba90
chore: Secrets 형태로 변경
taek2222 Nov 29, 2025
5dd3cf3
chore: start 스크립트 변경
taek2222 Nov 29, 2025
2792b76
chore: prod 브랜치 트리거 변경
taek2222 Nov 29, 2025
f2af454
chore: Time out 시간 설정
taek2222 Nov 29, 2025
5d8550a
refactor: 임시적 S3 변경
taek2222 Dec 1, 2025
103744e
chore: prod 브랜치 트리거 재변경
taek2222 Dec 1, 2025
69c66b2
refactor: 임시적 S3 Client Config 수정
taek2222 Dec 1, 2025
8e23ed6
chore: stop 스크립트 변경
taek2222 Dec 2, 2025
43a328c
chore: 매개변수 secrets 변경
taek2222 Dec 2, 2025
43b92f7
chore: 매개변수 secrets 변경, 브랜치 수정
taek2222 Dec 2, 2025
bc2dcc0
chore: CI 스크립트 브랜치 변경
taek2222 Dec 2, 2025
b1d5faa
chore: release 브랜치 변경
taek2222 Dec 2, 2025
49bc789
chore: ci 디렉토리 변경
taek2222 Dec 3, 2025
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
115 changes: 0 additions & 115 deletions .github/workflows/backend-cd-dev.yml
View file
Open in desktop

This file was deleted.

84 changes: 84 additions & 0 deletions .github/workflows/ci-cd-dev.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
name: CI/CD Build, Upload, Deploy (Dev)

on:
push:
branches: [ dev ]
workflow_dispatch:

jobs:
build-and-upload:
runs-on: ubuntu-latest

permissions:
id-token: write

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Set up JDK
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 21
cache: gradle

- name: Create application-secret.yml
run: |
mkdir -p src/main/resources
echo "${{ secrets.DEV_SECRET_YML }}" > src/main/resources/application-secret.yml

- name: Create firebase-adminsdk-account.json
run: |
mkdir -p src/main/resources/firebase
echo '${{ secrets.FIREBASE_ADMINSDK_ACCOUNT_KEY }}' \
> src/main/resources/firebase/firebase-adminsdk-account.json

- name: Gradle build
run: |
chmod +x ./gradlew
./gradlew clean build

- name: Find executable jar
id: jar
run: |
JAR_PATH=$(find build/libs -name "*.jar" ! -name "*plain.jar" | head -n 1)
if [ -z "$JAR_PATH" ]; then
echo "No executable jar found"; exit 1;
fi
echo "jar_path=$JAR_PATH" >> "$GITHUB_OUTPUT"
echo "jar_name=$(basename "$JAR_PATH")" >> "$GITHUB_OUTPUT"

- name: Create deploy bundle
id: bundle
run: |
mkdir -p deploy
cp "${{ steps.jar.outputs.jar_path }}" deploy/

cp infra/appspec.yml deploy/ 2>/dev/null || true
cp infra/*.sh deploy/ 2>/dev/null || true

cd deploy
ZIP_NAME="festabook-$(date +'%Y%m%d%H%M%S')-${GITHUB_SHA::7}.zip"
zip -r "$ZIP_NAME" .
echo "zip_name=$ZIP_NAME" >> "$GITHUB_OUTPUT"
echo "zip_path=$(pwd)/$ZIP_NAME" >> "$GITHUB_OUTPUT"

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_DEPLOY_REGION }}
role-to-assume: ${{ secrets.AWS_OIDC_ROLE_ARN }}
role-session-name: festabook-ci-cd

- name: Upload artifact to S3
run: |
aws s3 cp "${{ steps.bundle.outputs.zip_path }}" \
"s3://${{ secrets.S3_ARTIFACT_BUCKET }}/dev/builds/${{ steps.bundle.outputs.zip_name }}"

- name: Trigger CodeDeploy deployment
run: |
aws deploy create-deployment \
--application-name "${{ secrets.CODEDEPLOY_APP_NAME }}" \
--deployment-group-name "${{ secrets.CODEDEPLOY_DEPLOYMENT_GROUP_DEV }}" \
--s3-location bucket=${{ secrets.S3_ARTIFACT_BUCKET }},bundleType=zip,key=dev/builds/${{ steps.bundle.outputs.zip_name }}
84 changes: 84 additions & 0 deletions .github/workflows/ci-cd-prod.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,84 @@
name: CI/CD Build, Upload, Deploy (Prod)

on:
push:
branches: [ prod ]
workflow_dispatch:

jobs:
build-and-upload:
runs-on: ubuntu-latest

permissions:
id-token: write

steps:
- name: Checkout repository
uses: actions/checkout@v4

- name: Set up JDK
uses: actions/setup-java@v4
with:
distribution: temurin
java-version: 21
cache: gradle

- name: Create application-secret.yml
run: |
mkdir -p src/main/resources
echo "${{ secrets.PROD_SECRET_YML }}" > src/main/resources/application-secret.yml

- name: Create firebase-adminsdk-account.json
run: |
mkdir -p src/main/resources/firebase
echo '${{ secrets.FIREBASE_ADMINSDK_ACCOUNT_KEY }}' \
> src/main/resources/firebase/firebase-adminsdk-account.json

- name: Gradle build
run: |
chmod +x ./gradlew
./gradlew clean build

- name: Find executable jar
id: jar
run: |
JAR_PATH=$(find build/libs -name "*.jar" ! -name "*plain.jar" | head -n 1)
if [ -z "$JAR_PATH" ]; then
echo "No executable jar found"; exit 1;
fi
echo "jar_path=$JAR_PATH" >> "$GITHUB_OUTPUT"
echo "jar_name=$(basename "$JAR_PATH")" >> "$GITHUB_OUTPUT"

- name: Create deploy bundle
id: bundle
run: |
mkdir -p deploy
cp "${{ steps.jar.outputs.jar_path }}" deploy/

cp infra/appspec.yml deploy/ 2>/dev/null || true
cp infra/*.sh deploy/ 2>/dev/null || true

cd deploy
ZIP_NAME="festabook-$(date +'%Y%m%d%H%M%S')-${GITHUB_SHA::7}.zip"
zip -r "$ZIP_NAME" .
echo "zip_name=$ZIP_NAME" >> "$GITHUB_OUTPUT"
echo "zip_path=$(pwd)/$ZIP_NAME" >> "$GITHUB_OUTPUT"

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v4
with:
aws-region: ${{ secrets.AWS_DEPLOY_REGION }}
role-to-assume: ${{ secrets.AWS_OIDC_ROLE_ARN }}
role-session-name: festabook-ci-cd
Copy link
Contributor

@eoehd1ek eoehd1ek Dec 1, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

role-session-name에 dev, prod를 구별할 수 있는 이름을 사용하는 건 어떤가요?

Copy link
Contributor Author

@taek2222 taek2222 Dec 2, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

저도 이 부분에 대해서 고민을 해봤는데, dev prod 두 방향에서 구분할 필요성이 있다면 하려고 했습니다.

다만, 두 권한이 모두 일치해서 하나의 OIDC만 만들었는데 후유는 어떻게 생각해요?

Copy link
Contributor

@eoehd1ek eoehd1ek Dec 3, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

어느 배포 작업에서 권한을 부여했는지 별칭을 나타내는 것으로 생각하고 role-session-name에 dev, prod를 구별하자는 코멘트 남겼어요.

어떤 상황에서 role-session-name을 확인할지 떠오르지 않네요.
비타 의견대로 추후 구별을 해야 하는 상황이 온다면 그 때 prod, dev 별칭을 나눠도 될 것 같아요.


- name: Upload artifact to S3
run: |
aws s3 cp "${{ steps.bundle.outputs.zip_path }}" \
"s3://${{ secrets.S3_ARTIFACT_BUCKET }}/prod/builds/${{ steps.bundle.outputs.zip_name }}"

- name: Trigger CodeDeploy deployment
run: |
aws deploy create-deployment \
--application-name "${{ secrets.CODEDEPLOY_APP_NAME }}" \
--deployment-group-name "${{ secrets.CODEDEPLOY_DEPLOYMENT_GROUP_PROD }}" \
--s3-location bucket=${{ secrets.S3_ARTIFACT_BUCKET }},bundleType=zip,key=prod/builds/${{ steps.bundle.outputs.zip_name }}
17 changes: 8 additions & 9 deletions .github/workflows/backend-ci.yml → .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,10 +1,10 @@
name: Backend CI Test
name: CI Test
Copy link
Contributor

@changuii changuii Nov 29, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

브랜치 변경해야합니다.


on:
pull_request:
branches:
- backend-prod
- backend-dev
- prod
- dev

jobs:
Run-PR-Test:
Expand All @@ -30,27 +30,26 @@ jobs:
path: |
~/.gradle/caches
~/.gradle/wrapper
key: ${{ runner.os }}-gradle-${{ hashFiles('backend/**/*.gradle*', 'backend/**/gradle-wrapper.properties') }}
key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
restore-keys: |
${{ runner.os }}-gradle-

- name: Grant execute permission for gradlew
run: chmod +x backend/gradlew
run: chmod +x ./gradlew

- name: Create firebase-adminsdk-account.json
run: |
mkdir -p backend/src/main/resources/firebase
echo "${{ secrets.FIREBASE_ADMINSDK_ACCOUNT_KEY }}" > backend/src/main/resources/firebase/firebase-adminsdk-account.json
mkdir -p src/main/resources/firebase
echo "${{ secrets.FIREBASE_ADMINSDK_ACCOUNT_KEY }}" > src/main/resources/firebase/firebase-adminsdk-account.json

- name: Run Gradle Test
run: ./gradlew clean test
working-directory: backend

- name: Publish Unit Test Results
if: always()
uses: EnricoMi/publish-unit-test-result-action@v2
with:
files: backend/build/test-results/test/TEST-*.xml
files: build/test-results/test/TEST-*.xml
check_name: '테스트 결과 🛠️'
check_run_annotations: 'none'
comment_mode: 'off'
4 changes: 2 additions & 2 deletions .github/workflows/release-drafter.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -4,7 +4,7 @@ on:
push:
branches:
- release/*
- main
- prod

permissions:
contents: write
Expand All @@ -26,7 +26,7 @@ jobs:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}

- name: Publish Release
if: github.ref == 'refs/heads/main'
if: github.ref == 'refs/heads/prod'
id: drafter
uses: release-drafter/release-drafter@v6
with:
Expand Down
0 .../workflows/common-slack-notify-opened.yml → .github/workflows/slack-notify-opened.yml
View file
Open in desktop
File renamed without changes.
0 ...flows/common-slack-notify-rerequested.yml → ...ub/workflows/slack-notify-rerequested.yml
View file
Open in desktop
File renamed without changes.
0 ...rkflows/common-slack-notify-submitted.yml → .github/workflows/slack-notify-submitted.yml
View file
Open in desktop
File renamed without changes.
19 changes: 17 additions & 2 deletions infra/appspec.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,11 +1,26 @@
version: 0.0
os: linux

files:
- source: backend/infra/output/
- source: /
destination: /home/ubuntu/app

hooks:
ApplicationStop:
- location: stop.sh
timeout: 60
runas: ubuntu

BeforeInstall:
- location: clean.sh
timeout: 60

ApplicationStart:
- location: backend/infra/output/start.sh
- location: start.sh
timeout: 60
runas: ubuntu

ValidateService:
- location: validate.sh
timeout: 90
runas: ubuntu
3 changes: 3 additions & 0 deletions infra/clean.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
#!/bin/bash
echo "> Cleaning old jar files"
rm -rf /home/ubuntu/app/*
Loading