[#9] CICD: Gradle 빌드/Docker 배포 자동화를 위한 workflow.yml 추가

[Yujin1219]

#️⃣ 연관된 이슈

• 👷 CI/CD: CICD 구축 #9

📝 작업 내용

• Gradle 빌드/Docker 배포 자동화를 위한 workflow.yml 추가

📌 공유 사항

✅ 체크리스트

• Reviewer에 팀원들을 선택 했나요?
• Assignees에 본인을 선택 했나요?
• Merge 하려는 브랜치가 올바르게 설정되어 있나요?
• 컨벤션을 지키고 있나요?
• 로컬에서 실행했을 때 에러가 발생하지 않나요?
• 불필요한 주석이 제거되었나요?
• 코드 스타일이 일관적인가요?

스크린샷 (선택)

💬 리뷰 요구사항 (선택)

ex) 메서드 XXX의 이름을 더 잘 짓고 싶은데 혹시 좋은 명칭이 있을까요? or 변경 사항 등

Summary by CodeRabbit

릴리스 노트

• Chores
  • GitHub Actions 기반 자동화된 CI/CD 파이프라인 도입
  • develop 브랜치로의 푸시 및 풀 리퀘스트 시 자동 빌드 및 배포 수행
  • 개발 서버로의 자동 배포 프로세스 구현으로 배포 효율성 향상

_{✏️ Tip: You can customize this high-level summary in your review settings.}

[coderabbitai]

Walkthrough

새로운 GitHub Actions CI/CD 워크플로우를 도입합니다. 워크플로우는 수동 실행, develop 브랜치 푸시 및 풀 리퀘스트로 트리거되며, Gradle을 이용한 빌드, Docker 이미지 생성 및 푸시, SSH를 통한 개발 서버 배포를 포함합니다.

Changes

Cohort / File(s)	Change Summary
GitHub Actions CI/CD 워크플로우 \.github/workflows/workflow\.yml	새로운 CI/CD 워크플로우 파일 생성. TripTalk 프로젝트의 Gradle 빌드, Docker 이미지 생성 및 레지스트리 푸시, develop 브랜치 배포 시 SSH를 통한 개발 서버 배포를 수행하는 작업 정의

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Title check	✅ Passed	PR 제목은 GitHub Actions workflow.yml 파일 추가를 통한 Gradle 빌드 및 Docker 배포 자동화라는 변경사항의 핵심을 명확하게 설명하고 있습니다.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check	✅ Passed	PR 설명이 필요한 섹션들을 대부분 포함하고 있으며, 관련 이슈(#9)와 작업 내용(workflow.yml 추가)이 명확하게 기술되어 있습니다.

✨ Finishing touches

• 📝 Generate docstrings

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch cicd/#9

---

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 3

🧹 Nitpick comments (1)

.github/workflows/workflow.yml (1)

73-86: 배포 후 상태 확인 단계를 추가하세요

Docker 컨테이너가 성공적으로 시작되었는지 검증하는 단계가 없습니다. 배포 후 헬스 체크나 기본 연결 테스트를 추가하면 배포 실패를 더 빠르게 감지할 수 있습니다.

            # 컨테이너 재시작
            docker-compose -f docker-compose.yml up -d --remove-orphans

+           # 컨테이너 상태 확인
+           sleep 5
+           docker-compose -f docker-compose.yml ps

            # 사용하지 않는 이미지 삭제
            docker image prune -f

📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a7ce655 and 55d76d3.

📒 Files selected for processing (1)

• .github/workflows/workflow.yml (1 hunks)

🔇 Additional comments (1)

.github/workflows/workflow.yml (1)

64-86: Verify docker-compose.yml configuration consistency

The deployment script references ${{ secrets.DOCKER_USERNAME }}/triptalk-spring:latest but without access to the docker-compose.yml file, the consistency between the workflow's image name and the compose file's service configuration cannot be validated. Ensure the image name and service configuration in docker-compose.yml match the deployment parameters.

[coderabbitai]

⚠️ Potential issue | 🔴 Critical

⚠️ application.yml을 로그에 노출하고 있습니다 - 민감한 정보가 유출될 위험

설정 파일의 전체 내용을 워크플로우 로그에 출력하면 데이터베이스 비밀번호, API 키, 토큰 등 민감한 정보가 노출됩니다. GitHub 로그는 기본적으로 공개되므로 보안 위험이 매우 높습니다.

디버그 출력(46-47줄)을 제거해야 합니다.

  - name: Make application.yml from Secret
    run: |
      mkdir -p ./src/main/resources
      echo "${{ secrets.APPLICATION_DEV_YML_BASE64 }}" | base64 --decode > ./src/main/resources/application.yml
-     echo "=== [DEBUG] application.yml ==="
-     cat ./src/main/resources/application.yml

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# 4. application.yml 생성
	- name: Make application.yml from Secret
	run: |
	mkdir -p ./src/main/resources
	echo "${{ secrets.APPLICATION_DEV_YML_BASE64 }}" | base64 --decode > ./src/main/resources/application.yml
	echo "=== [DEBUG] application.yml ==="
	cat ./src/main/resources/application.yml
	# 4. application.yml 생성
	- name: Make application.yml from Secret
	run: |
	mkdir -p ./src/main/resources
	echo "${{ secrets.APPLICATION_DEV_YML_BASE64 }}" | base64 --decode > ./src/main/resources/application.yml

🤖 Prompt for AI Agents

.github/workflows/workflow.yml around lines 41 to 47: the workflow currently
writes application.yml from a base64 secret and then prints its full contents to
the log (lines 46-47), exposing sensitive credentials; remove the debug/print
steps that output the file contents (the echo "=== [DEBUG] application.yml ==="
and the cat command) so the secret is not logged, and if you need to verify
creation retain only non-sensitive checks (e.g., test file existence or size)
without printing file content.

[coderabbitai]

⚠️ Potential issue | 🟠 Major

Docker 로그인 시 보안 모범 사례를 따르세요

현재 방식은 docker login 커맨드에 비밀번호를 직접 전달하고 있어 쉘 히스토리와 로그에 노출될 수 있습니다. 공식 Docker GitHub Actions를 사용하면 자격증명이 안전하게 처리됩니다.

      # 7. Docker Build & Push
-     - name: Docker Build & Push
-       run: |
-         docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
-         docker build -t ${{ secrets.DOCKER_USERNAME }}/triptalk-spring:latest .
-         docker push ${{ secrets.DOCKER_USERNAME }}/triptalk-spring:latest
+     - name: Log in to Docker Hub
+       uses: docker/login-action@v3
+       with:
+         username: ${{ secrets.DOCKER_USERNAME }}
+         password: ${{ secrets.DOCKER_PASSWORD }}
+
+     - name: Build and push Docker image
+       uses: docker/build-push-action@v5
+       with:
+         push: true
+         tags: ${{ secrets.DOCKER_USERNAME }}/triptalk-spring:latest

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	- name: Docker Build & Push
	run: |
	docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
	docker build -t ${{ secrets.DOCKER_USERNAME }}/triptalk-spring:latest .
	docker push ${{ secrets.DOCKER_USERNAME }}/triptalk-spring:latest
	- name: Log in to Docker Hub
	uses: docker/login-action@v3
	with:
	username: ${{ secrets.DOCKER_USERNAME }}
	password: ${{ secrets.DOCKER_PASSWORD }}
	- name: Build and push Docker image
	uses: docker/build-push-action@v5
	with:
	push: true
	tags: ${{ secrets.DOCKER_USERNAME }}/triptalk-spring:latest

🤖 Prompt for AI Agents

.github/workflows/workflow.yml around lines 58-62: current step runs `docker
login` with the password on the command line which can leak credentials; replace
the manual login with the official GitHub Action (docker/login-action) to
authenticate using secrets, then either use docker/build-push-action to build
and push in a single step or remove the manual `docker login` before calling
`docker build`/`docker push`; update the job to call - uses:
docker/login-action@v2 with with: username: ${{ secrets.DOCKER_USERNAME }} and
password: ${{ secrets.DOCKER_PASSWORD }} (and switch to uses:
docker/build-push-action@v4 with appropriate with: context, push: true, tags:
...) so credentials are handled securely and not exposed in logs.

[coderabbitai]

🛠️ Refactor suggestion | 🟠 Major

불필요한 작업을 제거하세요

current-time 작업은 워크플로우 실행 후 현재 시간을 출력하는 것만 하며, 실제 CI/CD 파이프라인에 기능적 가치를 제공하지 않습니다. 또한 외부 액션에 대한 불필요한 의존성을 추가합니다. 이 작업을 제거하는 것이 좋습니다.

      - name: Print Current Time
        run: echo "Current Time=${{steps.current-time.outputs.formattedTime}}"
-
- # 9. 현재 시간 출력
- current-time:
-   needs: CI-CD
-   runs-on: ubuntu-latest
-   steps:
-     - name: Get Current Time
-       uses: 1466587594/get-current-time@v2
-       id: current-time
-       with:
-         format: YYYY-MM-DDTHH:mm:ss
-         utcOffset: "+09:00"
-
-     - name: Print Current Time
-       run: echo "Current Time=${{steps.current-time.outputs.formattedTime}}"

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	# 9. 현재 시간 출력
	current-time:
	needs: CI-CD
	runs-on: ubuntu-latest
	steps:
	- name: Get Current Time
	uses: 1466587594/get-current-time@v2
	id: current-time
	with:
	format: YYYY-MM-DDTHH:mm:ss
	utcOffset: "+09:00"
	- name: Print Current Time
	run: echo "Current Time=${{steps.current-time.outputs.formattedTime}}"
	# Other jobs...

🤖 Prompt for AI Agents

.github/workflows/workflow.yml around lines 88 to 101: the reviewer says the
"current-time" job is unnecessary and adds an external dependency; remove the
entire "current-time" job block (including its steps) from the workflow and
ensure no other jobs list it in their "needs" arrays or depend on its outputs;
if any job references needs: current-time or uses outputs from that job, update
those jobs to remove that dependency or replace the dependency with the correct
one so the workflow DAG remains valid.