Merge branch 'dev' into feat/#20

sopt-makers · Dec 7, 2024 · fd5add0 · fd5add0
2 parents 883a636 + bd21bd9
commit fd5add0
Show file tree

Hide file tree

Showing 62 changed files with 1,441 additions and 178 deletions.
diff --git a/.dockerignore b/.dockerignore
@@ -0,0 +1,8 @@
+.idea
+*.md
+appspec.yml
+.github
+!.github/script/pre-commit
+.gitignore
+.gitattributes
+script
diff --git a/.github/workflows/cd-dev.yml b/.github/workflows/cd-dev.yml
@@ -0,0 +1,119 @@
+name: Continuous Deployment for SOPT makers Authentication Development Server
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [ dev ]
+
+jobs:
+
+  build-and-push-image:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: ✅ Set up JDK 21
+        uses: actions/setup-java@v3
+        with:
+          java-version: 21
+          distribution: 'corretto'
+          cache: gradle
+
+      - name: 🤝 Grant execute permission for gradlew
+        run: chmod +x ./gradlew
+        shell: bash
+
+      - name: 🔒 Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: ⚙️ Create Property File
+        run: |
+          touch ./gradle.properties
+          
+          echo "${{ secrets.PROPERTY_GRADLE }}" >> ./gradle.properties
+
+      - name: 🧱 Build Image and Push to ECR
+        env:
+          AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+          AWS_ECR_REPO: ${{ secrets.AWS_ECR_REPO_DEV }}
+        run: |
+          aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
+          docker build --build-arg PROFILE=dev -t $AWS_ECR_REPO .
+          docker tag $AWS_ECR_REPO:latest public.ecr.aws/$AWS_ACCOUNT_ID/$AWS_ECR_REPO:latest
+          docker push public.ecr.aws/$AWS_ACCOUNT_ID/$AWS_ECR_REPO:latest
+
+
+  create-deploy:
+    needs: build-and-push-image
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: 🔒 Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: 🔑 Copy Key File
+        env:
+          REGION: ${{ secrets.AWS_REGION }}
+          APPLE_KEY: ${{ secrets.APPLE_KEY }}
+          JWT_PUBLIC_KEY: ${{ secrets.JWT_PUBLIC_KEY }}
+          JWT_PRIVATE_KEY: ${{ secrets.JWT_PRIVATE_KEY }}
+          S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
+        run: |
+          mkdir ./pem
+          mkdir ./key
+
+          aws s3 cp --region $REGION \
+            s3://$S3_BUCKET/dev/static/$JWT_PUBLIC_KEY ./pem/$JWT_PUBLIC_KEY
+          aws s3 cp --region $REGION \
+            s3://$S3_BUCKET/dev/static/$JWT_PRIVATE_KEY ./pem/$JWT_PRIVATE_KEY
+          aws s3 cp --region $REGION \
+            s3://$S3_BUCKET/dev/static/$APPLE_KEY ./key/$APPLE_KEY
+
+      - name: 📝 Copy Script File
+        env:
+          REGION: ${{ secrets.AWS_REGION }}
+          S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
+          S3_ENV_FILE_NAME: ${{ secrets.ENV_FILE_NAME_DEV }}
+        run: |
+          mkdir ./script
+          aws s3 cp --region $REGION \
+            s3://$S3_BUCKET/dev/script/deploy.sh ./script/deploy.sh
+          aws s3 cp --region $REGION \
+            s3://$S3_BUCKET/dev/script/switch.sh ./script/switch.sh
+          aws s3 cp --region $REGION \
+            s3://$S3_BUCKET/dev/script/valid.sh ./script/valid.sh
+          
+          aws s3 cp --region $REGION \
+            s3://$S3_BUCKET/dev/$S3_ENV_FILE_NAME ./application.env
+
+      - name: 📁 Make files to zip
+        run: |
+          pwd
+          ls -l
+          zip -r ./$GITHUB_SHA.zip ./script ./pem ./key ./appspec.yml ./application.env
+        shell: bash
+
+      - name: 🚀 Upload Property Zip to S3 and Create Code Deploy
+        env:
+          REGION: ${{ secrets.AWS_REGION }}
+          DEPLOY_APPLICATION: ${{ secrets.AWS_DEPLOY_APPLICATION }}
+          DEPLOY_GROUP: ${{ secrets.AWS_DEPLOY_GROUP_DEV }}
+          S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
+        run: |
+          aws s3 cp --region $REGION ./$GITHUB_SHA.zip s3://$S3_BUCKET/dev/deploy/$GITHUB_SHA.zip
+          
+          aws deploy create-deployment --application-name $DEPLOY_APPLICATION \
+          --deployment-config-name CodeDeployDefault.AllAtOnce \
+          --deployment-group-name $DEPLOY_GROUP \
+          --s3-location bucket=$S3_BUCKET,bundleType=zip,key=dev/deploy/$GITHUB_SHA.zip
diff --git a/.github/workflows/cd-prod.yml b/.github/workflows/cd-prod.yml
@@ -0,0 +1,109 @@
+name: Continuous Deployment for SOPT makers Authentication Production Server
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [ main ]
+
+jobs:
+
+  build-and-push-image:
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: ✅ Set up JDK 21
+        uses: actions/setup-java@v3
+        with:
+          java-version: 21
+          distribution: 'corretto'
+          cache: gradle
+
+      - name: 🤝 Grant execute permission for gradlew
+        run: chmod +x ./gradlew
+        shell: bash
+
+      - name: 🔒 Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: ⚙️ Create Property File
+        run: |
+          touch ./gradle.properties
+          touch ./src/main/resources/application.properties
+          
+          echo "${{ secrets.PROPERTY_GRADLE }}" >> ./gradle.properties
+          echo "${{ secrets.PROPERTY_APPLICATION }}" >> ./src/main/resources/application.properties 
+
+      - name: 🔑 Copy Key File
+        env:
+          REGION: ${{ secrets.AWS_REGION }}
+          APPLE_KEY: ${{ secrets.APPLE_KEY }}
+          JWT_PUBLIC_KEY: ${{ secrets.JWT_PUBLIC_KEY }}
+          JWT_PRIVATE_KEY: ${{ secrets.JWT_PRIVATE_KEY }}
+          S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
+          PROPERTY_PATH: src/main/resources
+        run: |
+          aws s3 cp --region $REGION \
+            s3://$S3_BUCKET/prod/static/$JWT_PUBLIC_KEY $PROPERTY_PATH/$JWT_PUBLIC_KEY
+          aws s3 cp --region $REGION \
+            s3://$S3_BUCKET/prod/static/$JWT_PRIVATE_KEY $PROPERTY_PATH/$JWT_PRIVATE_KEY
+          aws s3 cp --region $REGION \
+            s3://$S3_BUCKET/prod/static/$APPLE_KEY $PROPERTY_PATH/$APPLE_KEY
+
+      - name: 🧱 Build Image and Push to ECR
+        env:
+          AWS_ACCOUNT_ID: ${{ secrets.AWS_ACCOUNT_ID }}
+          AWS_ECR_REPO: ${{ secrets.AWS_ECR_REPO_PROD }}
+        run: |
+          aws ecr-public get-login-password --region us-east-1 | docker login --username AWS --password-stdin public.ecr.aws
+          docker build -t $AWS_ECR_REPO .
+          docker tag $AWS_ECR_REPO:latest public.ecr.aws/$AWS_ACCOUNT_ID/$AWS_ECR_REPO:latest
+          docker push public.ecr.aws/$AWS_ACCOUNT_ID/$AWS_ECR_REPO:latest
+
+
+  create-deploy:
+    needs: build-and-push-image
+    runs-on: ubuntu-22.04
+    steps:
+      - name: 🔒 Configure AWS credentials
+        uses: aws-actions/configure-aws-credentials@v1
+        with:
+          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY }}
+          aws-secret-access-key: ${{ secrets.AWS_SECRET_KEY }}
+          aws-region: ${{ secrets.AWS_REGION }}
+
+      - name: 📝 Copy Script File
+        env:
+          REGION: ${{ secrets.AWS_REGION }}
+          S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
+        run: |
+          mkdir script
+          aws s3 cp --region $REGION \
+            s3://$S3_BUCKET/prod/script/deploy.sh script/deploy.sh
+          aws s3 cp --region $REGION \
+            s3://$S3_BUCKET/prod/script/switch.sh script/switch.sh
+          aws s3 cp --region $REGION \
+            s3://$S3_BUCKET/prod/script/valid.sh script/valid.sh
+
+      - name: 📁 Make files to zip
+        run: zip -r ./$GITHUB_SHA.zip ./script
+        shell: bash
+
+      - name: 🚀 Upload Property Zip to S3 and Create Code Deploy
+        env:
+          REGION: ${{ secrets.AWS_REGION }}
+          DEPLOY_APPLICATION: ${{ secrets.AWS_DEPLOY_APPLICATION }}
+          DEPLOY_GROUP: ${{ secrets.AWS_DEPLOY_GROUP_PROD }}
+          S3_BUCKET: ${{ secrets.AWS_S3_BUCKET }}
+        run: |
+          aws s3 cp --region $REGION ./$GITHUB_SHA.zip s3://$S3_PATH/prod/deploy/$GITHUB_SHA.zip
+          
+          aws deploy create-deployment --application-name $AWS_DEPLOY_APPLICATION_NAME
+          --deployment-config-name CodeDeployDefault.AllAtOnce
+          --deployment-group-name $DEPLOY_GROUP
+          --s3-location bucket=$AWS_BUCKET_NAME,bundleType=zip,key=prod/deploy/$GITHUB_SHA.zip
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -0,0 +1,34 @@
+name: Continuous Integration for SOPT makers Authentication Project
+
+on:
+  pull_request:
+    branches: [ dev, prod ]
+
+jobs:
+  build:
+    runs-on: ubuntu-22.04
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+
+      - name: ⚙️ Set up JDK 21
+        uses: actions/setup-java@v3
+        with:
+          java-version: 21
+          distribution: 'corretto'
+          cache: gradle
+
+      - name: 🤝 Grant execute permission for gradlew
+        run: chmod +x ./gradlew
+        shell: bash
+
+      - name: 🔑 Create Application Property File
+        run: |
+          touch ./gradle.properties
+          
+          echo "${{ secrets.PROPERTY_GRADLE }}" >> ./gradle.properties
+
+      - name: 🧱 Build with Gradle
+        run: docker build -t app-ci .
+        shell: bash
diff --git a/.gitignore b/.gitignore
@@ -37,9 +37,16 @@ out/
 .vscode/
 
 ### Propety ###
+!gradle.properties
+**/src/main/resources/*.properties
+**/src/main/resources/**/*.env
 *.properties
+!gradle/wrapper/*.properties
+
 
 ### Key ###
 *.pem
 *p8
 
+### Deploy ###
+script/
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,27 @@
+FROM openjdk:21-jdk-slim as builder
+
+# 기본값 : test
+ARG PROFILE=test
+
+# mkdir /app-build && cd /app-build
+WORKDIR /app-build
+
+# docker cp . gradle:app-build
+COPY . /app-build
+
+# create .jar
+RUN echo "Build with PROFILE=${PROFILE}" && ./gradlew build -x test -Pprofile=${PROFILE} --no-daemon
+
+# Run-Time Image Setting
+FROM openjdk:21-jdk-slim as production
+
+# mkdir /app-run && cd /app-run
+WORKDIR /app-run
+
+# copy .jar to Run-Time Image
+COPY --from=builder /app-build/build/libs/authentication.jar /app-run/authentication.jar
+
+
+EXPOSE 8080
+ENTRYPOINT ["java"]
+CMD ["-jar", "authentication.jar"]
diff --git a/appspec.yml b/appspec.yml
@@ -0,0 +1,39 @@
+version: 0.0
+os: linux
+
+files:
+  - source: script/deploy.sh
+    destination: /home/ubuntu/script/auth
+    overwrite: yes
+  - source: script/switch.sh
+    destination: /home/ubuntu/script/auth
+    overwrite: yes
+  - source: script/valid.sh
+    destination: /home/ubuntu/script/auth
+    overwrite: yes
+  - source: pem
+    destination: /home/ubuntu/property/auth/pem
+  - source: key
+    destination: /home/ubuntu/property/auth/key
+  - source: application.env
+    destination: /home/ubuntu/env/auth
+file_exists_behavior: OVERWRITE
+
+permissions:
+  - object: /home/ubuntu
+    pattern: '**'
+    owner: ubuntu
+    group: ubuntu
+
+hooks:
+  AfterInstall:
+    - location: script/deploy.sh
+      timeout: 120
+      runas: root
+    - location: script/switch.sh
+      timeout: 120
+      runas: root
+  ValidateService:
+    - location: script/valid.sh
+      timeout: 60
+      runas: root