Skip to content

Comments

[#9] CICD: Gradle 빌드/Docker 배포 자동화를 위한 workflow.yml 추가#14

Merged
Yujin1219 merged 1 commit intodevelopfrom
cicd/#9
Dec 9, 2025
Merged

[#9] CICD: Gradle 빌드/Docker 배포 자동화를 위한 workflow.yml 추가#14
Yujin1219 merged 1 commit intodevelopfrom
cicd/#9

Conversation

@Yujin1219
Copy link
Member

@Yujin1219 Yujin1219 commented Dec 9, 2025
edited by coderabbitai bot
Loading

#️⃣ 연관된 이슈

📝 작업 내용

  • Gradle 빌드/Docker 배포 자동화를 위한 workflow.yml 추가

📌 공유 사항

✅ 체크리스트

  • Reviewer에 팀원들을 선택 했나요?
  • Assignees에 본인을 선택 했나요?
  • Merge 하려는 브랜치가 올바르게 설정되어 있나요?
  • 컨벤션을 지키고 있나요?
  • 로컬에서 실행했을 때 에러가 발생하지 않나요?
  • 불필요한 주석이 제거되었나요?
  • 코드 스타일이 일관적인가요?

스크린샷 (선택)

💬 리뷰 요구사항 (선택)

ex) 메서드 XXX의 이름을 더 잘 짓고 싶은데 혹시 좋은 명칭이 있을까요? or 변경 사항 등

Summary by CodeRabbit

릴리스 노트

  • Chores
    • GitHub Actions 기반 자동화된 CI/CD 파이프라인 도입
    • develop 브랜치로의 푸시 및 풀 리퀘스트 시 자동 빌드 및 배포 수행
    • 개발 서버로의 자동 배포 프로세스 구현으로 배포 효율성 향상

✏️ Tip: You can customize this high-level summary in your review settings.

@Yujin1219 Yujin1219 self-assigned this Dec 9, 2025
@Yujin1219 Yujin1219 added the 👷 ci/cd CI/CD 관련 label Dec 9, 2025
@Yujin1219 Yujin1219 linked an issue Dec 9, 2025 that may be closed by this pull request
👷 CI/CD: CICD 구축 #9
Closed
1 task
@Yujin1219 Yujin1219 merged commit 86d402b into develop Dec 9, 2025
2 checks passed
@Yujin1219 Yujin1219 deleted the cicd/#9 branch December 9, 2025 10:01
@coderabbitai
Copy link

coderabbitai bot commented Dec 9, 2025
edited
Loading

Walkthrough

새로운 GitHub Actions CI/CD 워크플로우를 도입합니다. 워크플로우는 수동 실행, develop 브랜치 푸시 및 풀 리퀘스트로 트리거되며, Gradle을 이용한 빌드, Docker 이미지 생성 및 푸시, SSH를 통한 개발 서버 배포를 포함합니다.

Changes

Cohort / File(s) Change Summary
GitHub Actions CI/CD 워크플로우
\.github/workflows/workflow\.yml		 새로운 CI/CD 워크플로우 파일 생성. TripTalk 프로젝트의 Gradle 빌드, Docker 이미지 생성 및 레지스트리 푸시, develop 브랜치 배포 시 SSH를 통한 개발 서버 배포를 수행하는 작업 정의

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Title check ✅ Passed PR 제목은 GitHub Actions workflow.yml 파일 추가를 통한 Gradle 빌드 및 Docker 배포 자동화라는 변경사항의 핵심을 명확하게 설명하고 있습니다.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
Description check ✅ Passed PR 설명이 필요한 섹션들을 대부분 포함하고 있으며, 관련 이슈(#9)와 작업 내용(workflow.yml 추가)이 명확하게 기술되어 있습니다.
✨ Finishing touches
  • 📝 Generate docstrings
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch cicd/#9

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

coderabbitai[bot]
coderabbitai bot reviewed Dec 9, 2025
View reviewed changes
Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 3

🧹 Nitpick comments (1)
.github/workflows/workflow.yml (1)

73-86: 배포 후 상태 확인 단계를 추가하세요

Docker 컨테이너가 성공적으로 시작되었는지 검증하는 단계가 없습니다. 배포 후 헬스 체크나 기본 연결 테스트를 추가하면 배포 실패를 더 빠르게 감지할 수 있습니다.

            # 컨테이너 재시작
            docker-compose -f docker-compose.yml up -d --remove-orphans

+           # 컨테이너 상태 확인
+           sleep 5
+           docker-compose -f docker-compose.yml ps

            # 사용하지 않는 이미지 삭제
            docker image prune -f
📜 Review details

Configuration used: CodeRabbit UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between a7ce655 and 55d76d3.

📒 Files selected for processing (1)
  • .github/workflows/workflow.yml (1 hunks)
🔇 Additional comments (1)
.github/workflows/workflow.yml (1)

64-86: Verify docker-compose.yml configuration consistency

The deployment script references ${{ secrets.DOCKER_USERNAME }}/triptalk-spring:latest but without access to the docker-compose.yml file, the consistency between the workflow's image name and the compose file's service configuration cannot be validated. Ensure the image name and service configuration in docker-compose.yml match the deployment parameters.

.github/workflows/workflow.yml
Comment on lines +41 to +47
# 4. application.yml 생성
- name: Make application.yml from Secret
run: |
mkdir -p ./src/main/resources
echo "${{ secrets.APPLICATION_DEV_YML_BASE64 }}" | base64 --decode > ./src/main/resources/application.yml
echo "=== [DEBUG] application.yml ==="
cat ./src/main/resources/application.yml
Copy link

@coderabbitai coderabbitai bot Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🔴 Critical

⚠️ application.yml을 로그에 노출하고 있습니다 - 민감한 정보가 유출될 위험

설정 파일의 전체 내용을 워크플로우 로그에 출력하면 데이터베이스 비밀번호, API 키, 토큰 등 민감한 정보가 노출됩니다. GitHub 로그는 기본적으로 공개되므로 보안 위험이 매우 높습니다.

디버그 출력(46-47줄)을 제거해야 합니다.

  - name: Make application.yml from Secret
    run: |
      mkdir -p ./src/main/resources
      echo "${{ secrets.APPLICATION_DEV_YML_BASE64 }}" | base64 --decode > ./src/main/resources/application.yml
-     echo "=== [DEBUG] application.yml ==="
-     cat ./src/main/resources/application.yml
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# 4. application.yml 생성
- name: Make application.yml from Secret
run: |
mkdir -p ./src/main/resources
echo "${{ secrets.APPLICATION_DEV_YML_BASE64 }}" | base64 --decode > ./src/main/resources/application.yml
echo "=== [DEBUG] application.yml ==="
cat ./src/main/resources/application.yml
# 4. application.yml 생성
- name: Make application.yml from Secret
run: |
mkdir -p ./src/main/resources
echo "${{ secrets.APPLICATION_DEV_YML_BASE64 }}" | base64 --decode > ./src/main/resources/application.yml
🤖 Prompt for AI Agents 
.github/workflows/workflow.yml around lines 41 to 47: the workflow currently
writes application.yml from a base64 secret and then prints its full contents to
the log (lines 46-47), exposing sensitive credentials; remove the debug/print
steps that output the file contents (the echo "=== [DEBUG] application.yml ==="
and the cat command) so the secret is not logged, and if you need to verify
creation retain only non-sensitive checks (e.g., test file existence or size)
without printing file content.

.github/workflows/workflow.yml
Comment on lines +58 to +62
- name: Docker Build & Push
run: |
docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
docker build -t ${{ secrets.DOCKER_USERNAME }}/triptalk-spring:latest .
docker push ${{ secrets.DOCKER_USERNAME }}/triptalk-spring:latest
Copy link

@coderabbitai coderabbitai bot Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

⚠️ Potential issue | 🟠 Major

Docker 로그인 시 보안 모범 사례를 따르세요

현재 방식은 docker login 커맨드에 비밀번호를 직접 전달하고 있어 쉘 히스토리와 로그에 노출될 수 있습니다. 공식 Docker GitHub Actions를 사용하면 자격증명이 안전하게 처리됩니다.

      # 7. Docker Build & Push
-     - name: Docker Build & Push
-       run: |
-         docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
-         docker build -t ${{ secrets.DOCKER_USERNAME }}/triptalk-spring:latest .
-         docker push ${{ secrets.DOCKER_USERNAME }}/triptalk-spring:latest
+     - name: Log in to Docker Hub
+       uses: docker/login-action@v3
+       with:
+         username: ${{ secrets.DOCKER_USERNAME }}
+         password: ${{ secrets.DOCKER_PASSWORD }}
+
+     - name: Build and push Docker image
+       uses: docker/build-push-action@v5
+       with:
+         push: true
+         tags: ${{ secrets.DOCKER_USERNAME }}/triptalk-spring:latest
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
- name: Docker Build & Push
run: |
docker login -u ${{ secrets.DOCKER_USERNAME }} -p ${{ secrets.DOCKER_PASSWORD }}
docker build -t ${{ secrets.DOCKER_USERNAME }}/triptalk-spring:latest .
docker push ${{ secrets.DOCKER_USERNAME }}/triptalk-spring:latest
- name: Log in to Docker Hub
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Build and push Docker image
uses: docker/build-push-action@v5
with:
push: true
tags: ${{ secrets.DOCKER_USERNAME }}/triptalk-spring:latest
🤖 Prompt for AI Agents 
.github/workflows/workflow.yml around lines 58-62: current step runs `docker
login` with the password on the command line which can leak credentials; replace
the manual login with the official GitHub Action (docker/login-action) to
authenticate using secrets, then either use docker/build-push-action to build
and push in a single step or remove the manual `docker login` before calling
`docker build`/`docker push`; update the job to call - uses:
docker/login-action@v2 with with: username: ${{ secrets.DOCKER_USERNAME }} and
password: ${{ secrets.DOCKER_PASSWORD }} (and switch to uses:
docker/build-push-action@v4 with appropriate with: context, push: true, tags:
...) so credentials are handled securely and not exposed in logs.

.github/workflows/workflow.yml
Comment on lines +88 to +101
# 9. 현재 시간 출력
current-time:
needs: CI-CD
runs-on: ubuntu-latest
steps:
- name: Get Current Time
uses: 1466587594/get-current-time@v2
id: current-time
with:
format: YYYY-MM-DDTHH:mm:ss
utcOffset: "+09:00"

- name: Print Current Time
run: echo "Current Time=${{steps.current-time.outputs.formattedTime}}"
Copy link

@coderabbitai coderabbitai bot Dec 9, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

🛠️ Refactor suggestion | 🟠 Major

불필요한 작업을 제거하세요

current-time 작업은 워크플로우 실행 후 현재 시간을 출력하는 것만 하며, 실제 CI/CD 파이프라인에 기능적 가치를 제공하지 않습니다. 또한 외부 액션에 대한 불필요한 의존성을 추가합니다. 이 작업을 제거하는 것이 좋습니다.

      - name: Print Current Time
        run: echo "Current Time=${{steps.current-time.outputs.formattedTime}}"
-
- # 9. 현재 시간 출력
- current-time:
-   needs: CI-CD
-   runs-on: ubuntu-latest
-   steps:
-     - name: Get Current Time
-       uses: 1466587594/get-current-time@v2
-       id: current-time
-       with:
-         format: YYYY-MM-DDTHH:mm:ss
-         utcOffset: "+09:00"
-
-     - name: Print Current Time
-       run: echo "Current Time=${{steps.current-time.outputs.formattedTime}}"
📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change
# 9. 현재 시간 출력
current-time:
needs: CI-CD
runs-on: ubuntu-latest
steps:
- name: Get Current Time
uses: 1466587594/get-current-time@v2
id: current-time
with:
format: YYYY-MM-DDTHH:mm:ss
utcOffset: "+09:00"
- name: Print Current Time
run: echo "Current Time=${{steps.current-time.outputs.formattedTime}}"
# Other jobs...
🤖 Prompt for AI Agents 
.github/workflows/workflow.yml around lines 88 to 101: the reviewer says the
"current-time" job is unnecessary and adds an external dependency; remove the
entire "current-time" job block (including its steps) from the workflow and
ensure no other jobs list it in their "needs" arrays or depend on its outputs;
if any job references needs: current-time or uses outputs from that job, update
those jobs to remove that dependency or replace the dependency with the correct
one so the workflow DAG remains valid.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@coderabbitai coderabbitai[bot] coderabbitai[bot] left review comments

Assignees

@Yujin1219 Yujin1219

Labels

👷 ci/cd CI/CD 관련

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

👷 CI/CD: CICD 구축

1 participant

@Yujin1219