[STMT-6, STMT-151] ✨👷 CI/CD를 위한 github actions workflow 구축 및 회원가입, 로그…

…인 api 구현 (#21)

* [STMT-151] ✨ 공통적으로 사용되는 생성 시간, 수정 시간 추가를 위한 추상 클래스 구현 (#10)

* [STMT-151] ✨ 공통적으로 사용되는 생성 시간, 수정 시간 추가를 위한 추상 클래스 구현

* [STMT-151] 🐛 설정 클래스를 명시하여 스프링 컨텍스트에서 관리하도록 설정

* [STMT-6] 👷 CI/CD를 위한 github-actions 추가

* [STMT-6] 👷 CI/CD를 위한 github-actions 추가

* [STMT-151] ✨ 로그인을 위한 멤버, OAuth 로그인 정보 모델링 (#11)

* [STMT-6] 🐛 도커 컨테이너 실행 전, 이전에 실행 중이던 컨테이너를 중지, 삭제하도록 수정 및 다수의 오타 수정

* [STMT-6] 💚 JDK 21 distribution temurin에 대한 CI/CD 자동화 테스트

* [STMT-6] 👷 CI/CD 자동화 워크플로우 완성

* [STMT-6] ✏️ 주석 제거

* [STMT-151] ✨ JWT 생성 및 검증 객체 구현 (#14)

* [STMT-151] ✨ JWT 생성 및 검증 객체 구현

* [STMT-151] ➕ JWT, OpenFeign, QueryDSL 의존성 추가

* [STMT-151] ✨ OAuth2 로그인/회원가입 기능 구현 (#16)

* [STMT-151] 🔧 QueryDSL 설정

* [STMT-151] ✨ API 공통 응답 객체 구현

* [STMT-151] ✨ 클라이언트에게 전달받은 Access Token을 이용하여 kakao에 유저 정보 요청 기능 구현

* [STMT-151] ✨ OAuth 로그인 정보를 관리하는 도메인 정의

* [STMT-151] ✨ 카카오 유저 정보 조회 응답 객체 정의

* [STMT-151] ✨ OAuth 회원가입/로그인 기능 필터 구현

* [STMT-151] ✨ OAuth 회원가입 / 로그인 인증 프로바이더 구현

* [STMT-151] ✨ JWT 인증 필터 구현

* [STMT-151] ✨ 권한 부족 및 미인증 유저가 요청시 예외발생에 대한 예외 핸들러 추가

* [STMT-151] ✨ 구현한 필터 시큐리티 필터 체인에 등록

* [STMT-151] ✨ 회원가입 추가정보 입력 API 구현

* [STMT-6] 👷 CI-CD workflow 수정 - 환경변수 설정 (#17) (#18)

- 파일 이름 변경
 - github-actions.yml -> ci-cd.yml
- gitignore에 application-secret.properties 파일 추가

Co-authored-by: zxcv9203 <[email protected]>

* [STMT-6] 👷 ci-cd 워크플로우가 실패하는 원인 규명 및 문제 해결 (#19)

* [STMT-6] 👷 CI-CD workflow 수정 - 환경변수 설정 (#17)

- 파일 이름 변경
 - github-actions.yml -> ci-cd.yml
- gitignore에 application-secret.properties 파일 추가

Co-authored-by: zxcv9203 <[email protected]>

* [STMT-6] ci-cd.yml event trigger 수정

* [STMT-6] ci-cd.yml 문법 오류 수정

step-Checkout에서 uses 앞 대쉬 삭제

---------

Co-authored-by: zxcv9203 <[email protected]>

* [STMT-6] 🔧 개발 환경별 yml 설정 파일 작성 (#20)

Co-authored-by: zxcv9203 <[email protected]>

* [STMT-6] 💚 CI/CD dev 테스트

* [STMT-6] prod 설정파일로 빌드하는 설정 추가

* [STMT-6] 💚 CICD 테스트용으로 event triger에 추가한 코드 삭제

branch `dev` 제외

* [STMT-6] 🔥 prod 설정 파일의 security logging 설정 코드 제거

* [STMT-6] 🔥 ci-cd 워크 플로우의 디버그 코드 제거

* [STMT-6] 🔥 ci-cd 워크 플로우 수정 - docker compose 배포 명령어

* [STMT-6] 🚀 docker-compose.yml 생성

---------

Co-authored-by: zxcv9203 <[email protected]>
Co-authored-by: tngtied <[email protected]>
Co-authored-by: tngtied <[email protected]>

.github/workflows/ci-cd.yml

@@ -0,0 +1,75 @@
+# github repository actions 페이지에 나타날 이름
+name: CI/CD using github actions & docker
+
+# event trigger
+on:
+ push:
+ branches: [ "main" ]
+
+permissions:
+ contents: read
+
+jobs:
+ CI-CD:
+ runs-on: ubuntu-latest
+ steps:
+
+ # JDK setting
+ - name: Checkout
+ uses: actions/checkout@v4
+
+ - name: Set up JDK 21
+ uses: actions/setup-java@v4
+ with:
+ java-version: '21'
+ distribution: 'temurin'
+
+ - name: set environment variables
+ working-directory: ./
+ run: |
+ touch src/main/resources/application-secret.properties
+ echo ${{ secrets.ENV }} >> src/main/resources/application-secret.properties
+
+ # gradle caching - 빌드 시간 향상
+ - name: Gradle Caching
+ uses: actions/cache@v3
+ with:
+ path: |
+ ~/.gradle/caches
+ ~/.gradle/wrapper
+ key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
+ restore-keys: |
+ ${{ runner.os }}-gradle-
+
+ # docker login
+ - name: Login to Docker Hub
+ uses: docker/login-action@v1
+ with:
+ username: ${{ secrets.DOCKER_USERNAME }}
+ password: ${{ secrets.DOCKER_PASSWORD }}
+
+ # build gradle
+ - name: Build gradlew
+ run: |
+ chmod +x gradlew 
+ ./gradlew jib \
+ -Djib.from.auth.username=${{ secrets.DOCKER_USERNAME }} \
+ -Djib.from.auth.password=${{ secrets.DOCKER_PASSWORD }} \
+ -Dspring.profiles.active=prod
+
+ ## deploy to production
+ - name: Deploy to prod
+ uses: appleboy/ssh-action@master
+ id: deploy-prod
+ if: contains(github.ref, 'main')
+ with:
+ host: ${{ secrets.AWS_PUBLIC_IP }}
+ username: ${{ secrets.AWS_USER }}
+ key: ${{ secrets.AWS_PRIVATE_KEY }}
+ port: ${{ secrets.AWS_SSH_PORT }}
+ script: |
+ sudo docker pull ${{ secrets.DOCKER_USERNAME }}/server
+ sudo docker stop stumeet-server
+ docker container prune -f
+ sudo docker-compose up -d --no-deps --force-recreate stumeet-server
+ sudo docker image prune -f

.gitignore

@@ -35,3 +35,5 @@ out/
 
 ### VS Code ###
 .vscode/
+
+application-secret.properties

build.gradle

@@ -3,6 +3,7 @@ plugins {
  id 'org.springframework.boot' version '3.2.2'
  id 'io.spring.dependency-management' version '1.1.4'
  id 'org.asciidoctor.jvm.convert' version '3.3.2'
+ id 'com.google.cloud.tools.jib' version '3.4.0'
 }
 
 group = 'com.stumeet'
@@ -28,23 +29,37 @@ ext {
 }
 
 dependencies {
+ // jwt 의존성 추가
+ implementation 'io.jsonwebtoken:jjwt-api:0.12.5'
+ implementation 'org.springframework.cloud:spring-cloud-starter-openfeign'
+ runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.12.5'
+ runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.12.5'
+
  implementation 'org.springframework.boot:spring-boot-starter-actuator'
- implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
- implementation 'org.springframework.boot:spring-boot-starter-data-redis'
+// implementation 'org.springframework.boot:spring-boot-starter-data-redis'
  implementation 'org.springframework.boot:spring-boot-starter-security'
  implementation 'org.springframework.boot:spring-boot-starter-validation'
  implementation 'org.springframework.boot:spring-boot-starter-web'
- implementation 'org.flywaydb:flyway-core'
- implementation 'org.flywaydb:flyway-mysql'
- implementation 'org.springframework.cloud:spring-cloud-starter-openfeign'
  compileOnly 'org.projectlombok:lombok'
  developmentOnly 'org.springframework.boot:spring-boot-devtools'
+
  runtimeOnly 'com.h2database:h2'
  runtimeOnly 'com.mysql:mysql-connector-j'
+ implementation 'org.springframework.boot:spring-boot-starter-data-jpa'
+ implementation 'org.flywaydb:flyway-mysql'
+ implementation 'org.flywaydb:flyway-core'
+
  annotationProcessor 'org.projectlombok:lombok'
  testImplementation 'org.springframework.boot:spring-boot-starter-test'
  testImplementation 'org.springframework.restdocs:spring-restdocs-mockmvc'
  testImplementation 'org.springframework.security:spring-security-test'
+
+ implementation 'com.querydsl:querydsl-jpa:5.0.0:jakarta'
+ annotationProcessor "com.querydsl:querydsl-apt:5.0.0:jakarta" // 버전 변경
+ annotationProcessor "jakarta.annotation:jakarta.annotation-api"
+ annotationProcessor "jakarta.persistence:jakarta.persistence-api"
+
+
 }
 
 dependencyManagement {
@@ -62,3 +77,16 @@ tasks.named('asciidoctor') {
  inputs.dir snippetsDir
  dependsOn test
 }
+
+jib {
+ from {
+ image = "eclipse-temurin:21"
+ }
+ to {
+ image = "stumeet/server"
+ tags = [version]
+ }
+ container {
+ jvmFlags = ["-Xms128m", "-Xmx128m"]
+ }
+}

docker-compose.yml

@@ -0,0 +1,29 @@
+version: '3.8'
+
+networks:
+ server-connection:
+ driver: bridge
+
+services:
+ nginx:
+ container_name: nginx
+ image: nginx
+ restart: always
+ ports:
+ - '80:80'
+ - '443:443'
+ networks:
+ - server-connection
+ environment:
+ - TZ=Asia/Seoul
+ depends_on:
+ - stumeet-server
+
+ stumeet-server:
+ container_name: stumeet-server
+ image: stumeet/server
+ restart: always
+ expose:
+ - '8080'
+ networks:
+ - server-connection

src/main/java/com/stumeet/server/ServerApplication.java

@@ -2,8 +2,10 @@
 
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cloud.openfeign.EnableFeignClients;
 
 @SpringBootApplication
+@EnableFeignClients
 public class ServerApplication {
 
  public static void main(String[] args) {

src/main/java/com/stumeet/server/common/auth/config/AuthConfig.java

@@ -0,0 +1,14 @@
+package com.stumeet.server.common.auth.config;
+
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.authentication.configuration.AuthenticationConfiguration;
+
+@Configuration
+public class AuthConfig {
+ @Bean
+ public AuthenticationManager authenticationManager(AuthenticationConfiguration authenticationConfiguration) throws Exception {
+ return authenticationConfiguration.getAuthenticationManager();
+ }
+}

src/main/java/com/stumeet/server/common/auth/config/SecurityConfig.java

@@ -0,0 +1,75 @@
+package com.stumeet.server.common.auth.config;
+
+import com.stumeet.server.common.auth.filter.JwtAuthenticationFilter;
+import com.stumeet.server.common.auth.filter.OAuthAuthenticationFilter;
+import com.stumeet.server.common.auth.handler.InvalidAuthenticationFailureHandler;
+import com.stumeet.server.common.auth.handler.OAuthAuthenticationSuccessHandler;
+import com.stumeet.server.common.auth.service.JwtAuthenticationService;
+import com.stumeet.server.common.auth.service.OAuthAuthenticationProvider;
+import com.stumeet.server.common.token.JwtTokenProvider;
+import lombok.RequiredArgsConstructor;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.security.authentication.AuthenticationManager;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.AbstractHttpConfigurer;
+import org.springframework.security.config.annotation.web.configurers.HeadersConfigurer;
+import org.springframework.security.config.http.SessionCreationPolicy;
+import org.springframework.security.web.AuthenticationEntryPoint;
+import org.springframework.security.web.SecurityFilterChain;
+import org.springframework.security.web.access.AccessDeniedHandler;
+import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.security.web.context.RequestAttributeSecurityContextRepository;
+import org.springframework.security.web.context.SecurityContextRepository;
+
+@Configuration
+@RequiredArgsConstructor
+public class SecurityConfig {
+
+ private final InvalidAuthenticationFailureHandler invalidAuthenticationFailureHandler;
+ private final OAuthAuthenticationProvider authenticationProvider;
+ private final AuthenticationManager authenticationManager;
+ private final JwtTokenProvider jwtTokenProvider;
+ private final JwtAuthenticationService jwtAuthenticationService;
+ private final OAuthAuthenticationSuccessHandler oAuthAuthenticationSuccessHandler;
+ private final AuthenticationEntryPoint authenticationEntryPoint;
+ private final AccessDeniedHandler accessDeniedHandler;
+
+ @Bean
+ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception {
+ http.formLogin(AbstractHttpConfigurer::disable);
+ http.rememberMe(AbstractHttpConfigurer::disable);
+ http.httpBasic(AbstractHttpConfigurer::disable);
+ http.logout(AbstractHttpConfigurer::disable);
+ http.csrf(AbstractHttpConfigurer::disable);
+
+ http.headers(headers -> headers.frameOptions(HeadersConfigurer.FrameOptionsConfig::sameOrigin));
+
+ http.sessionManagement(session -> session.sessionCreationPolicy(SessionCreationPolicy.STATELESS));
+
+ http.authenticationProvider(authenticationProvider);
+
+ http.addFilterBefore(new OAuthAuthenticationFilter(invalidAuthenticationFailureHandler, authenticationManager, oAuthAuthenticationSuccessHandler), UsernamePasswordAuthenticationFilter.class);
+ http.addFilterBefore(new JwtAuthenticationFilter(jwtTokenProvider, jwtAuthenticationService), UsernamePasswordAuthenticationFilter.class);
+
+ http.authorizeHttpRequests(auth -> {
+ auth.requestMatchers("/api/v1/oauth").permitAll();
+ auth.requestMatchers("/h2-console/**").permitAll();
+ auth.requestMatchers("/api/v1/signup").hasAnyAuthority("FIRST_LOGIN");
+ auth.anyRequest().authenticated();
+ });
+
+ http.securityContext(securityContext -> securityContext.securityContextRepository(securityContextRepository()));
+
+ http.exceptionHandling(handler -> {
+ handler.authenticationEntryPoint(authenticationEntryPoint);
+ handler.accessDeniedHandler(accessDeniedHandler);
+ });
+
+ return http.build();
+ }
+ @Bean
+ public SecurityContextRepository securityContextRepository() {
+ return new RequestAttributeSecurityContextRepository();
+ }
+}