CD 파이프라인 구축 (#9)

songyi00 · web-flow · commit cc87ca33aa20 · 2025-07-21T23:54:57.000+09:00
* feat: cd 파이프라인 구축

* feat: jib 적용 및 docker-compose 배포 세팅

* feat: 서버 내 docker 디렉토리 생성

* feat: 배포

* feat: 배포

* feat: 배포

* feat: 임시 배포 브랜치 제거
diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml
@@ -0,0 +1,81 @@
+name: Backend CD
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          java-version: "21"
+          distribution: "temurin"
+
+      - name: Gradle Caching
+        uses: actions/cache@v3
+        with:
+          path: |
+            ~/.gradle/caches
+            ~/.gradle/wrapper
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
+          restore-keys: |
+            ${{ runner.os }}-gradle-
+
+      - name: Build and Push with Jib (API)
+        uses: gradle/gradle-build-action@67421db6bd0bf253fb4bd25b31ebb98943c375e1
+        with:
+          arguments: clean :tuk-api:jib -Djib.to.image=${{ secrets.NCP_CONTAINER_REGISTRY_API }}/tuk-api -Djib.to.tags=${{ github.sha }} -Djib.to.auth.username=${{ secrets.NCP_ACCESS_KEY }} -Djib.to.auth.password=${{ secrets.NCP_SECRET_KEY }}
+        env:
+          JIB_TO_IMAGE: ${{ secrets.NCP_CONTAINER_REGISTRY_API }}/tuk-api
+          JIB_TO_TAGS: ${{ github.sha }}
+          JIB_TO_AUTH_USERNAME: ${{ secrets.NCP_ACCESS_KEY }}
+          JIB_TO_AUTH_PASSWORD: ${{ secrets.NCP_SECRET_KEY }}
+
+      - name: Create directory and copy docker files to server
+        run: |
+          sshpass -p ${{ secrets.API_SERVER_PASSWORD }} ssh -p ${{ secrets.SSH_PORT }} -o StrictHostKeyChecking=no ${{ secrets.API_SERVER_USERNAME }}@${{ secrets.API_SERVER_HOST }} "mkdir -p ${{ secrets.DOCKER_COMPOSE_PATH }}"
+          sshpass -p ${{ secrets.API_SERVER_PASSWORD }} scp -P ${{ secrets.SSH_PORT }} -o StrictHostKeyChecking=no ./docker/docker-compose.prod.yml ${{ secrets.API_SERVER_USERNAME }}@${{ secrets.API_SERVER_HOST }}:${{ secrets.DOCKER_COMPOSE_PATH }}/docker-compose.yml
+          sshpass -p ${{ secrets.API_SERVER_PASSWORD }} scp -P ${{ secrets.SSH_PORT }} -o StrictHostKeyChecking=no ./docker/init.sql ${{ secrets.API_SERVER_USERNAME }}@${{ secrets.API_SERVER_HOST }}:${{ secrets.DOCKER_COMPOSE_PATH }}/
+        shell: bash
+
+  deploy-to-server:
+    name: Connect api server ssh and pull from container registry
+    needs: build-and-push
+    runs-on: ubuntu-latest
+    steps:
+      ## docker compose up
+      - name: Deploy to api server
+        uses: appleboy/ssh-action@master
+        with:
+          host: ${{ secrets.API_SERVER_HOST }}
+          port: ${{ secrets.SSH_PORT }}
+          username: ${{ secrets.API_SERVER_USERNAME }}
+          password: ${{ secrets.API_SERVER_PASSWORD }}
+          script: |
+            cd ${{ secrets.DOCKER_COMPOSE_PATH }}
+            sudo docker rm -f $(sudo docker ps -qa) 2>/dev/null || true
+            
+            # Login to NCP Container Registry
+            echo "${{ secrets.NCP_SECRET_KEY }}" | sudo docker login ${{ secrets.NCP_CONTAINER_REGISTRY_API }} -u ${{ secrets.NCP_ACCESS_KEY }} --password-stdin
+            
+            # Run with environment variables
+            sudo env \
+                 MYSQL_USERNAME='${{ secrets.MYSQL_USERNAME }}' \
+                 MYSQL_PASSWORD='${{ secrets.MYSQL_PASSWORD }}' \
+                 MYSQL_ROOT_PASSWORD='${{ secrets.MYSQL_PASSWORD }}' \
+                 APPLE_CLIENT_ID='${{ secrets.APPLE_CLIENT_ID }}' \
+                 GOOGLE_CLIENT_ID='${{ secrets.GOOGLE_CLIENT_ID }}' \
+                 GOOGLE_CLIENT_SECRET='${{ secrets.GOOGLE_CLIENT_SECRET }}' \
+                 NCP_CONTAINER_REGISTRY_API='${{ secrets.NCP_CONTAINER_REGISTRY_API }}' \
+                 JWT_SECRET='${{ secrets.JWT_SECRET }}' \
+                 IMAGE_TAG='${{ github.sha }}' \
+                 docker-compose up -d
+            
+            sudo docker image prune -f
diff --git a/build.gradle.kts b/build.gradle.kts
@@ -4,6 +4,7 @@ plugins {
     kotlin("plugin.jpa") version "1.9.25" apply false
     id("org.springframework.boot") version "3.5.3" apply false
     id("io.spring.dependency-management") version "1.1.7" apply false
+    id("com.google.cloud.tools.jib") version "3.4.0" apply false
 }
 
 java {
diff --git a/docker/docker-compose.prod.yml b/docker/docker-compose.prod.yml
@@ -0,0 +1,66 @@
+services:
+  api:
+    container_name: tuk-api
+    image: ${NCP_CONTAINER_REGISTRY_API}/tuk-api:${IMAGE_TAG}
+    restart: always
+    ports:
+      - "8080:8080"
+    environment:
+      SPRING_PROFILES_ACTIVE: prod
+      MYSQL_USERNAME: ${MYSQL_USERNAME}
+      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
+      MYSQL_HOST: mysql
+      MYSQL_PORT: 3306
+      JWT_SECRET: ${JWT_SECRET}
+      REDIS_HOST: redis
+      REDIS_PORT: 6379
+      APPLE_CLIENT_ID: ${APPLE_CLIENT_ID}
+      GOOGLE_CLIENT_ID: ${GOOGLE_CLIENT_ID}
+      GOOGLE_CLIENT_SECRET: ${GOOGLE_CLIENT_SECRET}
+    depends_on:
+      - mysql
+      - redis
+    networks:
+      - tuk-network
+  mysql:
+    image: mysql:8.0.39
+    container_name: tuk-mysql
+    restart: always
+    environment:
+      MYSQL_ROOT_PASSWORD: ${MYSQL_PASSWORD}
+      MYSQL_DATABASE: tuk_db
+      MYSQL_USER: ${MYSQL_USERNAME}
+      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
+    ports:
+      - "3306:3306"
+    volumes:
+      - mysql_data:/var/lib/mysql
+      - ./init.sql:/docker-entrypoint-initdb.d/init.sql
+    command:
+      - --character-set-server=utf8mb4
+      - --collation-server=utf8mb4_unicode_ci
+      - --skip-character-set-client-handshake
+    networks:
+      - tuk-network
+
+  redis:
+    image: redis:7.2-alpine
+    container_name: tuk-redis
+    restart: always
+    ports:
+      - "6379:6379"
+    volumes:
+      - redis_data:/data
+    command: redis-server --appendonly yes
+    networks:
+      - tuk-network
+
+volumes:
+  mysql_data:
+    driver: local
+  redis_data:
+    driver: local
+
+networks:
+  tuk-network:
+    driver: bridge
diff --git a/docker/docker-compose.yml b/docker/docker-compose.yml
diff --git a/docker/init.sql b/docker/init.sql
@@ -0,0 +1,17 @@
+CREATE DATABASE IF NOT EXISTS tuk_db CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;
+
+CREATE TABLE IF NOT EXISTS member
+(
+    id          BIGINT AUTO_INCREMENT PRIMARY KEY,
+    name        VARCHAR(255),
+    email       VARCHAR(255) NOT NULL,
+    social_type VARCHAR(50)  NOT NULL,
+    social_id   VARCHAR(255) NOT NULL,
+    created_at  TIMESTAMP    NOT NULL DEFAULT CURRENT_TIMESTAMP,
+    updated_at  TIMESTAMP    NOT NULL DEFAULT CURRENT_TIMESTAMP ON UPDATE CURRENT_TIMESTAMP,
+    deleted_at  TIMESTAMP    NULL,
+
+    UNIQUE KEY uk_social_user (social_type, social_id),
+    INDEX idx_email (email),
+    INDEX idx_deleted_at (deleted_at)
+);
diff --git a/tuk-api/build.gradle.kts b/tuk-api/build.gradle.kts
@@ -1,3 +1,34 @@
+plugins {
+    id("com.google.cloud.tools.jib")
+}
+
+jib {
+    from {
+        image = "eclipse-temurin:21-jre"
+    }
+    to {
+        image = System.getProperty("jib.to.image") ?: System.getenv("JIB_TO_IMAGE") ?: "tuk-api"
+        tags = setOf(
+            System.getProperty("jib.to.tags") ?: System.getenv("JIB_TO_TAGS") ?: "latest"
+        )
+        auth {
+            username = System.getProperty("jib.to.auth.username") ?: System.getenv("JIB_TO_AUTH_USERNAME")
+            password = System.getProperty("jib.to.auth.password") ?: System.getenv("JIB_TO_AUTH_PASSWORD")
+        }
+    }
+    container {
+        ports = listOf("8080")
+        mainClass = "nexters.tuk.TukApplicationKt"
+        jvmFlags = listOf(
+            "-XX:InitialRAMPercentage=25.0",
+            "-XX:MinRAMPercentage=25.0",
+            "-XX:MaxRAMPercentage=50.0",
+            "-XX:+UseG1GC",
+            "-Dspring.profiles.active=prod"
+        )
+    }
+}
+
 dependencies {
     implementation("org.springframework.boot:spring-boot-starter-web")
     implementation("org.springframework.boot:spring-boot-starter-actuator")
@@ -21,7 +52,7 @@ dependencies {
     implementation("io.jsonwebtoken:jjwt-jackson:${properties["jjwtVersion"]}")
 
     implementation("com.nimbusds:nimbus-jose-jwt:${properties["nimbusJwtVersion"]}")
-    
+
     // test
     testImplementation("org.springframework.boot:spring-boot-starter-test")
     testImplementation("org.jetbrains.kotlin:kotlin-test-junit5")
@@ -41,4 +72,8 @@ dependencies {
 tasks.withType<Test> {
     useJUnitPlatform()
     systemProperty("spring.profiles.active", "test")
+}
+
+tasks.withType<Jar> {
+    archiveBaseName.set("tuk-api")
 }
diff --git a/tuk-api/src/main/kotlin/nexters/tuk/domain/member/Member.kt b/tuk-api/src/main/kotlin/nexters/tuk/domain/member/Member.kt
@@ -1,16 +1,22 @@
 package nexters.tuk.domain.member
 
 import jakarta.persistence.Entity
+import jakarta.persistence.EnumType
+import jakarta.persistence.Enumerated
 import jakarta.persistence.Table
 import nexters.tuk.application.member.SocialType
 import nexters.tuk.application.member.dto.request.MemberCommand
 import nexters.tuk.domain.BaseEntity
 
+/**
+ * FIXME: member 임시 테이블
+ */
 @Entity
 @Table(name = "member")
 class Member private constructor(
     val name: String?,
     val email: String,
+    @Enumerated(EnumType.STRING)
     val socialType: SocialType,
     val socialId: String,
 ) : BaseEntity() {

Original file line number	Diff line number	Diff line change
`@@ -4,6 +4,7 @@ plugins {`
`4`	`4`	`kotlin("plugin.jpa") version "1.9.25" apply false`
`5`	`5`	`id("org.springframework.boot") version "3.5.3" apply false`
`6`	`6`	`id("io.spring.dependency-management") version "1.1.7" apply false`
	`7`	`+ id("com.google.cloud.tools.jib") version "3.4.0" apply false`
`7`	`8`	`}`
`8`	`9`
`9`	`10`	`java {`