Merge pull request #239 from prgrms-web-devcourse-final-project/deployment

 ✨ feat: GCP 배포 관련 설정

Author: leeseojun34

.gitignore

@@ -48,4 +48,4 @@ bin/
 src/main/resources/application.yml
 src/main/resources/application-prod.yml
 src/main/resources/application-local.yml
-src/main/resources-env/
+src/main/resources-env/local

Dockerfile

@@ -0,0 +1,4 @@
+FROM openjdk:21-ea-oraclelinux8
+ARG JAR_FILE=build/libs/*.jar
+COPY ${JAR_FILE} app.jar
+ENTRYPOINT ["java","-jar","/app.jar"]

docker-compose.yml

@@ -0,0 +1,80 @@
+services:
+  mysql-container:
+    image: mysql:8.0
+    container_name: mysql-container
+    restart: always
+    environment:
+      MYSQL_ROOT_PASSWORD: ${MYSQL_ROOT_PASSWORD}
+      MYSQL_DATABASE: ittaeok
+      MYSQL_USER: ${MYSQL_USER}
+      MYSQL_PASSWORD: ${MYSQL_PASSWORD}
+    ports:
+      - "3306:3306"
+    volumes:
+      - mysql_data:/var/lib/mysql
+    networks:
+      - app-network
+    healthcheck:
+      test: ["CMD", "mysqladmin", "ping", "-h", "localhost", "-u", "root", "-p${MYSQL_ROOT_PASSWORD}"]
+      timeout: 20s
+      retries: 10
+      interval: 10s
+      start_period: 30s
+
+  redis-container:
+    image: redis:8.0.3
+    container_name: redis-container
+    restart: always
+    command: redis-server --requirepass ${REDIS_PASSWORD} --appendonly yes
+    ports:
+      - "6379:6379"
+    volumes:
+      - redis_data:/data
+    networks:
+      - app-network
+    healthcheck:
+      test: ["CMD", "redis-cli", "--raw", "incr", "ping"]
+      timeout: 3s
+      retries: 5
+      interval: 10s
+      start_period: 30s
+
+  ittaeok-container:
+    image: # <도커 계정명/이미지 이름>/ittaeok-gcp:latest
+    container_name: ittaeok
+    restart: always
+    depends_on:
+      mysql-container:
+        condition: service_healthy
+      redis-container:
+        condition: service_healthy
+    ports:
+      - "80:80"
+      - "443:443"
+    environment:
+      - SPRING_DATASOURCE_URL=jdbc:mysql://mysql-container:3306/ittaeok?useSSL=false&allowPublicKeyRetrieval=true&serverTimezone=Asia/Seoul
+      - SPRING_DATASOURCE_USERNAME=ittaeok_user
+      - SPRING_DATASOURCE_PASSWORD=1234
+      
+      - SPRING_DATA_REDIS_HOST=redis-container
+      - SPRING_DATA_REDIS_PORT=6379
+      - SPRING_DATA_REDIS_PASSWORD=${REDIS_PASSWORD}
+      - SPRING_DATA_REDIS_SSL_ENABLED=false
+      
+      - GOOGLE_APPLICATION_CREDENTIALS=${GOOGLE_APPLICATION_CREDENTIALS}
+      - GOOGLE_CLOUD_PROJECT=${GOOGLE_CLOUD_PROJECT}
+      
+      - SPRING_CLOUD_GCP_SECRETMANAGER_ENABLED="true"
+      - SPRING_CLOUD_GCP_PROJECT_ID=${GOOGLE_CLOUD_PROJECT}
+    volumes:
+      - ./gcp-key.json:/app/gcp-key.json:ro
+    networks:
+      - app-network
+
+volumes:
+  mysql_data:
+  redis_data:
+
+networks:
+  app-network:
+    driver: bridge

gradlew

@@ -15,6 +15,7 @@
 import java.util.List;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.http.ResponseCookie;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.core.user.OAuth2User;
@@ -30,11 +31,20 @@ public class OAuth2SuccessHandler extends SimpleUrlAuthenticationSuccessHandler
     private final AuthService authService;
     private final CookieAuthorizationRequestRepository cookieAuthorizationRequestRepository;
 
+    @Value("${front-server.domain-A}")
+    private String frontServerDomainA;
+
+    @Value("${url.backend}")
+    private String backendServer;
+
+    @Value("${front-server.redirect-url}")
+    private String DEFAULT_REDIRECT_URL;
+
     // 허용 도메인
     private final List<String> ALLOWED_DOMAINS = Arrays.asList(
-        "https://localhost:3000", // frontend 로컬 도메인
-        "https://ittaeok.uk/" // 실제 배포 도메인
-
+        frontServerDomainA, // frontend 로컬 도메인
+        backendServer,
+        "https://localhost:3000"
     );
 
     @Override
@@ -68,7 +78,6 @@ protected String determineTargetUrl(HttpServletRequest request, HttpServletRespo
 
         // 'redirect_uri' 쿠키에서 uri를 가져오기
         // redirect uri 지정하지 않을 경우. 추후 실제 배포 도메인으로 변경해야 함.
-        String DEFAULT_REDIRECT_URL = "https://localhost:3000/auth/callback";
         String redirectUri = CookieUtils.getCookie(request, CookieAuthorizationRequestRepository.REDIRECT_URI_PARAM_COOKIE_NAME)
             .map(Cookie::getValue)
             .orElse(DEFAULT_REDIRECT_URL); // 쿠키에 uri 없으면 default 로 이동

src/main/java/com/grepp/spring/infra/auth/oauth2/OAuth2SuccessHandler.java

@@ -1,18 +1,19 @@
 package com.grepp.spring.infra.config;
 
 import com.grepp.spring.infra.auth.CurrentUser;
-import io.swagger.v3.oas.models.Operation;
-import io.swagger.v3.oas.models.info.Info;
 import io.swagger.v3.oas.models.Components;
 import io.swagger.v3.oas.models.OpenAPI;
+import io.swagger.v3.oas.models.Operation;
+import io.swagger.v3.oas.models.info.Info;
 import io.swagger.v3.oas.models.media.Content;
 import io.swagger.v3.oas.models.media.MediaType;
 import io.swagger.v3.oas.models.media.Schema;
-import io.swagger.v3.oas.models.parameters.HeaderParameter;
 import io.swagger.v3.oas.models.responses.ApiResponse;
 import io.swagger.v3.oas.models.security.SecurityRequirement;
 import io.swagger.v3.oas.models.security.SecurityScheme;
+import io.swagger.v3.oas.models.servers.Server;
 import org.springdoc.core.customizers.OperationCustomizer;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.method.HandlerMethod;
@@ -21,6 +22,9 @@
 @Configuration
 public class SwaggerConfig {
 
+    @Value("${url.backend}")
+    private String backendServer;
+
     @Bean
     public OperationCustomizer customizeOperation() {
         return (Operation operation, HandlerMethod handlerMethod) -> {
@@ -62,7 +66,8 @@ public OpenAPI openApiSpec() {
                             .description(
                                 "JWT 토큰을 입력하세요. Bearer 는 생략하세요")
                     ))
-            .addSecurityItem(new SecurityRequirement().addList("bearerAuth"));
+            .addSecurityItem(new SecurityRequirement().addList("bearerAuth"))
+            .addServersItem(new Server().url(backendServer));
 
     }
 
@@ -77,4 +82,4 @@ public OperationCustomizer operationCustomizer() {
             return operation;
         };
     }
-}
+}

src/main/java/com/grepp/spring/infra/config/SwaggerConfig.java

@@ -21,17 +21,28 @@ public void addArgumentResolvers(List<HandlerMethodArgumentResolver> resolvers)
         resolvers.add(currentUserArgumentResolver);
     }
 
-    // 2025.7.11 기준 Front Server 테스트 주소인 https://localhost:3000 이 들어가야 합니다.
-    // 빌드 시 application.yml 를 확인해주세요.
-    @Value("${front-server.domain}")
-    private String frontServer;
+    @Value("${front-server.domain-A}")
+    private String frontServerDomainA;
+
+    @Value("${front-server.domain-B}")
+    private String frontServerDomainB;
+
+    @Value("${url.backend}")
+    private String backendServer;
 
     @Override
     public void addCorsMappings(CorsRegistry registry) {
         registry.addMapping("/**")
-            .allowedOrigins(frontServer,
-                "http://localhost:8080")
-            .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS")
+            .allowedOrigins(
+                frontServerDomainA,
+                frontServerDomainB,
+                backendServer,
+                "http://localhost:80",
+                "http://localhost:8080",
+                "http://localhost:3000",
+                "https://localhost:3000"
+            )
+            .allowedMethods("GET", "POST", "PUT", "DELETE", "OPTIONS", "PATCH")
             .allowedHeaders("*")
             .allowCredentials(true)
             .maxAge(3600);

src/main/java/com/grepp/spring/infra/config/WebConfig.java

@@ -0,0 +1,102 @@
+server:
+  port: 80
+
+spring:
+  datasource:
+    url: ${sm://db-url}
+    username: ${sm://db-username}
+    password: ${sm://db-password}
+    hikari:
+      connection-timeout: 30000
+      maximum-pool-size: 10
+    driver-class-name: com.mysql.cj.jdbc.Driver
+  jpa:
+    hibernate:
+      ddl-auto: update
+    open-in-view: false
+    properties:
+      hibernate:
+        jdbc:
+          lob:
+            non_contextual_creation: true
+        id:
+          new_generator_mappings: true
+  docker:
+    compose:
+      lifecycle-management: start-only
+  data:
+    redis:
+      host: ${sm://redis-host}
+      port: ${sm://redis-port}
+      username: default
+      password: ${sm://redis-password}
+      ssl:
+        enabled: true
+  security:
+    oauth2:
+      client:
+        registration:
+          google:
+            client-name: google
+            client-id: ${sm://google-client-id}
+            client-secret: ${sm://google-client-secret}
+            redirect-uri: "https://api.ittaeok.com/login/oauth2/code/{registrationId}" # SM 붙이기
+            authorization-grant-type: authorization_code
+            scope:
+              - openid
+              - email
+              - profile
+          kakao:
+            client-name: kakao
+            client-id: ${sm://kakao-client-id}
+            client-secret: ${sm://kakao-client-secret}
+            redirect-uri: "https://api.ittaeok.com/login/oauth2/code/{registrationId}" # SM 붙이기
+            authorization-grant-type: authorization_code
+            client-authentication-method: client_secret_post
+            scope:
+              - profile_nickname
+              - account_email
+        provider:
+          kakao:
+            authorization-uri: https://kauth.kakao.com/oauth/authorize
+            token-uri: https://kauth.kakao.com/oauth/token
+            user-info-uri: https://kapi.kakao.com/v2/user/me
+            user-name-attribute: id
+springdoc:
+  pathsToMatch: /api/**
+jwt:
+  expiration: 604800000
+  refresh-expiration: 704800000
+  secret: ${sm://jwt-secret}
+google:
+  calendar:
+    client-id: ${sm://google-client-id}
+    client-secret: ${sm://google-client-secret}
+    redirect-uri: "https://api.ittaeok.com/oauth2/callback/google-calendar" # SM 붙이기
+  api:
+    key: ${sm://google-api-key}
+zoom:
+  client-id: ${sm://zoom-client-id}
+  client-secret: ${sm://zoom-client-secret}
+  redirect-uri: ${sm://zoom-redirect-uri}
+  refresh-token: ${sm://zoom-refresh-token}
+kakao:
+  middle-location:
+    api-key: ${sm://kakao-api-key}
+logging:
+  level:
+    org.springframework.cloud.gcp.secretmanager: DEBUG
+    root: info
+    org:
+      hibernate:
+        SQL: info
+        type:
+          descriptor:
+            sql: info
+
+url:
+  backend: https://api.ittaeok.com # SM 붙이기
+front-server:
+  domain-A: https://ittaeok.com # SM 붙이기
+  domain-B: https://www.ittaeok.com # SM 붙이기
+  redirect-url: https://ittaeok.com/auth/callback # SM 붙이기