diff --git a/.github/workflows/cd.yml b/.github/workflows/cd-dev.yml similarity index 99% rename from .github/workflows/cd.yml rename to .github/workflows/cd-dev.yml index 803db42c..969bd967 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd-dev.yml @@ -1,4 +1,4 @@ -name: deploy +name: deploy-dev on: push: diff --git a/.github/workflows/cd-prod.yml b/.github/workflows/cd-prod.yml new file mode 100644 index 00000000..f9af02d9 --- /dev/null +++ b/.github/workflows/cd-prod.yml @@ -0,0 +1,67 @@ +name: deploy-prod + +on: + push: + branches: [ main ] + +jobs: + build: + runs-on: ubuntu-20.04 + + steps: + - name: Checkout + uses: actions/checkout@v3 + + - name: Set up JDK 17 + uses: actions/setup-java@v3 + with: + java-version: 17 + distribution: 'temurin' + cache: gradle + + - name: create .env file + working-directory: ./ + run: | + pwd + touch .env + echo "${{ secrets.ENV }}" >> .env + cat .env + + - name: Create application.yml + run: | + pwd + touch src/main/resources/application.yml + echo "${{ secrets.APPLICATION_PROD_YML }}" >> src/main/resources/application.yml + cat src/main/resources/application.yml + + - name: Configure AWS credentials + uses: aws-actions/configure-aws-credentials@v1 + with: + aws-access-key-id: ${{ secrets.AWS_PROD_ACCESS_KEY }} + aws-secret-access-key: ${{ secrets.AWS_PROD_SECRET_KEY }} + aws-region: ${{ secrets.AWS_REGION }} + + - name: Create FireBase JSON file From AWS + run: | + aws s3 cp --region ap-northeast-2 s3://${{ secrets.AWS_PROD_BUCKET_NAME }}/json/smeem_fcm.json src/main/resources/smeem_fcm.json + + - name: Grant execute permission for gradlew + run: chmod +x ./gradlew + shell: bash + + - name: Build with Gradle + run: ./gradlew build + shell: bash + + - name: Make zip file + run: zip -r ./$GITHUB_SHA.zip . + shell: bash + + - name: Upload to S3 + run: aws s3 cp --region ap-northeast-2 ./$GITHUB_SHA.zip s3://${{ secrets.AWS_PROD_BUCKET_NAME }}/deploy/$GITHUB_SHA.zip + + - name: Code Deploy + run: aws deploy create-deployment --application-name smeem-codedeploy + --deployment-config-name CodeDeployDefault.AllAtOnce + --deployment-group-name prod-group + --s3-location bucket=${{ secrets.AWS_PROD_BUCKET_NAME }},bundleType=zip,key=deploy/$GITHUB_SHA.zip \ No newline at end of file diff --git a/.gitignore b/.gitignore index 1c50ffc5..4e0ae009 100644 --- a/.gitignore +++ b/.gitignore @@ -36,7 +36,10 @@ out/ ### VS Code ### .vscode/ -*.yml +application.properties +application-dev.yml +application-prod.yml +application-oauth2.yml *.properties .env smeem_fcm.json diff --git a/scripts/run_new_was.sh b/scripts/run_new_was.sh index 22b77265..3ae9af08 100644 --- a/scripts/run_new_was.sh +++ b/scripts/run_new_was.sh @@ -20,6 +20,16 @@ if [ ! -z ${TARGET_PID} ]; then sudo kill ${TARGET_PID} fi -nohup java -jar -Dserver.port=${TARGET_PORT} -Dspring.profiles.active=dev /home/ubuntu/smeme/build/libs/server-0.0.1-SNAPSHOT.jar > /dev/null 2> /dev/null < /dev/null & -echo "> Now new WAS runs at ${TARGET_PORT}." +if [ "$DEPLOYMENT_GROUP_NAME" == "prod-group" ] +then + nohup java -jar -Dserver.port=${TARGET_PORT} -Dspring.profiles.active=prod /home/ubuntu/smeme/build/libs/server-0.0.1-SNAPSHOT.jar > /dev/null 2> /dev/null < /dev/null & + echo "> Now new WAS runs at ${TARGET_PORT}." +fi + +if [ "$DEPLOYMENT_GROUP_NAME" == "smeme-group" ] +then + nohup java -jar -Dserver.port=${TARGET_PORT} -Dspring.profiles.active=dev /home/ubuntu/smeme/build/libs/server-0.0.1-SNAPSHOT.jar > /dev/null 2> /dev/null < /dev/null & + echo "> Now new WAS runs at ${TARGET_PORT}." +fi + exit 0 \ No newline at end of file diff --git a/src/main/java/com/smeme/server/config/SecurityConfig.java b/src/main/java/com/smeme/server/config/SecurityConfig.java index 01e73bda..c9fb00b3 100644 --- a/src/main/java/com/smeme/server/config/SecurityConfig.java +++ b/src/main/java/com/smeme/server/config/SecurityConfig.java @@ -21,7 +21,7 @@ public class SecurityConfig { private final JwtAuthenticationFilter jwtAuthenticationFilter; private final CustomJwtAuthenticationEntryPoint customJwtAuthenticationEntryPoint; - private static final String[] AUTH_WHITELIST = { + private static final String[] AUTH_WHITELIST_DEV = { "/api/v2/auth", "/api/v2/test", "/api/beta/token", @@ -38,8 +38,19 @@ public class SecurityConfig { "/api/v2/goals/{type}" }; + private static final String[] AUTH_WHITELIST_PROD = { + "/api/v2/auth", + "/api/v2/test", + "/api/beta/token", + "/error", + "/favicon.ico", + "/api/v2/members/nickname/check", + "/api/v2/goals", + "/api/v2/goals/{type}" + }; + @Bean - @Profile("!prod") + @Profile("dev") public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { return http .csrf().disable() @@ -51,7 +62,27 @@ public SecurityFilterChain filterChain(HttpSecurity http) throws Exception { .authenticationEntryPoint(customJwtAuthenticationEntryPoint) .and() .authorizeHttpRequests() - .requestMatchers(AUTH_WHITELIST).permitAll() + .requestMatchers(AUTH_WHITELIST_DEV).permitAll() + .anyRequest().authenticated() + .and() + .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class) + .build(); + } + + @Bean + @Profile("prod") + public SecurityFilterChain filterChainProd(HttpSecurity http) throws Exception { + return http + .csrf().disable() + .formLogin().disable() + .sessionManagement() + .sessionCreationPolicy(SessionCreationPolicy.STATELESS) + .and() + .exceptionHandling() + .authenticationEntryPoint(customJwtAuthenticationEntryPoint) + .and() + .authorizeHttpRequests() + .requestMatchers(AUTH_WHITELIST_PROD).permitAll() .anyRequest().authenticated() .and() .addFilterBefore(jwtAuthenticationFilter, UsernamePasswordAuthenticationFilter.class)