skill-boost · byb0823 · Nov 28, 2025 · Nov 13, 2025 · Nov 14, 2025 · Nov 14, 2025
diff --git a/.github/workflows/CD.yml b/.github/workflows/CD.yml
@@ -0,0 +1,135 @@
+name: CD
+
+on:
+  push:
+    branches:
+      - main
+
+jobs:
+  deploy:
+    runs-on: ubuntu-latest
+
+    steps:
+      # 코드 체크아웃
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      # DockerHub 로그인
+      - name: Login to DockerHub
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_PASSWORD }}
+
+      # Docker 이미지 빌드 & 푸시
+      - name: Build and Push Docker image
+        run: |
+          docker build -t ${{ secrets.DOCKER_USERNAME }}/skill-boost:${{ github.sha }} .
+          docker push ${{ secrets.DOCKER_USERNAME }}/skill-boost:${{ github.sha }}
+
+      # EC2로 yaml 파일 복사
+      - name: Copy k8s manifests to EC2
+        uses: appleboy/scp-action@master
+        with:
+          host: ${{ secrets.EC2_HOST }}
+          username: ${{ secrets.EC2_USER }}
+          key: ${{ secrets.EC2_SSH_KEY }}
+          source: "k8s/*.yaml"
+          target: "/home/${{ secrets.EC2_USER }}/k8s-manifests"
+
+      # SSH 접속 후 app.yaml의 IMAGE 치환
+      - name: Replace IMAGE in app.yaml on EC2
+        uses: appleboy/[email protected]
+        with:
+          host: ${{ secrets.EC2_HOST }}
+          username: ${{ secrets.EC2_USER }}
+          key: ${{ secrets.EC2_SSH_KEY }}
+          script: |
+            # k8s 매니페스트 디렉토리
+            MANIFEST_DIR="/home/${{ secrets.EC2_USER }}/k8s-manifests/k8s"
+
+            # IMAGE를 GitHub Secret 값으로 치환
+            sed -i "s|IMAGE|${{ secrets.DOCKER_USERNAME }}/skill-boost:${{ github.sha }}|g" "$MANIFEST_DIR/app.yaml"
+
+            echo "✅ app.yaml의 USERNAME 치환 완료"
+
+#      # Github Actions IP 가져오기
+#      - name: Get Github Actions IP
+#        id: ip
+#        uses: haythem/[email protected]
+#
+#      # AWS 보안 그룹에 동적으로 IP 추가
+#      - name: Add Github Actions IP to Security group
+#        run: |
+#          aws ec2 authorize-security-group-ingress --group-id ${{ secrets.AWS_SECRET_GROUP_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
+#        env:
+#          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+#          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+#          AWS_DEFAULT_REGION: ap-northeast-2
+
+      # EC2 SSH → k3s에 Secret 생성 & Deployment 업데이트
+      - name: Deploy to K3s via SSH
+        uses: appleboy/[email protected]
+        with:
+          host: ${{ secrets.EC2_HOST }}
+          username: ${{ secrets.EC2_USER }}
+          key: ${{ secrets.EC2_SSH_KEY }}
+          script: |
+            # 기존 db-secret 삭제
+            kubectl delete secret db-secret
+
+            # -- db-secret 생성 --
+            cat <<EOF | kubectl apply -f -
+            apiVersion: v1
+            kind: Secret
+            metadata:
+              name: db-secret
+              namespace: default
+            type: Opaque
+            stringData:
+                MYSQL_ROOT_PASSWORD: "${{ secrets.DB_PASSWORD }}"
+                MYSQL_DATABASE: "${{ secrets.DB }}"
+                MYSQL_USER: "${{ secrets.DB_USERNAME }}"         
+                MYSQL_PASSWORD: "${{ secrets.DB_PASSWORD }}"
+            EOF
+
+            # 기존 app-secret 삭제
+            kubectl delete secret app-secret
+
+            # -- app-secret 생성 --
+            cat <<EOF | kubectl apply -f -
+            apiVersion: v1
+            kind: Secret
+            metadata:
+              name: app-secret
+              namespace: default
+            type: Opaque
+            stringData:
+              MYSQL_URL: "${{ secrets.MYSQL_URL }}"
+              JWT_SECRET_KEY: "${{ secrets.JWT_SECRET_KEY }}"
+              GITHUB_CLIENT_SECRET: "${{ secrets.GITHUB_CLIENT_SECRET }}"
+            EOF
+
+            # -- 매니페스트 파일 적용 --
+            cd /home/${{ secrets.EC2_USER }}/k8s-manifests/k8s
+            kubectl apply -f .
+
+            # -- 롤링 업데이트 완료 대기 --
+            kubectl rollout status deployment/skill-boost-app --timeout=5m
+
+            # -- 배포 결과 확인 --
+            kubectl get pods -l app=skill-boost-app
+            echo "✅ Deployment successful!"
+
+            # -- 사용하지 않는 이미지 삭제 --
+            sudo k3s ctr images prune --all
+
+      # AWS 보안 그룹에서 IP 제거
+#      - name: Remove Github Actions IP from security group
+#        if: always()
+#        run: |
+#          aws ec2 revoke-security-group-ingress --group-id ${{ secrets.AWS_SECRET_GROUP_ID }} --protocol tcp --port 22 --cidr ${{ steps.ip.outputs.ipv4 }}/32
+#        env:
+#          AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+#          AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+#          AWS_DEFAULT_REGION: ap-northeast-2
diff --git a/.github/workflows/CI.yml b/.github/workflows/CI.yml
@@ -0,0 +1,45 @@
+name: pull request CI
+
+on:
+  workflow_dispatch:
+  pull_request:
+    branches:
+      - main
+      - develop
+
+jobs:
+  build-and-test:
+    runs-on: ubuntu-latest
+
+    steps:
+      # 코드 체크아웃
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      # JDK 21 설정
+      - name: Set up JDK 21
+        uses: actions/setup-java@v4
+        with:
+          distribution: 'temurin'
+          java-version: '21'
+          cache: 'gradle'
+
+      # Gradle wrapper 실행 권한 부여
+      - name: Grant execute permission for gradlew
+        run: chmod +x gradlew
+
+      # 빌드 & 테스트
+      - name: Build and Test
+        run: ./gradlew clean build
+        env:
+          SPRING_PROFILES_ACTIVE: test
+
+      # 테스트 결과 업로드
+      - name: Upload Test Artifacts
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: test-results
+          path: |
+            build/reports/tests/test/
+            build/test-results/test/
diff --git a/Dockerfile b/Dockerfile
@@ -0,0 +1,25 @@
+FROM gradle:8.8-jdk21 AS builder
+
+WORKDIR /app
+
+# Gradle 캐시 활용
+COPY build.gradle settings.gradle gradlew ./
+COPY gradle gradle
+RUN ./gradlew dependencies || true
+
+# 소스 코드 복사
+COPY . .
+
+# 빌드
+RUN chmod +x gradlew
+RUN ./gradlew clean build -x test
+
+FROM amazoncorretto:21
+
+WORKDIR /app
+
+COPY --from=builder /app/build/libs/*.jar app.jar
+
+EXPOSE 8080
+
+ENTRYPOINT ["java", "-jar", "app.jar"]
diff --git a/app.yaml b/app.yaml
diff --git a/build.gradle b/build.gradle
@@ -34,7 +34,16 @@ dependencies {
     runtimeOnly 'com.mysql:mysql-connector-j'
     annotationProcessor 'org.projectlombok:lombok'
     testImplementation 'org.springframework.boot:spring-boot-starter-test'
+    testImplementation 'com.h2database:h2'
     testRuntimeOnly 'org.junit.platform:junit-platform-launcher'
+
+    implementation 'org.springframework.boot:spring-boot-starter-security'
+    implementation 'org.springframework.boot:spring-boot-starter-oauth2-client'
+    implementation 'io.jsonwebtoken:jjwt-api:0.11.5'
+    runtimeOnly 'io.jsonwebtoken:jjwt-impl:0.11.5'
+    runtimeOnly 'io.jsonwebtoken:jjwt-jackson:0.11.5'
+    implementation 'org.springdoc:springdoc-openapi-starter-webmvc-ui:2.3.0'
+
 }
 
 tasks.named('test') {

diff --git a/k8s/app.yaml b/k8s/app.yaml
@@ -0,0 +1,69 @@
+apiVersion: apps/v1
+kind: Deployment
+metadata:
+  name: skill-boost-app
+  namespace: default
+spec:
+  replicas: 2
+  selector:
+    matchLabels:
+      app: skill-boost-app
+  strategy:
+    type: RollingUpdate
+    rollingUpdate:
+      maxSurge: 1
+      maxUnavailable: 0
+  template:
+    metadata:
+      labels:
+        app: skill-boost-app
+    spec:
+      containers:
+        - name: skill-boost-app
+          image: IMAGE
+          imagePullPolicy: Always
+          ports:
+            - containerPort: 8080
+          env:
+            - name: SPRING_PROFILES_ACTIVE
+              value: "prod"
+          envFrom:
+            - secretRef:
+                name: db-secret
+            - secretRef:
+                name: app-secret
+---
+apiVersion: v1
+kind: Service
+metadata:
+  name: skill-boost-service
+  namespace: default
+  labels:
+    app: skill-boost-app
+spec:
+  ports:
+    - port: 80
+      protocol: TCP
+      targetPort: 8080
+  selector:
+    app: skill-boost-app
+  sessionAffinity: None
+  type: ClusterIP
+---
+apiVersion: networking.k8s.io/v1
+kind: Ingress
+metadata:
+  name: skill-boost-app-ingress
+  namespace: default
+spec:
+  ingressClassName: traefik
+  rules:
+    - http:
+        paths:
+          - path: /
+            pathType: Prefix
+            backend:
+              service:
+                name: skill-boost-service
+                port:
+                  number: 80
diff --git a/mysql.yaml → k8s/mysql.yaml b/mysql.yaml → k8s/mysql.yaml
@@ -31,12 +31,13 @@ spec:
         accessModes: ["ReadWriteOnce"]
         resources:
           requests:
-            storage: 5Gi
+            storage: 1Gi
 ---
 apiVersion: v1
 kind: Service
 metadata:
   name: mysql
+  namespace: default
 spec:
   selector:
     app: mysql

diff --git a/src/main/java/com/example/skillboost/TestController.java b/src/main/java/com/example/skillboost/TestController.java
@@ -0,0 +1,12 @@
+package com.example.skillboost;
+
+import org.springframework.web.bind.annotation.GetMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+@RestController
+public class TestController {
+    @GetMapping("/")
+    public String hello() {
+        return "Hello World!";
+    }
+}