deploy(KL-184): 서버 배포

.github/workflows/deploy.yaml

@@ -0,0 +1,82 @@
+name: Build and Deploy using Docker Compose
+
+on:
+  push:
+    branches: [ "main", "develop" ]
+  pull_request:
+    branches: [ "main", "develop" ]
+  workflow_dispatch:
+
+jobs:
+  build-and-deploy:
+    runs-on: ubuntu-latest
+    environment: dev
+    strategy:
+      matrix:
+        java-version: [ 17 ]
+        distribution: [ "zulu" ]
+
+    steps:
+      - name: Checkout Repository
+        uses: actions/checkout@v4
+
+      - name: Set up JDK 17
+        uses: actions/setup-java@v4
+        with:
+          java-version: ${{ matrix.java-version }}
+          distribution: ${{ matrix.distribution }}
+
+      - name: Set up Gradle
+        uses: gradle/actions/setup-gradle@v3
+        with:
+          gradle-version: 8.8
+
+      - name: Grant execute permission for gradlew
+        run: chmod +x ./gradlew
+
+      - name: Create .env file
+        run: |
+          touch .env
+          echo "${{ secrets.ENV }}" > .env
+        shell: bash
+
+      - name: Build with Gradle
+        run: ./gradlew clean build -x test
+
+      - name: Login to Docker Hub
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      - name: Build and Push Docker image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./Dockerfile
+          platforms: linux/amd64/v3
+          push: true
+          tags: ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE_NAME }}:latest
+
+      - name: Copy files to EC2
+        uses: appleboy/scp-action@master
+        with:
+          host: ${{ secrets.EC2_HOST }}
+          username: ${{ secrets.EC2_USERNAME }}
+          key: ${{ secrets.EC2_KEY }}
+          source: "compose.yaml,.env"
+          target: "~"
+
+      - name: Deploy to EC2
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.EC2_HOST }}
+          username: ${{ secrets.EC2_USERNAME }}
+          key: ${{ secrets.EC2_KEY }}
+          script: |
+            cd ~
+            sudo docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
+            sudo docker pull ${{ secrets.DOCKER_USERNAME }}/${{ secrets.DOCKER_IMAGE_NAME }}:latest
+            sudo docker compose down
+            sudo docker system prune -af --volumes
+            sudo docker compose up -d

Makefile

@@ -18,7 +18,7 @@ compile:
 
 build:
 	@make clean
-	@./gradlew build
+	@./gradlew build -x test
 
 test:
 	@./gradlew test

compose.yaml

@@ -1,7 +1,6 @@
-version: "3"
 services:
   spring:
-    build: .
+    image: ${DOCKER_USERNAME}/${DOCKER_IMAGE_NAME}:latest
     ports:
       - "8080:8080"
     container_name: "klkl-server"
@@ -12,7 +11,7 @@ services:
         condition: service_healthy
     restart: always
     networks:
-      - dev-net
+      - klkl-net
 
   klkl_db:
     image: mysql:8.0
@@ -21,13 +20,20 @@ services:
     container_name: "klkl-db"
     env_file:
       - .env
+    volumes:
+      - mysql-data:/var/lib/mysql
     healthcheck:
-      interval: 5s
-      test: [ "CMD", "mysqladmin" ,"ping", "-h", "localhost" ]
+      test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "root", "--password=${MYSQL_ROOT_PASSWORD}"]
+      interval: 10s
+      timeout: 5s
+      retries: 5
     restart: always
     networks:
-      - dev-net
+      - klkl-net
 
 networks:
-  dev-net:
+  klkl-net:
     driver: bridge
+
+volumes:
+  mysql-data:

src/main/java/taco/klkl/domain/token/service/TokenProvider.java

@@ -113,7 +113,7 @@ private List<SimpleGrantedAuthority> getAuthorities(final Claims claims) {
 
 	public boolean validateToken(final String token) {
 		if (!StringUtils.hasText(token)) {
-			return false;
+			throw new TokenInvalidException();
 		}
 		try {
 			Jwts.parser().verifyWith(secretKey).build().parseSignedClaims(token);

src/main/java/taco/klkl/global/config/security/SecurityConfig.java

@@ -83,6 +83,7 @@ public SecurityFilterChain filterChain(HttpSecurity httpSecurity) throws Excepti
 					.requestMatchers(HttpMethod.PUT).hasAnyRole(USER.name(), ADMIN.name())
 					.requestMatchers(HttpMethod.DELETE).hasAnyRole(USER.name(), ADMIN.name())
 					.requestMatchers(getUserRoleEndpoints()).hasRole(USER.name())
+					.requestMatchers(getBothEndpoints()).permitAll()
 					.requestMatchers(getPublicEndpoints()).permitAll()
 					.anyRequest().authenticated()
 			)
@@ -127,6 +128,10 @@ private RequestMatcher[] getUserRoleEndpoints() {
 		return SecurityEndpoint.USER_ROLE.getMatchers();
 	}
 
+	private RequestMatcher[] getBothEndpoints() {
+		return SecurityEndpoint.BOTH.getMatchers();
+	}
+
 	@Bean
 	public CorsConfigurationSource corsConfigurationSource() {
 		CorsConfiguration configuration = new CorsConfiguration();

src/main/java/taco/klkl/global/config/security/SecurityEndpoint.java

@@ -9,7 +9,6 @@
 import lombok.Getter;
 import lombok.RequiredArgsConstructor;
 
-
 @Getter
 @RequiredArgsConstructor
 public enum SecurityEndpoint {
@@ -19,6 +18,9 @@ public enum SecurityEndpoint {
 		new AntPathRequestMatcher("/error"),
 		new AntPathRequestMatcher("/favicon.ico"),
 
+		// health check
+		new AntPathRequestMatcher("/health"),
+
 		// swagger
 		new AntPathRequestMatcher("/swagger-ui/**"),
 		new AntPathRequestMatcher("/swagger-ui.html"),

src/main/java/taco/klkl/global/config/security/TokenAuthenticationFilter.java

@@ -2,6 +2,7 @@
 
 import java.io.IOException;
 
+import org.springframework.http.HttpMethod;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Component;
@@ -31,11 +32,8 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
 
 	@Override
 	protected boolean shouldNotFilter(HttpServletRequest request) throws ServletException {
-		if ("GET".equalsIgnoreCase(request.getMethod())) {
-			return SecurityEndpoint.isPublicEndpoint(request)
-				&& !SecurityEndpoint.isBothEndpoint(request);
-		}
-		return false;
+		return HttpMethod.GET.matches(request.getMethod())
+			&& SecurityEndpoint.isPublicEndpoint(request);
 	}
 
 	@Override
@@ -46,20 +44,20 @@ protected void doFilterInternal(
 	) throws ServletException, IOException {
 		final String accessToken = tokenUtil.resolveToken(request);
 
-		if (accessToken == null && SecurityEndpoint.isBothEndpoint(request)) {
-			proceedWithoutAuthentication(request, response, filterChain);
-			return;
+		if (!StringUtils.hasText(accessToken)) {
+			if (HttpMethod.GET.matches(request.getMethod()) && SecurityEndpoint.isBothEndpoint(request)) {
+				proceedWithoutAuthentication(request, response, filterChain);
+				return;
+			}
 		}
 
 		try {
 			if (tokenProvider.validateToken(accessToken)) {
 				setAuthentication(accessToken);
 			} else {
 				final String reissueAccessToken = tokenProvider.reissueAccessToken(accessToken);
-				if (StringUtils.hasText(reissueAccessToken)) {
-					setAuthentication(reissueAccessToken);
-					tokenUtil.addAccessTokenCookie(response, reissueAccessToken);
-				}
+				setAuthentication(reissueAccessToken);
+				tokenUtil.addAccessTokenCookie(response, reissueAccessToken);
 			}
 		} catch (TokenInvalidException | TokenExpiredException e) {
 			handleTokenException(request, response, filterChain, e);
@@ -73,6 +71,9 @@ protected void doFilterInternal(
 	}
 
 	private void setAuthentication(final String accessToken) {
+		if (!StringUtils.hasText(accessToken)) {
+			throw new TokenInvalidException();
+		}
 		Authentication authentication = tokenProvider.getAuthentication(accessToken);
 		SecurityContextHolder.getContext().setAuthentication(authentication);
 	}
@@ -84,11 +85,7 @@ private void handleTokenException(
 		CustomException ex
 	) throws IOException, ServletException {
 		SecurityContextHolder.clearContext();
-		if (SecurityEndpoint.isBothEndpoint(request)) {
-			proceedWithoutAuthentication(request, response, filterChain);
-		} else {
-			responseUtil.sendErrorResponse(response, ex);
-		}
+		responseUtil.sendErrorResponse(response, ex);
 	}
 
 	private void proceedWithoutAuthentication(

src/main/java/taco/klkl/global/controller/HealthCheckController.java

@@ -0,0 +1,14 @@
+package taco.klkl.global.controller;
+
+import org.springframework.http.ResponseEntity;
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class HealthCheckController {
+
+	@GetMapping("/health")
+	public ResponseEntity<String> healthCheck() {
+		return ResponseEntity.ok("OK");
+	}
+}

src/main/java/taco/klkl/infra/cloudfront/CloudFrontUrlGenerator.java

@@ -18,6 +18,6 @@ private void init() {
 	}
 
 	public static String generateUrlByFileName(final String fileName) {
-		return "https://" + cloudFrontDomain + "/" + fileName;
+		return cloudFrontDomain + "/" + fileName;
 	}
 }

src/main/resources/application-dev.yaml

@@ -2,6 +2,29 @@ spring:
   config:
     activate:
       on-profile: "dev"
+  jpa:
+    hibernate:
+      ddl-auto: update
+    properties:
+      hibernate:
+        show_sql: true
+        format_sql: true
+      jdbc:
+        time_zone: ${TZ}
+    defer-datasource-initialization: true
+  sql:
+    init:
+      mode: always
+      data-locations: classpath:sql/data-dev.sql
 
-api:
-  main-url: ${DEV_URL}
+logging:
+  level:
+    root: INFO
+    taco.klkl: DEBUG
+    org.springframework: INFO
+    org.hibernate.SQL: DEBUG
+    org.hibernate.type.descriptor.sql: DEBUG
+
+  pattern:
+    console: "%d{yyyy-MM-dd HH:mm:ss} - %msg%n"
+    file: "%d{yyyy-MM-dd HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n"

src/main/resources/application-h2.yaml

@@ -2,31 +2,16 @@ spring:
   config:
     activate:
       on-profile: "h2"
-  jpa:
-    show-sql: true
-    database-platform: org.hibernate.dialect.H2Dialect
-    hibernate:
-      ddl-auto: create
-    defer-datasource-initialization: true
-    properties:
-      hibernate:
-        show_sql: true
-        format_sql: true
-      jdbc:
-        time_zone: ${TZ}
   datasource:
     driver-class-name: org.h2.Driver
     url: jdbc:h2:mem:klkldb;MODE=MySQL
     username: sa
     password:
+  jpa:
+    database-platform: org.hibernate.dialect.H2Dialect
   h2:
     console:
       enabled: true
       path: /h2-console
       settings:
         web-allow-others: true
-  sql:
-    init:
-      data-locations: classpath:database/data-h2.sql
-      mode: always
-      platform: h2

src/main/resources/application-local.yaml

@@ -3,20 +3,28 @@ spring:
     activate:
       on-profile: "local"
   jpa:
+    hibernate:
+      ddl-auto: create
     properties:
       hibernate:
         show_sql: true
         format_sql: true
-
-api:
-  main-url: ${LOCAL_URL}
+      jdbc:
+        time_zone: ${TZ}
+    defer-datasource-initialization: true
+  sql:
+    init:
+      mode: always
+      data-locations: classpath:sql/data-local.sql
+      platform: h2
 
 logging:
   level:
     root: INFO
-    org.springframework.web: DEBUG
+    taco.klkl: DEBUG
+    org.springframework: DEBUG
     org.hibernate.SQL: DEBUG
-    org.hibernate.type.descriptor.sql.BasicBinder: TRACE
+    org.hibernate.type.descriptor.sql: TRACE
 
   pattern:
     console: "%d{yyyy-MM-dd HH:mm:ss} - %msg%n"

src/main/resources/application-mysql.yaml

@@ -8,15 +8,4 @@ spring:
     username: ${MYSQL_USER}
     password: ${MYSQL_PASSWORD}
   jpa:
-    hibernate:
-      ddl-auto: update
-    defer-datasource-initialization: true
-    properties:
-      hibernate:
-        show_sql: true
-        format_sql: true
     database-platform: org.hibernate.dialect.MySQLDialect
-  sql:
-    init:
-      data-locations: classpath:database/data-mysql.sql
-      mode: always