Merge: CI/CD 및 모니터링 구축 (#169)

Feat: CI/CD 및 모니터링 구축

Author: lunarbae628

.github/workflows/cd.yml

@@ -0,0 +1,49 @@
+# 추후 dev에 머지 되면 cd.yml로 배포 워크플로우 분리
+
+name: CD - Deploy Backend
+
+on:
+  workflow_run:
+    workflows: ["CI - Build & Push Backend"]
+    types: [completed]
+    branches: [release]
+
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "Deploy image tag (default: release)"
+        required: false
+        default: "release"
+
+permissions:
+  contents: read
+
+concurrency:
+  group: deploy-docsa
+  cancel-in-progress: false
+
+jobs:
+  deploy:
+    if: ${{ github.event_name == 'workflow_dispatch' || github.event.workflow_run.conclusion == 'success' }}
+    runs-on: ubuntu-latest
+    environment: production
+    steps:
+      - name: Decide tag
+        id: tag
+        run: |
+          if [ "${{ github.event_name }}" = "workflow_dispatch" ]; then
+            echo "value=${{ github.event.inputs.tag }}" >> $GITHUB_OUTPUT
+          else
+            echo "value=release" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Deploy via SSH
+        uses: appleboy/ssh-action@v1.0.3
+        with:
+          host: ${{ secrets.CD_HOST }}
+          username: ${{ secrets.CD_USER }}
+          key: ${{ secrets.CD_SSH_KEY }}
+          port: ${{ secrets.CD_PORT }}
+          script: |
+            export DEPLOY_TAG='${{ steps.tag.outputs.value }}'
+            bash -lc '/srv/docsa/infra/deploy.sh'

.github/workflows/ci-cd.yml

@@ -0,0 +1,120 @@
+name: CI/CD — Backend (Build → Push → Deploy)
+
+on:
+  # dev에 머지 전 ci push 대상 브랜치 중첩 적용 (release, dev)
+  push:
+    branches: [ release, dev ]
+  pull_request:
+    branches: [ dev ]
+  workflow_dispatch:
+    inputs:
+      tag:
+        description: "배포할 이미지 태그 (ex. release or <GIT_SHA>)"
+        required: false
+        default: "release"
+
+concurrency:
+  group: cicd-${{ github.ref_name }}
+  cancel-in-progress: false
+
+jobs:
+  build-and-push:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    env:
+      IMAGE: ghcr.io/prgrms-web-devcourse-final-project/docsa-backend
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          java-version: '21'
+          distribution: 'temurin'
+
+      - name: Cache Gradle
+        uses: gradle/actions/setup-gradle@v3
+
+      - name: Detect project dir
+        id: detect
+        shell: bash
+        run: |
+          if [ -f "./gradlew" ] || [ -f "./build.gradle" ] || [ -f "./build.gradle.kts" ]; then
+            echo "dir=." >> $GITHUB_OUTPUT
+          elif [ -d "./backend" ]; then
+            echo "dir=backend" >> $GITHUB_OUTPUT
+          else
+            echo "No Gradle project found"; exit 1
+          fi
+
+      - name: Test
+        env:
+          MAIL_PASSWORD: ${{ secrets.CI_MAIL_PASSWORD }}
+          MAIL_USERNAME: ${{ secrets.CI_MAIL_USERNAME }}
+          MONGO_URI: ${{ secrets.CI_MONGO_URI }}
+        run: |
+          cd "${{ steps.detect.outputs.dir }}"
+          chmod +x ./gradlew || true
+          ./gradlew clean test --no-daemon
+
+      - name: Find Dockerfile
+        id: df
+        run: |
+          if [ -f "infra/backend/Dockerfile" ]; then
+            echo "path=infra/backend/Dockerfile" >> $GITHUB_OUTPUT
+            echo "ctx=." >> $GITHUB_OUTPUT
+          else
+            echo "No Dockerfile found"; exit 1
+          fi
+
+      - name: Build image (PR only)
+        if: github.event_name == 'pull_request'
+        run:  |
+          docker build -f "${{ steps.df.outputs.path }}" -t sanity-check:pr "${{ steps.df.outputs.ctx }}"
+
+      - name: Log in to GHCR
+        if: github.event_name == 'push'
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build & Push image
+        if: github.event_name == 'push'
+        run: |
+          GIT_SHA=${{ github.sha }}
+          docker build -f "${{ steps.df.outputs.path }}" -t $IMAGE:release -t $IMAGE:$GIT_SHA "${{ steps.df.outputs.ctx }}"
+          docker push $IMAGE:release
+          docker push $IMAGE:$GIT_SHA
+
+  deploy:
+    needs: build-and-push
+    # dev에 머지 전 cd 대상 브랜치 중첩 적용 (release, dev)
+    if: github.event_name == 'push' && (github.ref == 'refs/heads/release' || github.ref == 'refs/heads/dev') &&
+      (needs.build-and-push.result == 'success')
+      || (github.event_name == 'workflow_dispatch')
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: Decide tag
+        id: tag
+        run: |
+          if [ "${{ github.event_name }}" = "workflow_dispatch" ] && [ -n "${{ github.event.inputs.tag }}" ]; then
+            echo "value=${{ github.event.inputs.tag }}" >> $GITHUB_OUTPUT
+          else
+            echo "value=release" >> $GITHUB_OUTPUT
+          fi
+
+      - name: Deploy
+        uses: appleboy/ssh-action@v1.0.3
+        with:
+          host: ${{ secrets.CD_HOST }}
+          username: ${{ secrets.CD_USER }}
+          key: ${{ secrets.CD_SSH_KEY }}
+          port: ${{ secrets.CD_PORT }}
+          script: |
+            export DEPLOY_TAG='${{ steps.tag.outputs.value }}'
+            bash -lc '/srv/docsa/infra/deploy.sh'

.gitignore

@@ -4,6 +4,7 @@ build/
 !gradle/wrapper/gradle-wrapper.jar
 !**/src/main/**/build/
 !**/src/test/**/build/
+infra/backend/*.jar
 
 ### STS ###
 .apt_generated
@@ -35,3 +36,13 @@ out/
 
 ### VS Code ###
 .vscode/
+
+### Secrets & Runtime
+infra/.env
+infra/**/*.env
+infra/certbot
+infra/mysql/exporter.cnf
+infra/mysql/logs/
+*.log
+*.pid
+.*.swp

build.gradle

@@ -5,7 +5,7 @@ plugins {
 }
 
 group = 'io.EJangs'
-version = '0.0.1-SNAPSHOT'
+version = '0.0.1'
 
 java {
     toolchain {
@@ -23,6 +23,16 @@ repositories {
     mavenCentral()
 }
 
+test {
+    testLogging {
+        events "passed", "skipped", "failed", "standardOut", "standardError"
+        exceptionFormat "full"
+        showCauses true
+        showExceptions true
+        showStackTraces true
+    }
+}
+
 dependencies {
     implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
     implementation 'org.springframework.boot:spring-boot-starter-security'
@@ -55,3 +65,7 @@ dependencies {
 tasks.named('test') {
     useJUnitPlatform()
 }
+
+tasks.named('jar') {
+    enabled = false
+}

infra/.env.example

@@ -0,0 +1,31 @@
+# ------------ APP ------------
+SPRING_DATA_MONGODB_URI=
+SPRING_MAIL_USERNAME=
+SPRING_MAIL_PASSWORD=
+SPRING_DATASOURCE_URL=
+SPRING_DATASOURCE_USERNAME=
+SPRING_DATASOURCE_PASSWORD=
+
+# ------------ SESSION/COOKIE ------------
+SESSION_COOKIE_NAME=
+SESSION_COOKIE_DOMAIN=
+
+# ------------ SWAGGER ------------
+SWAGGER_SERVER_URL=
+
+# ------------ SPRING ------------
+SPRING_PROFILES_ACTIVE=
+SERVER_PORT=
+
+# ------------ DOMAIN ------------
+DOMAIN=
+
+# ------------ MYSQL ------------
+MYSQL_DATABASE=
+MYSQL_USER=
+MYSQL_PASSWORD=
+MYSQL_ROOT_PASSWORD=
+
+# ------------ GRAFANA ------------
+GRAFANA_ADMIN=
+GRAFANA_PASSWORD=

infra/backend/Dockerfile

@@ -0,0 +1,32 @@
+# ---- Build Stage ----
+FROM eclipse-temurin:21-jdk-alpine AS builder
+
+WORKDIR /workspace
+
+COPY gradlew ./gradlew
+COPY gradle ./gradle
+COPY build.gradle* settings.gradle* ./
+RUN chmod +x ./gradlew
+
+RUN ./gradlew --no-daemon dependencies || true
+
+COPY . .
+
+RUN ./gradlew clean bootJar -x test --no-daemon
+
+# ---- Runtime Stage ----
+FROM eclipse-temurin:21-jre-alpine
+
+RUN addgroup -S app && adduser -S app -G app
+RUN apk add --no-cache wget
+
+WORKDIR /app
+
+COPY --from=builder --chown=app:app /workspace/build/libs/*.jar /app/app.jar
+
+ENV JAVA_OPTS="-XX:MaxRAMPercentage=75 -XX:+UseG1GC -Duser.timezone=Asia/Seoul" 
+
+EXPOSE 8080
+USER app
+
+ENTRYPOINT ["sh", "-c", "exec java $JAVA_OPTS -jar /app/app.jar"]

infra/deploy.sh

@@ -0,0 +1,44 @@
+#!/usr/bin/env bash
+set -euo pipefail
+
+cd /srv/docsa/infra
+
+# 특정 태그로 배포시 DEPLOY_TAG=...
+IMAGE_BASE="ghcr.io/prgrms-web-devcourse-final-project/docsa-backend"
+TAG="${DEPLOY_TAG:-}"      # 비어있으면 compose에 적힌 태그 사용
+OVR=""
+if [[ -n "$TAG" ]]; then
+  OVR="docker-compose.override.deploy.yml"
+  cat > "$OVR" <<EOF
+services:
+  app:
+    image: ${IMAGE_BASE}:${TAG}
+EOF
+fi
+
+FILES=(-f docker-compose.yml)
+[[ -n "$OVR" ]] && FILES+=(-f "$OVR")
+
+# 최신 이미지 받고 교체
+docker compose "${FILES[@]}" pull app
+docker compose "${FILES[@]}" up -d app
+
+# 헬스체크 대기 (최대 120s)
+echo -n "Waiting for app (docsa-app) to be healthy"
+ok=0
+for i in {1..60}; do
+  status="$(docker inspect -f '{{.State.Health.Status}}' docsa-app 2>/dev/null || echo none)"
+  if [[ "$status" == "healthy" ]]; then ok=1; echo -e "\nApp healthy"; break; fi
+  sleep 2; echo -n "."
+done
+
+# 임시 override 제거 & 청소
+[[ -n "$OVR" ]] && rm -f "$OVR"
+docker image prune -f >/dev/null 2>&1 || true
+
+# 실패 처리
+if [[ $ok -eq 0 ]]; then
+  echo -e "\nApp failed to become healthy (status=$status)"
+  docker logs --tail=200 docsa-app || true
+  exit 1
+fi