[ALL-Feat] 배포 스크립트 작성

[kwon204]

#️⃣ 연관된 이슈>

• [Feature] 배포 스크립트 작성 #193

📝 작업 내용> 이번 PR에서 작업한 내용을 간략히 설명해주세요(이미지 첨부 가능)

프론트엔드, 백엔드 배포 github actions 스크립트를 작성했습니다.

🙏 여기는 꼭 봐주세요! > 리뷰어가 특별히 봐주었으면 하는 부분이 있다면 작성해주세요

스크립트에 잘못된 건 없는지 확인해주세요.

Summary by CodeRabbit

• New Features

  • Added a service health endpoint to quickly verify system status.
  • Updated the OAuth callback URL to include API versioning for consistent authentication flows.
  • Introduced automated deployment pipelines for both backend and frontend applications.

• Chores

  • Enhanced environment-specific build configurations for smoother operations.
  • Expanded JWT filter exclusions to include the health check endpoint.

[coderabbitai]

Walkthrough

This update introduces new GitHub Actions workflows for continuous deployment of both backend and frontend applications. The backend CD workflow builds the application with JDK/Gradle and deploys JAR files to an EC2 instance, while the frontend CD workflow sets up Node.js, installs dependencies with pnpm, builds the app, and deploys built files. Additionally, the CI workflow is modified to create an environment-specific configuration file and activate the dev profile. The PR also updates the OAuth callback endpoint for API versioning, adds a health check endpoint, and adjusts JWT filtering to bypass health checks.

Changes

File(s)	Change Summary
.github/workflows/be-cd.yml, .github/workflows/fe-cd.yml	Added new GitHub Actions workflows for backend (be-cd) and frontend (fe-cd) continuous deployment. The backend workflow builds and deploys the application to EC2, while the frontend workflow builds the frontend application and deploys it to EC2.
.github/workflows/be-ci.yml	Updated backend CI workflow to generate an environment-specific configuration (application-dev.yml) and build with the dev profile (-Dspring.profiles.active=dev).
backend/.../AuthController.java	Updated the OAuth callback mapping from /oauth2/callback to /api/v1/oauth2/callback to reflect API versioning.
backend/.../HealthController.java, backend/.../JwtAuthFilter.java	Introduced a new health check endpoint (/health) in HealthController; modified JwtAuthFilter to exclude the /health path from JWT authentication filtering.

Sequence Diagram(s)

sequenceDiagram
    participant Dev as Developer
    participant GH as GitHub Actions
    participant EC2 as EC2 Instance

    Dev->>GH: Push code to dev/main (backend)
    GH->>GH: Checkout code & setup JDK
    GH->>GH: Configure application & build project (Gradle)
    GH->>EC2: Copy JAR files via SCP
    GH->>EC2: Execute deployment script via SSH
    EC2->>GH: Acknowledge deployment

Loading

sequenceDiagram
    participant Dev as Developer
    participant GH as GitHub Actions
    participant EC2 as EC2 Instance

    Dev->>GH: Push code to dev/main (frontend)
    GH->>GH: Checkout code & setup Node.js environment
    GH->>GH: Install pnpm & build frontend application
    GH->>EC2: Copy built files via SCP
    GH->>EC2: Execute deployment script via SSH
    EC2->>GH: Confirm deployment complete

Loading

Possibly related PRs

• [BE-Feat] ci 파일 추가 #161: The changes in the main PR regarding the deployment workflow for the backend application are related to the modifications in the retrieved PR that also involve the handling of the application configuration file and build process within the CI workflow.
• [BE-Fix] 쿠키 삭제, 인증 헤더 사용으로 변경 #172: The changes in the main PR are related to the modifications made in the AuthController.java file of the retrieved PR, specifically regarding the oauthCallback method, which is altered in both PRs.
• [BE-Feat] 구글 토큰 관리 기능 구현 #112: The changes in the main PR, specifically the modification of the oauthCallback method's mapping in the AuthController, are directly related to the changes in the retrieved PR, which also involves the oauthCallback method in the AuthController class, albeit with different functionality.

Suggested reviewers

• efdao

Poem

I’m a rabbit on the run,
Hopping through workflows under the sun.
New CD paths and endpoints take flight,
Health checks and builds make everything right.
From code to EC2, I celebrate with delight! 🐇

---

Thank you for using CodeRabbit. We offer it for free to the OSS community and would appreciate your support in helping us grow. If you find it useful, would you consider giving us a shout-out on your favorite social media?

❤️ Share

• X
• Mastodon
• Reddit
• LinkedIn

🪧 Tips

Chat

There are 3 ways to chat with CodeRabbit:

• Review comments: Directly reply to a review comment made by CodeRabbit. Example:
  • I pushed a fix in commit <commit_id>, please review it.
  • Generate unit testing code for this file.
  • Open a follow-up GitHub issue for this discussion.
• Files and specific lines of code (under the "Files changed" tab): Tag @coderabbitai in a new review comment at the desired location with your query. Examples:
  • @coderabbitai generate unit testing code for this file.
  • @coderabbitai modularize this function.
• PR comments: Tag @coderabbitai in a new PR comment to ask questions about the PR branch. For the best results, please provide a very specific query, as very limited context is provided in this mode. Examples:
  • @coderabbitai gather interesting stats about this repository and render them as a table. Additionally, render a pie chart showing the language distribution in the codebase.
  • @coderabbitai read src/utils.ts and generate unit testing code.
  • @coderabbitai read the files in the src/scheduler package and generate a class diagram using mermaid and a README in the markdown format.
  • @coderabbitai help me debug CodeRabbit configuration file.

Note: Be mindful of the bot's finite context window. It's strongly recommended to break down tasks such as reading entire modules into smaller chunks. For a focused discussion, use review comments to chat about specific files and their changes, instead of using the PR comments.

CodeRabbit Commands (Invoked using PR comments)

• @coderabbitai pause to pause the reviews on a PR.
• @coderabbitai resume to resume the paused reviews.
• @coderabbitai review to trigger an incremental review. This is useful when automatic reviews are disabled for the repository.
• @coderabbitai full review to do a full review from scratch and review all the files again.
• @coderabbitai summary to regenerate the summary of the PR.
• @coderabbitai generate docstrings to generate docstrings for this PR. (Beta)
• @coderabbitai resolve resolve all the CodeRabbit review comments.
• @coderabbitai configuration to show the current CodeRabbit configuration for the repository.
• @coderabbitai help to get help.

Other keywords and placeholders

• Add @coderabbitai ignore anywhere in the PR description to prevent this PR from being reviewed.
• Add @coderabbitai summary to generate the high-level summary at a specific location in the PR description.
• Add @coderabbitai anywhere in the PR title to generate the title automatically.

CodeRabbit Configuration File (.coderabbit.yaml)

• You can programmatically configure CodeRabbit by adding a .coderabbit.yaml file to the root of your repository.
• Please see the configuration documentation for more information.
• If your editor has YAML language server enabled, you can add the path at the top of this file to enable auto-completion and validation: # yaml-language-server: $schema=https://coderabbit.ai/integrations/schema.v2.json

Documentation and Community

• Visit our Documentation for detailed information on how to use CodeRabbit.
• Join our Discord Community to get help, request features, and share feedback.
• Follow us on X/Twitter for updates and announcements.

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (5)

backend/src/main/java/endolphin/backend/global/health/HealthController.java (1)

1-14: LGTM! Consider enhancing the health check response.

The health check endpoint is correctly implemented. However, consider enriching the response with additional system information.

Consider using Spring Boot's built-in health check mechanism or enhancing the response with more details:

-    @GetMapping("/health")
-    public ResponseEntity<String> health() {
-        return ResponseEntity.ok("UP");
-    }
+    @GetMapping("/health")
+    public ResponseEntity<Map<String, Object>> health() {
+        Map<String, Object> healthInfo = new HashMap<>();
+        healthInfo.put("status", "UP");
+        healthInfo.put("timestamp", LocalDateTime.now());
+        healthInfo.put("version", "1.0"); // Add your application version
+        return ResponseEntity.ok(healthInfo);
+    }

.github/workflows/be-cd.yml (3)

24-30: Application Configuration Setup is Functional
The script creates the required directory and writes the production configuration file (application-prod.yml) using the secret provided. Consider verifying that the contents of ${{ secrets.APPLICATION_PROD_YML }} are valid YAML and that file permissions are appropriately restricted after creation.

---

42-51: File Transfer to EC2: Consider Pinning Action Versions
The step uses appleboy/scp-action@master to copy the built JAR files to the EC2 instance. It is recommended to pin the action to a specific version or commit hash (e.g., appleboy/[email protected]) to prevent unexpected breaking changes from upstream updates.

Suggested Diff:

-        uses: appleboy/scp-action@master
+        uses: appleboy/[email protected]

(Replace v0.1.0 with your tested stable version.)

---

52-61: Deployment Step is Functional with a Minor Formatting Note
The deployment step uses appleboy/ssh-action@master to run a deployment script on the EC2 instance. Similar to the SCP step, consider pinning this action to a specific version. Additionally, static analysis has noted the absence of a newline at the end of the file; please add a newline to conform to YAML style guidelines.

Suggested Diff:

-             bash deploy_scripts/backend_deploy.sh
+             bash deploy_scripts/backend_deploy.sh

+  # Ensure the file ends with a newline

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 61-61: no new line character at the end of file

(new-line-at-end-of-file)

.github/workflows/be-ci.yml (1)

28-32: Application Configuration for CI is Correctly Handled
The steps create the required directory and write the application-dev.yml file using the ${{ secrets.APPLICATION_DEV_YML }} secret. Verify that the secret contains valid configuration and consider any permissions that might be required for the file.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 28a3027 and 16ccf8b.

📒 Files selected for processing (6)

• .github/workflows/be-cd.yml (1 hunks)
• .github/workflows/be-ci.yml (2 hunks)
• .github/workflows/fe-cd.yml (1 hunks)
• backend/src/main/java/endolphin/backend/domain/auth/AuthController.java (1 hunks)
• backend/src/main/java/endolphin/backend/global/health/HealthController.java (1 hunks)
• backend/src/main/java/endolphin/backend/global/security/JwtAuthFilter.java (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

.github/workflows/be-cd.yml

[error] 61-61: no new line character at the end of file

(new-line-at-end-of-file)

.github/workflows/fe-cd.yml

[error] 58-58: no new line character at the end of file

(new-line-at-end-of-file)

🪛 actionlint (1.7.4)

.github/workflows/fe-cd.yml

15-15: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

---

19-19: the runner of "actions/setup-node@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

⏰ Context from checks skipped due to timeout of 90000ms (1)

• GitHub Check: Send PR Notification to Reviewers

🔇 Additional comments (18)

backend/src/main/java/endolphin/backend/domain/auth/AuthController.java (1)

33-33:

Details

❓ Verification inconclusive

LGTM! Verify frontend callback configuration.

The endpoint change follows API versioning best practices and is consistent with other endpoints.

Please ensure that the frontend callback configuration in .env file is updated to match the new versioned endpoint:

---

🏁 Script executed:

#!/bin/bash
# Description: Check if the frontend callback configuration matches the new endpoint.

# Search for OAuth callback configuration in frontend files
rg -l "oauth2/callback" frontend/

Length of output: 33

---

Action Required: Verify Frontend Callback Configuration

The backend endpoint update to /api/v1/oauth2/callback is consistent with our versioning best practices. However, the verification script did not yield any callback configuration references in the frontend. Please manually verify that the frontend configuration (for example, in the .env file or any related configuration file) has been updated to use the new versioned endpoint.

• Confirm that the callback URL in the frontend configuration is /api/v1/oauth2/callback.
• If it hasn’t been updated, please make the necessary adjustments.

backend/src/main/java/endolphin/backend/global/security/JwtAuthFilter.java (1)

68-69: LGTM! Health endpoint correctly excluded from JWT authentication.

The health endpoint is appropriately added to the excluded paths list, making it publicly accessible.

.github/workflows/fe-cd.yml (1)

56-58:

Details

❓ Verification inconclusive

Verify the frontend deployment script and add newline.

The workflow executes a deployment script on EC2, but we need to verify its existence and contents.

Run this script to check the deployment script:

Also, add a newline at the end of the file:

            cd ~/app
-            bash deploy_scripts/frontend_deploy.sh
+            bash deploy_scripts/frontend_deploy.sh
+

---

🏁 Script executed:

#!/bin/bash
# Description: Check if the frontend deployment script exists and has correct permissions.

# Check if the script exists and is executable
ssh ${{ secrets.EC2_USERNAME }}@${{ secrets.EC2_HOST }} '
  if [ -f ~/app/deploy_scripts/frontend_deploy.sh ]; then
    ls -l ~/app/deploy_scripts/frontend_deploy.sh
    echo "Content of frontend_deploy.sh:"
    cat ~/app/deploy_scripts/frontend_deploy.sh
  else
    echo "Error: frontend_deploy.sh not found"
    exit 1
  fi
'

Length of output: 140

---

Action Required: Verify Deployment Script Functionality & Append Newline

The attempted verification script failed with a "bad substitution" error because the placeholder syntax (${{ secrets.EC2_USERNAME }} and ${{ secrets.EC2_HOST }}) wasn’t replaced. This suggests that running the script outside the GitHub Actions environment does not properly substitute these secrets.

• Deployment Script Verification:
  Please manually verify on the EC2 instance that the file ~/app/deploy_scripts/frontend_deploy.sh exists, has the correct permissions, and contains the expected content. Alternatively, run the verification snippet within the GitHub Actions environment where the secrets are processed correctly.

• Newline Addition:
  Ensure that the workflow file ends with a newline to maintain proper formatting. The diff snippet remains as follows:

              cd ~/app
  -            bash deploy_scripts/frontend_deploy.sh
  +            bash deploy_scripts/frontend_deploy.sh
  +

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 58-58: no new line character at the end of file

(new-line-at-end-of-file)

.github/workflows/be-cd.yml (7)

1-1: Workflow Name is Appropriate
The workflow is named "be-cd" which clearly indicates it is related to backend continuous deployment.

---

3-10: Trigger Configuration Looks Correct
The workflow is configured to trigger on pushes to the dev and main branches when changes occur under the backend/** path. This setup should ensure deployments happen only when relevant changes occur.

---

11-13: Job Definition is Clear and Concise
The job named deploy runs on ubuntu-latest, which is appropriate for the tasks performed.

---

15-16: Checkout Step is Standard
Using actions/checkout@v4 to retrieve the code is a common and correct approach.

---

17-23: JDK Setup is Configured Properly
The action actions/setup-java@v4 is correctly used to set up JDK 17 with the Corretto distribution and Gradle caching. This should optimize build times.

---

31-36: Grant Execute Permission Step is Correct
Granting execution permissions for gradlew within the ./backend directory is necessary and implemented correctly.

---

37-41: Backend Build Step is Well-Defined
The build command runs Gradle with a clean build, activates the prod profile, and skips tests with -x test. If your testing is handled separately, this is acceptable for deployment builds.

.github/workflows/be-ci.yml (8)

1-1: Workflow Name is Appropriate
The workflow is named "be-ci", clearly indicating its purpose for continuous integration of the backend.

---

3-9: Pull Request Trigger Configuration is Sound
This workflow is triggered on pull requests targeting the dev branch when changes occur under the backend/** path. This focused trigger helps ensure that CI runs only when backend-related changes are made.

---

14-17: Use of Defaults for Working Directory is a Good Practice
Setting the default working directory to ./backend for all run steps helps reduce repetition and maintain consistency throughout the workflow.

---

19-26: JDK Setup is Configured Properly in CI
The use of actions/setup-java@v4 with the Corretto distribution and Gradle caching is appropriate, ensuring that the build environment is consistent.

---

34-37: Grant Execute Permission is Implemented Correctly
The command to grant execute permissions for gradlew is in place and should work as expected.

---

39-42: Build Command is Appropriate for the CI Environment
Invoking Gradle with the dev profile ensures that the appropriate configurations are applied during the build. Unlike the deployment build, tests are not explicitly skipped here, which is usually desirable in a CI context.

---

44-50: Test Results Upload Step is Standard
Using actions/upload-artifact@v4 to archive test results is a good strategy to ensure test outcomes are recorded even on failures.

---

51-78: PR Status Update Step is Well-Structured
The step uses actions/github-script@v7 to update the PR status based on the job result. Ensure that the expression context.payload.pull_request.head.sha always resolves correctly in your context. Overall, this mechanism provides clear feedback on your CI job.

[coderabbitai]

⚠️ Potential issue

Update GitHub Actions versions.

The workflow uses outdated versions of actions that need to be updated.

Apply these changes:

-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4

-        uses: actions/setup-node@v3
+        uses: actions/setup-node@v4

Also applies to: 19-19

🧰 Tools

🪛 actionlint (1.7.4)

15-15: the runner of "actions/checkout@v3" action is too old to run on GitHub Actions. update the action's version to fix this issue

(action)

[efdao]

p3; application-prod에 h2 enable 제거해주세요

[coderabbitai]

Actionable comments posted: 1

🧹 Nitpick comments (3)

.github/workflows/be-cd.yml (3)

23-28: Application Configuration File Setup Naming: The step is titled "Set up application.yml file" while the script creates an application-dev.yml file. For clarity and consistency, consider renaming the step to "Set up application-dev.yml file" to match the generated file name.

---

41-50: Action Version Pinning for File Transfer: The job uses appleboy/scp-action@master to copy built JAR files to the EC2 instance. For enhanced stability and security, it is advisable to pin this action to a specific version (e.g., a release tag) rather than using @master, which may change unexpectedly.

---

51-60: Deployment Action Version Pinning: Similar to the file transfer step, the deployment step uses appleboy/ssh-action@master to execute the deploy script on the EC2 instance. Pinning this action to a fixed version is recommended to avoid potential issues from upstream changes.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 60-60: no new line character at the end of file

(new-line-at-end-of-file)

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 16ccf8b and e43581f.

📒 Files selected for processing (1)

• .github/workflows/be-cd.yml (1 hunks)

🧰 Additional context used

🪛 YAMLlint (1.35.1)

.github/workflows/be-cd.yml

[error] 60-60: no new line character at the end of file

(new-line-at-end-of-file)

🔇 Additional comments (5)

.github/workflows/be-cd.yml (5)

1-2: Workflow Naming is Clear: The workflow is aptly named "be-cd", which immediately communicates its purpose for backend continuous deployment.

---

3-9: Push Trigger Configuration Check: The trigger is configured to activate on pushes to the dev branch for any changes under the backend/** directory. This targeted trigger ensures deployments only occur when backend-related changes are made.

---

16-22: JDK Setup Configuration: The job correctly sets up JDK 17 using the Corretto distribution with Gradle caching enabled. This configuration aligns well with your build requirements.

---

30-34: Granting Execute Permissions: The command to grant execution permissions to gradlew is straightforward and correctly scoped to the backend directory.

---

36-40: Build Command & Profile Validation: The build step invokes ./gradlew clean build -Dspring.profiles.active=dev -x test, which is appropriate for building the backend with the dev profile and skipping tests. Just ensure that bypassing tests during deployment is intentional (e.g., if tests are already handled in a dedicated CI workflow).

[coderabbitai]

⚠️ Potential issue

Newline at End of File: YAMLlint has flagged that there is no newline at the end of the file. Please add a newline character after the last line to comply with standard formatting practices.

🧰 Tools

🪛 YAMLlint (1.35.1)

[error] 60-60: no new line character at the end of file

(new-line-at-end-of-file)

[efdao]

고생하셨습니다.

[coderabbitai]

Actionable comments posted: 0

🧹 Nitpick comments (3)

.github/workflows/fe-cd.yml (3)

28-32: .env File Generation: Validate Secret Format.

The step that sets up the environment file by echoing ${{ secrets.FE_ENV }} into .env is straightforward. Please ensure that the secret's format matches what your application expects (e.g., proper newlines and key-value pairs). Consider adding a comment or validation if this file is critical to the application configuration.

---

39-48: File Transfer to EC2: Consider Pinning Action Versions.

The step using appleboy/scp-action@master effectively transfers files to the EC2 instance. However, using the master branch can expose you to unexpected changes. It is advisable to pin this action to a specific, stable version (or tag) for increased security and reproducibility. For example:

-        uses: appleboy/scp-action@master
+        uses: appleboy/[email protected]  # or the latest stable release

---

49-59: Deployment Step: Pin the SSH Action Version.

Executing the deployment script using appleboy/ssh-action@master works, but similar to the scp action, it is safer to pin to a specific version to avoid potential breaking changes:

-        uses: appleboy/ssh-action@master
+        uses: appleboy/[email protected]  # or the latest stable release

Additionally, ensure that the deployment script path (deploy_scripts/frontend_deploy.sh) exists on the EC2 instance and has the proper permissions set.

📜 Review details

Configuration used: CodeRabbit UI
Review profile: CHILL
Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between e43581f and 39f6fc2.

📒 Files selected for processing (2)

• .github/workflows/be-cd.yml (1 hunks)
• .github/workflows/fe-cd.yml (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

• .github/workflows/be-cd.yml

🔇 Additional comments (7)

.github/workflows/fe-cd.yml (7)

1-2: Workflow Name is Clear and Descriptive.

The declaration name: fe-cd succinctly indicates that this workflow is for the frontend continuous deployment.

---

3-10: Trigger Conditions are Well Defined.

The workflow is triggered on pushes to the dev and main branches when changes occur under the frontend/ directory. This clearly scopes the deployment to relevant updates.

---

11-14: Job Configuration Appears Correct.

The deploy job is set to run on ubuntu-latest, which is a standard choice for GitHub Actions workflows.

---

15-16: Source Checkout Step is Updated.

Using actions/checkout@v4 confirms that the repository is being checked out with an up-to-date action version.

---

17-22: Node.js Setup is Configured Appropriately.

The use of actions/setup-node@v4 with Node.js version 20 is correctly configured for the frontend build requirements.

---

23-27: PNPM Installation is Properly Handled.

The step installing pnpm via pnpm/action-setup@v4 and specifying version 9 is clear and should ensure consistency in dependency management.

---

33-38: Frontend Build Step is Standard and Correct.

Running both pnpm install and pnpm build in the ./frontend directory aligns with typical practices for building a Node.js frontend application.