Skip to content

Commit

Permalink
[BSVR-256] 환경변수 관리를 위한 AWS Secret Manger 도입 - V2 (#187)
Browse files Browse the repository at this point in the history 
* build: secret manager 관련 의존성 추가

* feat: secret manager spring config 설정

* chore: gitignore 업데이트

* feat: yml 파일들에 secret manager 적용

* ci: github actions 파일 업데이트
  • Loading branch information
@pminsung12
pminsung12 authored Sep 9, 2024
1 parent 6c57eeb commit c024ffd
Show file tree
Hide file tree
Showing 14 changed files with 49 additions and 65 deletions.
31 changes: 7 additions & 24 deletions .github/workflows/dev-build-and-deploy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -24,6 +24,13 @@ jobs:
java-version: "17"
distribution: "corretto"

- name: Configure AWS credentials
uses: aws-actions/configure-aws-credentials@v1
with:
aws-access-key-id: ${{ secrets.AWS_S3_ACCESS_KEY }}
aws-secret-access-key: ${{ secrets.AWS_S3_SECRET_KEY }}
aws-region: ap-northeast-2

- name: Cache Gradle
uses: actions/cache@v3
with:
Expand Down Expand Up @@ -113,34 +120,10 @@ jobs:
-e SPRING_PROFILES_ACTIVE=dev \
-e SPRING_SERVLET_MULTIPART_MAX-FILE-SIZE=30MB \
-e SPRING_SERVLET_MULTIPART_MAX-REQUEST-SIZE=30MB \
-e AWS_REDIS_HOST=${{ secrets.DEV_REDIS_HOST }} \
-e AWS_REDIS_PORT=${{ secrets.DEV_REDIS_PORT }} \
-e SPRING_DATASOURCE_URL=${{ secrets.DEV_DB_URL }} \
-e SPRING_DATASOURCE_USERNAME=${{ secrets.DEV_DB_USERNAME }} \
-e SPRING_DATASOURCE_PASSWORD=${{ secrets.DEV_DB_PASSWORD }} \
-e SPRING_JWT_SECRET=${{ secrets.JWT_SECRET }} \
-e OAUTH_CLIENTID=${{ secrets.KAKAO_CLIENT_ID }} \
-e OAUTH_KAUTHTOKENURLHOST=${{ secrets.KAUTH_TOKEN_URL_HOST }} \
-e OAUTH_KAUTHUSERURLHOST=${{ secrets.KAUTH_USER_URL_HOST }} \
-e OAUTH_KAKAOCLIENTID=${{ secrets.OAUTH_KAKAOCLIENTID }} \
-e OAUTH_KAKAOAUTHTOKENURLHOST=${{ secrets.KAKAOAUTHTOKENURLHOST }} \
-e OAUTH_KAKAOAUTHUSERURLHOST=${{ secrets.KAKAOAUTHUSERURLHOST }} \
-e OAUTH_KAKAOREDIRECTURL=${{ secrets.KAKAOREDIRECTURL }} \
-e OAUTH_GOOGLECLIENTID=${{ secrets.GOOGLECLIENTID }} \
-e OAUTH_GOOGLECLIENTSECRET=${{ secrets.GOOGLECLIENTSECRET }} \
-e OAUTH_GOOGLEREDIRECTURL=${{ secrets.GOOGLEREDIRECTURL }} \
-e OAUTH_GOOGLEAUTHTOKENURLHOST=${{ secrets.GOOGLEAUTHTOKENURLHOST }} \
-e OAUTH_GOOGLEUSERURLHOST=${{ secrets.GOOGLEUSERURLHOST }} \
-e SPRING_JPA_HIBERNATE_DDL_AUTO=validate \
-e AWS_S3_ACCESS_KEY=${{ secrets.AWS_S3_ACCESS_KEY }} \
-e AWS_S3_SECRET_KEY=${{ secrets.AWS_S3_SECRET_KEY }} \
-e AWS_S3_BUCKET_NAME=${{ secrets.DEV_AWS_S3_BUCKET_NAME }} \
-e AWS_S3_BASICPROFILEIMAGEURL=${{ secrets.BASICPROFILEIMAGEURL }} \
-e TZ=Asia/Seoul \
-e SENTRY_DSN=${{ secrets.SENTRY_DSN }} \
-e SENTRY_ENABLE_TRACING=true \
-e SENTRY_ENVIRONMENT=prod \
-e LOKI_URL=${{ secrets.LOKI_SERVER_URL }} \
${{ secrets.DOCKERHUB_USERNAME }}/spot-server:dev-${{ github.sha }}
docker system prune -af
Expand Down
24 changes: 0 additions & 24 deletions .github/workflows/manual-prod-deploy.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -50,33 +50,9 @@ jobs:
-e SPRING_PROFILES_ACTIVE=prod \
-e SPRING_SERVLET_MULTIPART_MAX-FILE-SIZE=30MB \
-e SPRING_SERVLET_MULTIPART_MAX-REQUEST-SIZE=30MB \
-e AWS_REDIS_HOST=${{ secrets.PROD_REDIS_HOST }} \
-e AWS_REDIS_PORT=${{ secrets.PROD_REDIS_PORT }} \
-e SPRING_DATASOURCE_URL=${{ secrets.PROD_DB_URL }} \
-e SPRING_DATASOURCE_USERNAME=${{ secrets.PROD_DB_USERNAME }} \
-e SPRING_DATASOURCE_PASSWORD=${{ secrets.PROD_DB_PASSWORD }} \
-e SPRING_JWT_SECRET=${{ secrets.JWT_SECRET }} \
-e KAKAO_CLIENT_ID=${{ secrets.KAKAO_CLIENT_ID }} \
-e OAUTH_KAUTHTOKENURLHOST=${{ secrets.KAUTH_TOKEN_URL_HOST }} \
-e OAUTH_KAUTHUSERURLHOST=${{ secrets.KAUTH_USER_URL_HOST }} \
-e OAUTH_KAKAOCLIENTID=${{ secrets.OAUTH_KAKAOCLIENTID }} \
-e OAUTH_KAKAOAUTHTOKENURLHOST=${{ secrets.KAKAOAUTHTOKENURLHOST }} \
-e OAUTH_KAKAOAUTHUSERURLHOST=${{ secrets.KAKAOAUTHUSERURLHOST }} \
-e OAUTH_KAKAOREDIRECTURL=${{ secrets.KAKAOREDIRECTURL }} \
-e OAUTH_GOOGLECLIENTID=${{ secrets.GOOGLECLIENTID }} \
-e OAUTH_GOOGLECLIENTSECRET=${{ secrets.GOOGLECLIENTSECRET }} \
-e OAUTH_GOOGLEREDIRECTURL=${{ secrets.GOOGLEREDIRECTURL }} \
-e OAUTH_GOOGLEAUTHTOKENURLHOST=${{ secrets.GOOGLEAUTHTOKENURLHOST }} \
-e OAUTH_GOOGLEUSERURLHOST=${{ secrets.GOOGLEUSERURLHOST }} \
-e SPRING_JPA_HIBERNATE_DDL_AUTO=validate \
-e AWS_S3_ACCESS_KEY=${{ secrets.AWS_S3_ACCESS_KEY }} \
-e AWS_S3_SECRET_KEY=${{ secrets.AWS_S3_SECRET_KEY }} \
-e AWS_S3_BUCKET_NAME=${{ secrets.PROD_AWS_S3_BUCKET_NAME }} \
-e AWS_S3_BASICPROFILEIMAGEURL=${{ secrets.BASICPROFILEIMAGEURL }} \
-e TZ=Asia/Seoul \
-e SENTRY_DSN=${{ secrets.SENTRY_DSN }} \
-e SENTRY_ENABLE_TRACING=true \
-e SENTRY_ENVIRONMENT=prod \
-e LOKI_URL=${{ secrets.LOKI_SERVER_URL }} \
${{ secrets.DOCKERHUB_USERNAME }}/spot-server:prod-${{ github.event.inputs.tag }}
docker system prune -af
8 changes: 0 additions & 8 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -384,13 +384,5 @@ gradle-app.setting

.env

*.application-jwt.yml
*.application-monitoring.yml
application-jwt.yml
application-oauth.yml
application-sentry.yml
application-aws.yaml
application-mixpanel.yaml

# 민성 레디스 바이너리 파일
redis-server-7.2.3-mac-arm64
7 changes: 1 addition & 6 deletions application/.gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -39,9 +39,4 @@ bin/
.vscode/

### Mac OS ###
.DS_Store

*.application-jwt.yml

### loki ###
**/application-monitoring.yml
.DS_Store
3 changes: 3 additions & 0 deletions application/src/main/resources/application-jwt.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,3 @@
spring:
jwt:
secret: ${JWT_SECRET}
2 changes: 2 additions & 0 deletions application/src/main/resources/application-monitoring.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
loki:
url: ${LOKI_URL}
10 changes: 10 additions & 0 deletions application/src/main/resources/application-oauth.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,10 @@
oauth:
kakaoClientId: ${KAKAO_CLIENT_ID}
kakaoAuthTokenUrlHost: ${KAKAO_AUTH_TOKEN_URL_HOST}
kakaoAuthUserUrlHost: ${KAKAO_AUTH_USER_URL_HOST}
kakaoRedirectUrl: ${KAKAO_REDIRECT_URL}
googleClientId: ${GOOGLE_CLIENT_ID}
googleClientSecret: ${GOOGLE_CLIENT_SECRET}
googleRedirectUrl: ${GOOGLE_REDIRECT_URL}
googleAuthTokenUrlHost: ${GOOGLE_AUTH_TOKEN_URL_HOST}
googleUserUrlHost: ${GOOGLE_AUTH_USER_URL_HOST}
2 changes: 2 additions & 0 deletions application/src/main/resources/application-sentry.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
sentry:
dsn: ${SENTRY_DSN}
5 changes: 5 additions & 0 deletions application/src/main/resources/application.yaml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -56,19 +56,24 @@ management:
web:
exposure:
include: "*"


---
spring:
config:
import: 'aws-secretsmanager:spot-local-secrets'
activate:
on-profile: local
---
spring:
config:
import: 'aws-secretsmanager:spot-dev-secrets'
activate:
on-profile: dev
---
spring:
config:
import: 'aws-secretsmanager:spot-prod-secrets'
activate:
on-profile: prod

Expand Down
3 changes: 3 additions & 0 deletions build.gradle.kts
View file
Original file line number Diff line number Diff line change
Expand Up @@ -43,6 +43,9 @@ subprojects {
testImplementation("org.springframework.boot:spring-boot-starter-test:_")
testImplementation(platform("org.junit:junit-bom:_"))
testImplementation("org.junit.jupiter:junit-jupiter")

// secret manager
implementation("io.awspring.cloud:spring-cloud-starter-aws-secrets-manager-config:_")
}

// 코드 포맷터 spotless
Expand Down
9 changes: 9 additions & 0 deletions infrastructure/src/main/resources/application-aws.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,9 @@
aws:
s3:
accessKey: ${AWS_ACCESS_KEY}
secretKey: ${AWS_SECRET_KEY}
bucketName: ${S3_BUCKET_NAME}
basicProfileImageUrl: ${S3_BASIC_PROFILE_IMAGE_URL}
redis:
host: ${REDIS_HOST}
port: ${REDIS_PORT}
6 changes: 3 additions & 3 deletions infrastructure/src/main/resources/application-jpa.yaml
View file
Original file line number Diff line number Diff line change
@@ -1,8 +1,8 @@
spring:
datasource:
url: jdbc:mysql://localhost:3306/spot
username: test1234
password: test1234
url: ${DB_URL}
username: ${DB_USERNAME}
password: ${DB_PASSWORD}
driver-class-name: com.mysql.cj.jdbc.Driver

jpa:
Expand Down
2 changes: 2 additions & 0 deletions infrastructure/src/main/resources/application-mixpanel.yaml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,2 @@
mixpanel:
token: ${MIXPANEL_TOKEN}
2 changes: 2 additions & 0 deletions versions.properties
View file
Original file line number Diff line number Diff line change
Expand Up @@ -70,3 +70,5 @@ version.org.testcontainers..junit-jupiter=1.20.1
version.org.testcontainers..mysql=1.20.1

version.org.testcontainers..jdbc=1.20.1

version.io.awspring.cloud..spring-cloud-starter-aws-secrets-manager-config=2.4.4

0 comments on commit c024ffd

Please sign in to comment.