[LH-199] Add deploy settings

.github/workflows/cd-dev.yml

@@ -0,0 +1,78 @@
+name: cd
+on:
+  workflow_run:
+    workflows: [ ci ]
+    branches:
+      - develop
+    types:
+      - completed
+
+env:
+  BUCKET_NAME: lingoswap-dev-build
+  ARN: arn:aws:iam::285279154236:role/s3-codedeploy
+  AWS_REGION: ap-northeast-2
+
+permissions:
+  id-token: write
+  contents: read
+
+defaults:
+  run:
+    shell: bash
+    working-directory: .
+
+jobs:
+  Deploy:
+    if: ${{ github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+        with:
+          token: ${{secrets.ACCESS_TOKEN}}
+          submodules: true
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v3
+        with:
+          java-version: '17'
+          distribution: 'semeru'
+
+      - name: Validate Gradle wrapper
+        uses: gradle/wrapper-validation-action@v1
+
+      - name: Cache Gradle packages
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.gradle/caches
+            ~/.gradle/wrapper
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*') }}
+          restore-keys: |
+            ${{ runner.os }}-gradle-
+
+      - name: Change gradlew permissions
+        run: chmod +x ./gradlew
+
+      - name: Build with Gradle
+        run: ./gradlew bootJar
+
+      - name: Compress build files
+        run: |
+          zip -r -qq -j ./build.zip ./build/libs/*.jar ./appspec.yml ./execute-deploy.sh
+
+      - name: Configure aws credentials
+        uses: aws-actions/configure-aws-credentials@v4
+        with:
+          role-to-assume: ${{ env.ARN }}
+          aws-region: ${{ env.AWS_REGION }}
+
+      - name: Upload to S3
+        run: |
+          aws s3 cp ./build.zip s3://${{ env.BUCKET_NAME }}/
+
+      - name: Code Deploy
+        run: aws deploy create-deployment --application-name lingoswap
+          --deployment-config-name CodeDeployDefault.OneAtATime
+          --deployment-group-name ec2-test
+          --s3-location bucket=${{ env.BUCKET_NAME }},bundleType=zip,key=build.zip

.github/workflows/cd.yml → .github/workflows/cd-main.yml

@@ -3,7 +3,7 @@ on:
   workflow_run:
     workflows: [ ci ]
     branches:
-      - develop
+      - main
     types:
       - completed
 

src/main/java/com/lighthouse/lingoswap/auth/config/SecurityConfig.java

@@ -26,7 +26,7 @@ SecurityFilterChain securityFilterChain(final HttpSecurity http) throws Exceptio
                 .addFilterAt(jwtAuthenticationFilter, BasicAuthenticationFilter.class)
                 .csrf().disable()
                 .authorizeHttpRequests()
-                .requestMatchers("/api/v1/admin/**").hasRole("ADMIN")
+                .requestMatchers("/api/v1/admin/**").hasAuthority("ADMIN")
                 .requestMatchers(HttpMethod.POST, "/api/v1/auth/**", "/api/v1/user/upload/**").permitAll()
                 .requestMatchers(HttpMethod.GET, "/api/v1/user/form/**", "/actuator/health").permitAll()
                 .requestMatchers(HttpMethod.GET, "/.well-known/**").permitAll()

src/main/java/com/lighthouse/lingoswap/image/presentation/ImageController.java

@@ -16,7 +16,7 @@ public class ImageController {
 
     private final ImageManager imageManager;
 
-    @PostMapping("/api/v1/user/upload/profile")
+    @PostMapping("/api/v1/admin/upload/profile")
     public ResponseEntity<ResponseDto<MemberPreSignedUrlResponse>> getPreSignedUrl(@RequestBody final MemberPreSignedUrlRequest memberPreSignedUrlRequest) {
         return ResponseEntity.ok(ResponseDto.success(imageManager.createPreSignedUrl(memberPreSignedUrlRequest)));
     }

src/test/java/com/lighthouse/lingoswap/common/security/WithAuthorizedUserSecurityContextFactory.java

@@ -14,7 +14,7 @@ public class WithAuthorizedUserSecurityContextFactory implements WithSecurityCon
     @Override
     public SecurityContext createSecurityContext(final WithAuthorizedUser user) {
         SecurityContext context = SecurityContextHolder.createEmptyContext();
-        Authentication auth = new JwtAuthenticationToken(user.uuid(), user.token(), Collections.singletonList(Role.USER));
+        Authentication auth = new JwtAuthenticationToken(user.uuid(), user.token(), Collections.singletonList(Role.ADMIN));
         context.setAuthentication(auth);
         return context;
     }

src/test/java/com/lighthouse/lingoswap/image/presentation/ImageControllerTest.java

@@ -1,6 +1,7 @@
 package com.lighthouse.lingoswap.image.presentation;
 
 import com.lighthouse.lingoswap.ControllerTestSupport;
+import com.lighthouse.lingoswap.common.security.WithAuthorizedUser;
 import com.lighthouse.lingoswap.member.dto.MemberPreSignedUrlRequest;
 import com.lighthouse.lingoswap.member.dto.MemberPreSignedUrlResponse;
 import org.junit.jupiter.api.DisplayName;
@@ -21,6 +22,7 @@ class ImageControllerTest extends ControllerTestSupport {
     private static final String PRE_SIGNED_URL = "https://abc/profiles/2c1a2c3d-4d8b-46f4-9011-189cd1fc8644/1.jpg";
 
     @DisplayName("S3 pre-signed url을 발급하면 상태 코드 200을 반환한다.")
+    @WithAuthorizedUser
     @Test
     void getPreSignedUrl() throws Exception {
         // given
@@ -30,7 +32,7 @@ void getPreSignedUrl() throws Exception {
 
         // when & then
         mockMvc.perform(
-                        post("/api/v1/user/upload/profile")
+                        post("/api/v1/admin/upload/profile")
                                 .contentType(MediaType.APPLICATION_JSON)
                                 .content(objectMapper.writeValueAsString(request))
                 ).andDo(print())