feat: 디비에 데이터베이스가 없을시 자동 생성 #402
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # This workflow uses actions that are not certified by GitHub. | |
| # They are provided by a third-party and are governed by | |
| # separate terms of service, privacy policy, and support | |
| # documentation. | |
| # This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time | |
| # For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle | |
| name: Java CI/CD with Gradle | |
| on: | |
| push: | |
| branches: [ "main" ] | |
| pull_request: | |
| branches: [ "main" ] | |
| permissions: | |
| contents: read | |
| id-token: write | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - name: Set up JDK 17 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '17' | |
| distribution: 'temurin' | |
| # Gradle 권한 설정 추가 | |
| - name: Grant execute permission for gradlew | |
| run: chmod +x gradlew | |
| - name: Build with Gradle | |
| working-directory: ./Location-based-target-authentication | |
| run: | | |
| chmod +x ./gradlew | |
| ./gradlew bootJar --info --stacktrace | |
| - name: Upload JAR | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: app | |
| path: ./Location-based-target-authentication/build/libs/*.jar | |
| if-no-files-found: error | |
| deploy: | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: app | |
| # SSH 키 설정 | |
| - name: Setup SSH | |
| run: | | |
| mkdir -p ~/.ssh | |
| echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/deploy_key | |
| chmod 700 ~/.ssh | |
| chmod 600 ~/.ssh/deploy_key | |
| eval $(ssh-agent -s) | |
| ssh-add ~/.ssh/deploy_key | |
| echo "${{ secrets.SERVER_IP }} $(ssh-keyscan -t ecdsa ${{ secrets.SERVER_IP }} 2>/dev/null)" >> ~/.ssh/known_hosts | |
| ssh-keyscan -H ${{ secrets.SERVER_IP }} >> ~/.ssh/known_hosts | |
| # JAR 파일 전송 | |
| - name: Copy JAR to Server | |
| run: | | |
| ls -la | |
| scp -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no *.jar ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_IP }}:/home/${{ secrets.SERVER_USER }}/ | |
| # 서버에서 JAR 실행 | |
| - name: Execute JAR | |
| uses: appleboy/ssh-action@v1.0.0 | |
| with: | |
| host: ${{ secrets.SERVER_IP }} | |
| username: ${{ secrets.SERVER_USER }} | |
| key: ${{ secrets.SSH_PRIVATE_KEY }} | |
| script: | | |
| cd /home/${{ secrets.SERVER_USER }} | |
| # 데이터베이스 체크 및 생성 | |
| echo "데이터베이스 SWYP8 확인 및 생성 중..." | |
| # 데이터베이스 체크 스크립트 생성 | |
| cat > check_db.sh << 'EOF' | |
| #!/bin/bash | |
| # MySQL 접속 정보 | |
| MYSQL_USER="root" | |
| MYSQL_PASSWORD="rootroot" | |
| MYSQL_HOST="localhost" | |
| DB_NAME="SWYP8" | |
| # 데이터베이스 존재 여부 확인 | |
| DB_EXISTS=$(mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e "SHOW DATABASES LIKE '$DB_NAME';" 2>/dev/null | grep -c "$DB_NAME") | |
| if [ "$DB_EXISTS" -eq 0 ]; then | |
| echo "데이터베이스 $DB_NAME이 존재하지 않습니다. 생성합니다..." | |
| mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e "CREATE DATABASE $DB_NAME CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;" | |
| mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e "GRANT ALL PRIVILEGES ON $DB_NAME.* TO '$MYSQL_USER'@'%';" | |
| mysql -u$MYSQL_USER -p$MYSQL_PASSWORD -e "FLUSH PRIVILEGES;" | |
| echo "데이터베이스 $DB_NAME이 성공적으로 생성되었습니다." | |
| else | |
| echo "데이터베이스 $DB_NAME이 이미 존재합니다." | |
| fi | |
| EOF | |
| chmod +x check_db.sh | |
| sudo bash ./check_db.sh | |
| # Java에 443 포트 바인딩 권한 부여 | |
| sudo setcap 'cap_net_bind_service=+ep' /usr/lib/jvm/java-17-openjdk-amd64/bin/java | |
| # Let's Encrypt 인증서 확인 및 PKCS12 변환 | |
| if [ -d "/etc/letsencrypt/live/willgo6.duckdns.org" ]; then | |
| sudo mkdir -p /etc/ssl/willgo | |
| # Let's Encrypt 인증서를 PKCS12 형식으로 변환 | |
| sudo openssl pkcs12 -export -in /etc/letsencrypt/live/willgo6.duckdns.org/fullchain.pem \ | |
| -inkey /etc/letsencrypt/live/willgo6.duckdns.org/privkey.pem \ | |
| -out /etc/ssl/willgo/letsencrypt.p12 -name tomcat \ | |
| -CAfile /etc/letsencrypt/live/willgo6.duckdns.org/chain.pem \ | |
| -caname root -password pass:willgo86 | |
| sudo chmod 600 /etc/ssl/willgo/letsencrypt.p12 | |
| echo "Let's Encrypt 인증서가 PKCS12 형식으로 변환되었습니다." | |
| else | |
| # Let's Encrypt 인증서가 없는 경우 자체 서명 인증서 생성 | |
| sudo mkdir -p /etc/ssl/willgo | |
| sudo keytool -genkeypair -alias tomcat -keyalg RSA -keysize 2048 -storetype PKCS12 \ | |
| -keystore /etc/ssl/willgo/keystore.p12 -validity 3650 -storepass willgo86 \ | |
| -dname "CN=willgo6.duckdns.org, OU=NA, O=NA, L=NA, ST=NA, C=NA" | |
| sudo chmod 600 /etc/ssl/willgo/keystore.p12 | |
| echo "자체 서명 인증서가 생성되었습니다." | |
| fi | |
| # 인증서 갱신 후 자동 변환 스크립트 생성 | |
| sudo mkdir -p /etc/letsencrypt/renewal-hooks/post | |
| sudo tee /etc/letsencrypt/renewal-hooks/post/convert-to-pkcs12.sh << EOF | |
| #!/bin/bash | |
| # Let's Encrypt 인증서를 PKCS12 형식으로 변환 | |
| openssl pkcs12 -export -in /etc/letsencrypt/live/willgo6.duckdns.org/fullchain.pem \\ | |
| -inkey /etc/letsencrypt/live/willgo6.duckdns.org/privkey.pem \\ | |
| -out /etc/ssl/willgo/letsencrypt.p12 -name tomcat \\ | |
| -CAfile /etc/letsencrypt/live/willgo6.duckdns.org/chain.pem \\ | |
| -caname root -password pass:willgo86 | |
| # 권한 설정 | |
| chmod 600 /etc/ssl/willgo/letsencrypt.p12 | |
| # 서비스 재시작 | |
| systemctl restart willgo | |
| EOF | |
| sudo chmod +x /etc/letsencrypt/renewal-hooks/post/convert-to-pkcs12.sh | |
| # JAR 파일 권한 설정 | |
| chmod +x Location-based-target-authentication-0.0.1-SNAPSHOT.jar | |
| # 서비스 파일 생성 | |
| sudo tee /etc/systemd/system/willgo.service << EOF | |
| [Unit] | |
| Description=Willgo Backend Application | |
| After=network.target | |
| [Service] | |
| Type=simple | |
| User=root | |
| WorkingDirectory=/home/${{ secrets.SERVER_USER }} | |
| # 환경 변수 설정 | |
| Environment=JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }} | |
| Environment=JWT_ACCESS_TOKEN_EXPIRATION=600000 | |
| Environment=JWT_REFRESH_TOKEN_EXPIRATION=604800000 | |
| Environment=kakao.local.search.url=https://dapi.kakao.com/v2/local/search/keyword.json | |
| Environment=kakao.api.key=${{ secrets.KAKAO_API_KEY }} | |
| Environment=SPRING_MAIL_HOST=${{ secrets.MAIL_HOST }} | |
| Environment=SPRING_MAIL_PORT=${{ secrets.MAIL_PORT }} | |
| Environment=SPRING_MAIL_USERNAME=${{ secrets.MAIL_USERNAME }} | |
| Environment=SPRING_MAIL_PASSWORD=${{ secrets.MAIL_PASSWORD }} | |
| Environment=SERVER_PORT=443 | |
| Environment=SERVER_HTTP_PORT=8080 | |
| Environment=SERVER_ADDRESS=0.0.0.0 | |
| Environment=SPRING_PROFILES_ACTIVE=secret | |
| Environment=LOGGING_LEVEL_ROOT=INFO | |
| Environment=LOGGING_LEVEL_COM_SWYP=DEBUG | |
| Environment=LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_SECURITY=DEBUG | |
| Environment=LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_WEB=DEBUG | |
| Environment=LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_OAUTH2=DEBUG | |
| Environment=SPRINGDOC_SWAGGER_UI_PATH=/swagger-ui/index.html | |
| Environment=SPRINGDOC_API_DOCS_PATH=/v3/api-docs | |
| Environment=SPRINGDOC_SWAGGER_UI_ENABLED=true | |
| Environment=SPRINGDOC_API_DOCS_ENABLED=true | |
| # SSL 설정 - Let's Encrypt 인증서 사용 | |
| Environment=SERVER_SSL_ENABLED=true | |
| Environment=SERVER_SSL_KEY_STORE=/etc/ssl/willgo/letsencrypt.p12 | |
| Environment=SERVER_SSL_KEY_STORE_PASSWORD=willgo86 | |
| Environment=SERVER_SSL_KEY_STORE_TYPE=PKCS12 | |
| Environment=SERVER_SSL_KEY_ALIAS=tomcat | |
| Environment=SECURITY_REQUIRE_SSL=true | |
| # OAuth2 설정 | |
| Environment=SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_GOOGLE_CLIENT_ID=${{ secrets.GOOGLE_CLIENT_ID }} | |
| Environment=SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET }} | |
| Environment=SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_GOOGLE_SCOPE=profile,email | |
| Environment=SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_GOOGLE_REDIRECT_URI=https://locationcheckgo.netlify.app/auth/callback/google | |
| Environment=SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KAKAO_CLIENT_ID=${{ secrets.KAKAO_CLIENT_ID }} | |
| Environment=SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KAKAO_CLIENT_SECRET=${{ secrets.KAKAO_CLIENT_SECRET }} | |
| Environment=SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KAKAO_SCOPE=profile_nickname,account_email | |
| Environment=SPRING_SECURITY_OAUTH2_CLIENT_REGISTRATION_KAKAO_REDIRECT_URI=https://locationcheckgo.netlify.app/auth/callback/kakao | |
| ExecStart=/usr/lib/jvm/java-17-openjdk-amd64/bin/java \\ | |
| -Xms512m \\ | |
| -Xmx1024m \\ | |
| -XX:+HeapDumpOnOutOfMemoryError \\ | |
| -XX:HeapDumpPath=/home/${{ secrets.SERVER_USER }}/heapdump.hprof \\ | |
| -Dspring.output.ansi.enabled=always \\ | |
| -Dlogging.file.name=/home/${{ secrets.SERVER_USER }}/logs/willgo.log \\ | |
| -Dlogging.pattern.console='%%d{yyyy-MM-dd HH:mm:ss} [%%p] - %%m%%n' \\ | |
| -Dlogging.pattern.file='%%d{yyyy-MM-dd HH:mm:ss} [%%p] - %%m%%n' \\ | |
| -jar Location-based-target-authentication-0.0.1-SNAPSHOT.jar \\ | |
| --spring.config.import=optional:application-local.properties,optional:application-secret.properties \\ | |
| --spring.profiles.active=\${SPRING_PROFILES_ACTIVE} \\ | |
| --server.port=\${SERVER_PORT} \\ | |
| --server.http.port=\${SERVER_HTTP_PORT} \\ | |
| --server.address=\${SERVER_ADDRESS} \\ | |
| --server.ssl.enabled=\${SERVER_SSL_ENABLED} \\ | |
| --server.ssl.key-store=\${SERVER_SSL_KEY_STORE} \\ | |
| --server.ssl.key-store-password=\${SERVER_SSL_KEY_STORE_PASSWORD} \\ | |
| --server.ssl.key-store-type=\${SERVER_SSL_KEY_STORE_TYPE} \\ | |
| --server.ssl.key-alias=\${SERVER_SSL_KEY_ALIAS} \\ | |
| --security.require-ssl=\${SECURITY_REQUIRE_SSL} \\ | |
| --springdoc.swagger-ui.path=\${SPRINGDOC_SWAGGER_UI_PATH} \\ | |
| --springdoc.api-docs.path=\${SPRINGDOC_API_DOCS_PATH} \\ | |
| --springdoc.swagger-ui.enabled=\${SPRINGDOC_SWAGGER_UI_ENABLED} \\ | |
| --springdoc.api-docs.enabled=\${SPRINGDOC_API_DOCS_ENABLED} \\ | |
| --springdoc.swagger-ui.configUrl=/v3/api-docs/swagger-config \\ | |
| --springdoc.swagger-ui.url=/v3/api-docs \\ | |
| --logging.level.root=\${LOGGING_LEVEL_ROOT} \\ | |
| --logging.level.com.swyp=\${LOGGING_LEVEL_COM_SWYP} \\ | |
| --logging.level.org.springframework.security=\${LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_SECURITY} \\ | |
| --logging.level.org.springframework.web=\${LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_WEB} \\ | |
| --logging.level.org.springframework.oauth2=\${LOGGING_LEVEL_ORG_SPRINGFRAMEWORK_OAUTH2} \\ | |
| --logging.level.org.springframework.web.cors=TRACE \\ | |
| --debug=true \\ | |
| --trace=true \\ | |
| --spring.mail.host=\${SPRING_MAIL_HOST} \\ | |
| --spring.mail.port=\${SPRING_MAIL_PORT} \\ | |
| --spring.mail.username=\${SPRING_MAIL_USERNAME} \\ | |
| --spring.mail.password=\${SPRING_MAIL_PASSWORD} \\ | |
| --spring.mail.properties.mail.smtp.auth=true \\ | |
| --spring.mail.properties.mail.smtp.starttls.enable=true \\ | |
| --spring.mail.properties.mail.smtp.ssl.trust=smtp.gmail.com \\ | |
| --spring.mail.properties.mail.smtp.ssl.protocols=TLSv1.2 \\ | |
| --spring.mail.properties.mail.debug=true \\ | |
| --spring.datasource.url=jdbc:mysql://localhost:3306/SWYP8?allowPublicKeyRetrieval=true&useSSL=false&serverTimezone=UTC&characterEncoding=UTF-8&createDatabaseIfNotExist=true \\ | |
| --cors.allowed-origins=https://locationcheckgo.netlify.app,http://localhost:8080,https://willgo6.duckdns.org,http://158.180.87.205:8080 | |
| Restart=always | |
| RestartSec=10 | |
| [Install] | |
| WantedBy=multi-user.target | |
| EOF | |
| # 방화벽 설정 - 포트 개방 | |
| sudo ufw allow 443/tcp | |
| sudo ufw allow 8080/tcp | |
| # 로그 디렉토리 생성 | |
| sudo mkdir -p /home/${{ secrets.SERVER_USER }}/logs | |
| sudo chown -R ${{ secrets.SERVER_USER }}:${{ secrets.SERVER_USER }} /home/${{ secrets.SERVER_USER }}/logs | |
| # Java 버전 확인 | |
| /usr/lib/jvm/java-17-openjdk-amd64/bin/java -version | |
| # 서비스 시작 | |
| sudo systemctl daemon-reload | |
| sudo systemctl enable willgo | |
| sudo systemctl restart willgo | |
| sleep 3 | |
| sudo systemctl status willgo | |
| # 로그 확인 | |
| echo "Checking system logs..." | |
| sudo journalctl -u willgo -n 50 --no-pager |