[SOU-551] 운영 DB 배포 확인

[bum0w0]

Summary by CodeRabbit

• Chores
  • CI/CD 파이프라인 트리거를 수동 실행에서 자동으로 변경했습니다.
  • 이제 메인 브랜치로의 풀 리퀘스트 및 푸시 시 파이프라인이 자동으로 실행됩니다.

[coderabbitai]

Caution

Review failed

The pull request is closed.

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 7e8e935d-b69f-4131-8d18-bc69244d6941

📥 Commits

Reviewing files that changed from the base of the PR and between 4cbe5fc and 8c3802a.

📒 Files selected for processing (1)

• .github/workflows/prod-cicd.yaml

---

Walkthrough

GitHub Actions 워크플로우 트리거를 변경했습니다. workflow_dispatch 대신 pull_request(대상: main) 및 push(대상: main) 이벤트로 트리거가 전환되었으며, 환경 변수 정의는 그대로 유지됩니다.

Changes

Cohort / File(s)	Summary
CI/CD 워크플로우 트리거 수정 .github/workflows/prod-cicd.yaml	워크플로우 트리거를 수동(workflow_dispatch)에서 자동 이벤트로 변경: pull_request(target: main) 및 push(target: main)로 업데이트. 스텝/잡 및 환경 변수는 변경되지 않음.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Possibly related PRs

• [SOU-551] 운영 DB 엔드포인트 변경 및 배포 테스트 #224: 동일 워크플로우 파일(.github/workflows/prod-cicd.yaml)의 트리거 변경과 직접적으로 관련됨.
• [SOU-421] 프로덕션 서버 무중단 배포 구현 #211: 같은 파일에서 트리거/브랜치 필터를 조정하는 변경이 포함되어 있음.
• [SOU-551] 운영 DB 배포 확인 #225: pull_request/push 이벤트로 전환하는 유사한 변경을 다룸.

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	PR 제목은 .github/workflows/prod-cicd.yaml 파일의 워크플로우 트리거 변경과 관련된 실제 변경사항을 반영하고 있습니다.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch feat/SOU-551-update-secrets

📝 Coding Plan

• Generate coding plan for human review comments

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[chatgpt-codex-connector]

💡 Codex Review

Here are some automated review suggestions for this pull request.

Reviewed commit: 5164ccd4dd

ℹ️ About Codex in GitHub

Your team has set up Codex to review pull requests in this repo. Reviews are triggered when you

• Open a pull request for review
• Mark a draft as ready
• Comment "@codex review".

If Codex has suggestions, it will comment; otherwise it will react with 👍.

Codex can also answer questions or update the PR. Try commenting "@codex address that feedback".

[chatgpt-codex-connector]

prod 배포 트리거 브랜치를 main으로 되돌리세요

prod-cicd가 main이 아니라 특정 feature 브랜치에서만 실행되도록 바뀌어, main으로 머지/푸시된 변경은 프로덕션 배포 파이프라인이 아예 실행되지 않습니다. 동시에 해당 feature 브랜치 푸시가 곧바로 prod 배포로 이어질 수 있어 배포 통제가 깨지므로, 운영 안정성과 릴리즈 흐름 관점에서 트리거 브랜치를 원래의 main으로 복구해야 합니다.

Useful? React with 👍 / 👎.

[coderabbitai]

Actionable comments posted: 2

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In @.github/workflows/prod-cicd.yaml:
- Around line 7-9: The workflow currently triggers on push for branch
"feat/SOU-551-update-secrets" (push: branches: - feat/SOU-551-update-secrets)
causing automatic image push and prod deploy; change the trigger to require
manual approval by removing that branch from the push trigger and adding a
manual gate: replace the push branch trigger with either no push entry for that
branch or limit to protected branches, and add a workflow_dispatch trigger
and/or require a GitHub Environment for the deploy job (refer to the workflow's
push trigger, the branch name feat/SOU-551-update-secrets, and the deploy
job/environment settings) so deployments run only after manual dispatch or
environment protection is enforced.
- Around line 4-6: The pull_request.branches filter currently lists
feat/SOU-551-update-secrets but pull_request.branches matches the PR base
(target) branch, not the source, so the workflow won't run for this PR; update
the pull_request.branches entry to the actual target branch (e.g., replace
feat/SOU-551-update-secrets with develop) or remove the branches filter entirely
if you want the workflow to run for PRs targeting any branch, or alternatively
keep the current branch filter and add a runtime condition that checks
github.head_ref to match the source branch if you specifically need head-branch
filtering.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 13e17aa5-ede5-4e02-9f37-5bdddbf5ab79

📥 Commits

Reviewing files that changed from the base of the PR and between f7e849d and 4cbe5fc.

📒 Files selected for processing (1)

• .github/workflows/prod-cicd.yaml

[coderabbitai]

⚠️ Potential issue | 🟠 Major

pull_request 브랜치 필터가 의도와 다르게 동작합니다.

pull_request.branches는 소스 브랜치가 아니라 base(타깃) 브랜치를 매칭합니다.
현재 PR의 타깃이 develop이므로, Line 5의 설정(feat/SOU-551-update-secrets)으로는 PR 이벤트가 실행되지 않습니다.

수정 예시

 on:
   pull_request:
     branches:
-      - feat/SOU-551-update-secrets
+      - develop
@@
 jobs:
   build:
+    if: github.event_name != 'pull_request' || github.head_ref == 'feat/SOU-551-update-secrets'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/prod-cicd.yaml around lines 4 - 6, The
pull_request.branches filter currently lists feat/SOU-551-update-secrets but
pull_request.branches matches the PR base (target) branch, not the source, so
the workflow won't run for this PR; update the pull_request.branches entry to
the actual target branch (e.g., replace feat/SOU-551-update-secrets with
develop) or remove the branches filter entirely if you want the workflow to run
for PRs targeting any branch, or alternatively keep the current branch filter
and add a runtime condition that checks github.head_ref to match the source
branch if you specifically need head-branch filtering.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Feature 브랜치 push만으로 운영 배포까지 자동 실행됩니다.

Line 7-9로 인해 해당 브랜치에 커밋할 때마다 push 이벤트가 발생하고, Line 49/79 조건에 의해 이미지 푸시 및 운영 배포가 연쇄 실행됩니다. 운영 검증 목적이라도 수동 승인 게이트(workflow_dispatch 또는 GitHub Environment 보호 규칙) 없이 자동 배포는 위험도가 높습니다.

완화 예시 (수동 배포 게이트 복원)

 on:
+  workflow_dispatch:
   pull_request:
     branches:
       - develop
   push:
     branches:
       - feat/SOU-551-update-secrets
@@
   deploy:
-    if: github.event_name == 'push'
+    if: github.event_name == 'workflow_dispatch'

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In @.github/workflows/prod-cicd.yaml around lines 7 - 9, The workflow currently
triggers on push for branch "feat/SOU-551-update-secrets" (push: branches: -
feat/SOU-551-update-secrets) causing automatic image push and prod deploy;
change the trigger to require manual approval by removing that branch from the
push trigger and adding a manual gate: replace the push branch trigger with
either no push entry for that branch or limit to protected branches, and add a
workflow_dispatch trigger and/or require a GitHub Environment for the deploy job
(refer to the workflow's push trigger, the branch name
feat/SOU-551-update-secrets, and the deploy job/environment settings) so
deployments run only after manual dispatch or environment protection is
enforced.