FEAT: grafana 추가

[Yoonchulchung]

Summary

Grafana를 통해 서버 모니터링을 위해 build.gradle과 application.yml에 설정을 추가

Changes

• build.gradle
• src/main/application-dev.yml
• src/main/application-prod.yml

Type of Change

• Bug fix (기존 기능에 영향을 주지 않는 버그 수정)
• New feature (기존 기능에 영향을 주지 않는 새로운 기능 추가)
• Breaking change (기존 기능에 영향을 주는 수정)
• Refactoring (기능 변경 없는 코드 개선)
• Documentation (문서 수정)
• Chore (빌드, 설정 등 기타 변경)
• Release (develop → main 배포)

Related Issues

#400

[gemini-code-assist]

Summary of Changes

Hello @Yoonchulchung, I'm Gemini Code Assist¹! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed!

이 PR은 Grafana를 통한 서버 모니터링 기능을 통합하기 위해 Prometheus 메트릭을 추가합니다. 이는 필요한 의존성을 업데이트하고, 보안 설정을 조정하며, 개발 및 프로덕션 환경 YAML 파일에 메트릭 엔드포인트 노출 및 태그를 구성하는 변경 사항을 포함합니다.

Highlights

• Prometheus 의존성 추가: 서버 모니터링을 위해 io.micrometer:micrometer-registry-prometheus 의존성이 build.gradle에 추가되었습니다.
• Prometheus 엔드포인트 노출: SecurityConfig에서 /actuator/prometheus 엔드포인트에 대한 접근이 허용되었습니다.
• 애플리케이션 설정 업데이트: application-dev.yml 및 application-prod.yml 파일에 management.metrics.tags.application 설정이 추가되었고, management.endpoints.web.exposure.include에 prometheus가 포함되도록 업데이트되었습니다.

Changelog

• build.gradle
  • io.micrometer:micrometer-registry-prometheus 의존성이 추가되었습니다.
• src/main/java/com/example/RealMatch/global/config/SecurityConfig.java
  • /actuator/prometheus 경로가 보안 설정에서 허용된 URL 목록에 추가되었습니다.
• src/main/resources/application-dev.yml
  • management.metrics.tags.application 설정이 추가되었고, management.endpoints.web.exposure.include에 prometheus가 포함되도록 수정되었습니다.
• src/main/resources/application-prod.yml
  • management.metrics.tags.application 설정이 추가되었고, management.endpoints.web.exposure.include에 prometheus가 포함되도록 수정되었습니다.

Activity

• 이 PR에 대한 기록된 활동은 없습니다.

Using Gemini Code Assist

The full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips.

Invoking Gemini

You can request assistance from Gemini at any point by creating a comment using either /gemini <command> or @gemini-code-assist <command>. Below is a summary of the supported commands on the current page.

Feature	Command	Description
Code Review	/gemini review	Performs a code review for the current pull request in its current state.
Pull Request Summary	/gemini summary	Provides a summary of the current pull request in its current state.
Comment	@gemini-code-assist	Responds in comments when explicitly tagged, both in pull request comments and review comments.
Help	/gemini help	Displays a list of available commands.

Customization

To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a .gemini/ folder in the base of the repository. Detailed instructions can be found here.

Limitations & Feedback

Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here.

You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension.

Footnotes

1. Review the Privacy Notices, Generative AI Prohibited Use Policy, Terms of Service, and learn how to configure Gemini Code Assist in GitHub here. Gemini can make mistakes, so double check it and use code with caution. ↩

[gemini-code-assist]

Code Review

The pull request successfully integrates Grafana monitoring by adding the Prometheus registry dependency, exposing the Prometheus endpoint, and configuring application-specific tags in application-dev.yml and application-prod.yml. However, it introduces an information disclosure vulnerability in production because the security configuration permits all access to the /actuator/prometheus endpoint, which should be restricted.

[gemini-code-assist]

The Prometheus actuator endpoint (/actuator/prometheus) is being made publicly accessible without authentication. This endpoint exposes detailed internal metrics (JVM memory, threads, HTTP statistics, etc.) which can be used by an attacker for reconnaissance. It is recommended to restrict access to this endpoint to authorized users or internal monitoring systems only.

[gemini-code-assist]

The management.metrics.tags.application property is correctly set to ${spring.application.name}. This is a good practice for consistent metric tagging across environments.

[gemini-code-assist]

The management.metrics.tags.application property is correctly set to ${spring.application.name}. This is a good practice for consistent metric tagging across environments.