백엔드 릴리즈 워크플로우 분리 및 자동화

.github/workflows/backend-cd.yml

@@ -1,90 +1,74 @@
-name: ✨ Linkiving backend CD ✨
-
-on:
-  workflow_dispatch:
-  pull_request:
-    types: [ closed ]
-    branches:
-      - main
-
-jobs:
-  backend-docker-build-and-push:
-    if: ${{ github.event_name == 'workflow_dispatch' || github.event_name == 'pull_request' }}
-    runs-on: ubuntu-latest
-
-    steps:
-      - name: ✨ Checkout repository
-        uses: actions/checkout@v3
-
-      - name: ✨ JDK 17 설정
-        uses: actions/setup-java@v3
-        with:
-          java-version: '17'
-          distribution: 'temurin'
-
-      - name: ✨ Gradle Caching
-        uses: actions/cache@v3
-        with:
-          path: |
-            ~/.gradle/caches
-            ~/.gradle/wrapper
-          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
-          restore-keys: |
-            ${{ runner.os }}-gradle-
-
-      - name: 🗂️ Make config
-        run: |
-          # src/main/resources 경로 이동
-          mkdir -p ./src/main/resources
-          cd ./src/main/resources
-
-          # yml 파일 생성
-
-          touch ./application.yml
-          echo "$APPLICATION" > ./application.yml
-
-        env:
-          APPLICATION: ${{ secrets.APPLICATION }}
-        shell: bash
-
-      - name: ✨ Gradlew 권한 설정
-        run: chmod +x ./gradlew
-
-      - name: ✨ Jar 파일 빌드
-        run: |
-          ./gradlew bootJar
-
-      - name: ✨ DockerHub에 로그인
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKER_HUB_USERNAME }}
-          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
-
-      - name: ✨ Docker Image 빌드 후 DockerHub에 Push
-        uses: docker/build-push-action@v4
-        with:
-          context: .
-          file: ./docker/Dockerfile
-          push: true
-          platforms: linux/amd64
-          tags: ${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.DOCKER_HUB_REPOSITORY }}:latest
-
-  backend-docker-pull-and-run:
-    runs-on: [ self-hosted, prod ]
-    needs: [ backend-docker-build-and-push ]
-    if: ${{ needs.backend-docker-build-and-push.result == 'success' && (github.event_name == 'workflow_dispatch' || github.event.pull_request.merged == true) }}
-
-    steps:
-      - name: ✨ Checkout repository
-        uses: actions/checkout@v5
-
-      - name: 🗂️ Grafana 환경변수 설정
-        run: |
-          echo "GRAFANA_ADMIN_USER=admin" > ./docker/.env
-          echo "GRAFANA_ADMIN_PASSWORD=${{ secrets.GRAFANA_ADMIN_PASSWORD }}" >> ./docker/.env
-        shell: bash
-
-      - name: ✨ 배포 스크립트 실행
-        run: |
-          chmod +x deploy.sh
-          ./deploy.sh
+name: ✨ Linkiving backend local bundle CD ✨
+
+on:
+  workflow_dispatch:
+  push:
+    branches:
+      - main
+  pull_request:
+    branches:
+      - main
+
+permissions:
+  contents: read
+
+concurrency:
+  group: backend-local-bundle-${{ github.event.pull_request.number || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  build-local-bundle:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: ✨ Checkout repository
+        uses: actions/checkout@v5
+
+      - name: ✨ JDK 17 설정
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: ✨ Gradle caching
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.gradle/caches
+            ~/.gradle/wrapper
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
+          restore-keys: |
+            ${{ runner.os }}-gradle-
+
+      - name: 🗂️ Create local application profile
+        shell: bash
+        env:
+          APPLICATION_LOCAL: ${{ secrets.APPLICATION_LOCAL }}
+        run: |
+          mkdir -p ./src/main/resources
+          printf '%s\n' "$APPLICATION_LOCAL" > ./src/main/resources/application-local.yml
+
+          grep -q '^spring:' ./src/main/resources/application-local.yml
+          grep -q '^security:' ./src/main/resources/application-local.yml
+          grep -q '^app:' ./src/main/resources/application-local.yml
+
+      - name: ✨ Executable permissions
+        run: chmod +x ./gradlew ./scripts/prepare-local-bundle.sh
+
+      - name: ✨ Jar 파일 빌드
+        run: ./gradlew bootJar
+
+      - name: 🐳 Build local Docker bundle
+        env:
+          BUNDLE_VERSION: ${{ github.event_name == 'pull_request' && format('pr-{0}-{1}', github.event.pull_request.number, github.sha) || format('main-{0}', github.sha) }}
+          IMAGE_TAG: linkiving-local:${{ github.sha }}
+        run: ./scripts/prepare-local-bundle.sh
+
+      - name: 📦 Upload local bundle artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: linkiving-core-local-bundle-${{ github.run_number }}
+          path: |
+            dist/*.zip
+            dist/*.sha256
+          retention-days: 14

.github/workflows/release.yml

@@ -0,0 +1,95 @@
+name: 🚀 Linkiving backend release deploy 🚀
+
+on:
+  push:
+    tags:
+      - 'v*'
+
+permissions:
+  contents: write
+
+concurrency:
+  group: backend-release-${{ github.ref }}
+  cancel-in-progress: false
+
+jobs:
+  backend-docker-build-and-push:
+    runs-on: ubuntu-latest
+
+    steps:
+      - name: ✨ Checkout repository
+        uses: actions/checkout@v5
+
+      - name: ✨ JDK 17 설정
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+
+      - name: ✨ Gradle caching
+        uses: actions/cache@v4
+        with:
+          path: |
+            ~/.gradle/caches
+            ~/.gradle/wrapper
+          key: ${{ runner.os }}-gradle-${{ hashFiles('**/*.gradle*', '**/gradle-wrapper.properties') }}
+          restore-keys: |
+            ${{ runner.os }}-gradle-
+
+      - name: 🗂️ Make production config
+        shell: bash
+        env:
+          APPLICATION: ${{ secrets.APPLICATION }}
+        run: |
+          mkdir -p ./src/main/resources
+          printf '%s' "$APPLICATION" > ./src/main/resources/application.yml
+
+      - name: ✨ Gradlew 권한 설정
+        run: chmod +x ./gradlew
+
+      - name: ✨ Jar 파일 빌드
+        run: ./gradlew bootJar
+
+      - name: ✨ DockerHub에 로그인
+        uses: docker/login-action@v3
+        with:
+          username: ${{ secrets.DOCKER_HUB_USERNAME }}
+          password: ${{ secrets.DOCKER_HUB_PASSWORD }}
+
+      - name: ✨ Docker image 빌드 후 DockerHub에 push
+        uses: docker/build-push-action@v6
+        with:
+          context: .
+          file: ./docker/Dockerfile
+          push: true
+          platforms: linux/amd64
+          tags: |
+            ${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.DOCKER_HUB_REPOSITORY }}:${{ github.ref_name }}
+            ${{ secrets.DOCKER_HUB_USERNAME }}/${{ secrets.DOCKER_HUB_REPOSITORY }}:latest
+
+  backend-docker-pull-and-run:
+    runs-on: [ self-hosted, prod ]
+    needs: [ backend-docker-build-and-push ]
+    if: ${{ needs.backend-docker-build-and-push.result == 'success' }}
+
+    steps:
+      - name: ✨ Checkout repository
+        uses: actions/checkout@v5
+
+      - name: ✨ 배포 스크립트 실행
+        env:
+          IMAGE_TAG: ${{ github.ref_name }}
+        run: |
+          chmod +x deploy.sh
+          ./deploy.sh
+
+  create-release:
+    runs-on: ubuntu-latest
+    needs: [ backend-docker-pull-and-run ]
+    if: ${{ needs.backend-docker-pull-and-run.result == 'success' }}
+
+    steps:
+      - name: 📝 Create GitHub release
+        uses: softprops/action-gh-release@v2
+        with:
+          generate_release_notes: true

.gitignore

@@ -37,4 +37,5 @@ out/
 *.yml
 !docker/prometheus.yml
 !docker/grafana/**/*.yml
+!docker/local-bundle/*.yml
 .editorconfig

deploy.sh

@@ -11,7 +11,11 @@ REPO_ROOT="${SCRIPT_DIR}"
 COMPOSE_FILE="${REPO_ROOT}/docker/docker-compose.yml"
 
 PROJECT="linkiving-core"
-COMPOSE="sudo docker compose -p ${PROJECT} -f ${COMPOSE_FILE}"
+DEPLOY_IMAGE_TAG="${IMAGE_TAG:-latest}"
+
+compose() {
+    sudo IMAGE_TAG="${DEPLOY_IMAGE_TAG}" docker compose -p "${PROJECT}" -f "${COMPOSE_FILE}" "$@"
+}
 
 # compose 파일 존재 확인
 if [ ! -f "${COMPOSE_FILE}" ]; then
@@ -23,9 +27,10 @@ fi
 
 echo "✅ Using compose file: ${COMPOSE_FILE}"
 echo "✅ Using project name: ${PROJECT}"
+echo "✅ Using image tag: ${DEPLOY_IMAGE_TAG}"
 
 echo "이미지 업데이트 중..."
-if ! ${COMPOSE} pull; then
+if ! compose pull; then
     echo "❌ Docker 이미지 pull 실패! GitHub Actions 빌드를 확인해주세요."
     echo "❌ 배포를 중단합니다."
     exit 1
@@ -34,7 +39,7 @@ echo "✅ 새로운 이미지가 성공적으로 pull되었습니다."
 
 # Prometheus & Grafana 실행 (설정 변경 시 자동 반영)
 echo "모니터링 서비스 시작 중..."
-${COMPOSE} up -d prometheus grafana
+compose up -d prometheus grafana
 echo "✅ Prometheus & Grafana가 시작되었습니다."
 
 echo "사용하지 않는 이미지 정리 중..."
@@ -45,14 +50,14 @@ EXIST_BLUE=$(sudo docker ps --filter "name=blue" --filter "status=running" -q)
 
 if [ -z "$EXIST_BLUE" ]; then
     echo "BLUE 컨테이너 실행"
-    ${COMPOSE} up -d blue
+    compose up -d blue
     BEFORE_COLOR="green"
     AFTER_COLOR="blue"
     BEFORE_PORT=8081
     AFTER_PORT=8080
 else
     echo "GREEN 컨테이너 실행"
-    ${COMPOSE} up -d green
+    compose up -d green
     BEFORE_COLOR="blue"
     AFTER_COLOR="green"
     BEFORE_PORT=8080
@@ -87,13 +92,13 @@ done
 # 헬스체크 실패 시 롤백
 if [ $HEALTH_CHECK_COUNT -eq $MAX_RETRY ]; then
     echo "❌ 서버가 정상적으로 구동되지 않았습니다. 롤백을 시작합니다."
-    ${COMPOSE} stop ${AFTER_COLOR}
-    ${COMPOSE} rm -f ${AFTER_COLOR}
+    compose stop "${AFTER_COLOR}"
+    compose rm -f "${AFTER_COLOR}"
 
     # 이전 컨테이너가 있다면 다시 시작
     if [ "${BEFORE_COLOR}" != "" ]; then
         echo "이전 ${BEFORE_COLOR} 컨테이너를 다시 시작합니다."
-        ${COMPOSE} up -d ${BEFORE_COLOR}
+        compose up -d "${BEFORE_COLOR}"
     fi
 
     echo "❌ 배포 실패 - 롤백 완료"
@@ -142,8 +147,8 @@ if [ "${BEFORE_COLOR}" != "" ]; then
     echo "이전 컨테이너 종료 전 30초 대기..."
     sleep 30
 
-    ${COMPOSE} stop ${BEFORE_COLOR} 2>/dev/null || true
-    ${COMPOSE} rm -f ${BEFORE_COLOR} 2>/dev/null || true
+    compose stop "${BEFORE_COLOR}" 2>/dev/null || true
+    compose rm -f "${BEFORE_COLOR}" 2>/dev/null || true
     echo "✅ 이전 ${BEFORE_COLOR} 컨테이너가 종료되었습니다."
 fi