Location-based-target-authentication
diff --git a/‎.github/workflows/gradle.yml‎
Lines changed: 199 additions & 56 deletions b/‎.github/workflows/gradle.yml‎
Lines changed: 199 additions & 56 deletions
@@ -1,65 +1,208 @@
-name: Deploy to cloudtype
+# This workflow uses actions that are not certified by GitHub.
+# They are provided by a third-party and are governed by
+# separate terms of service, privacy policy, and support
+# documentation.
+# This workflow will build a Java project with Gradle and cache/restore any dependencies to improve the workflow execution time
+# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-java-with-gradle
+
+name: Java CI/CD with Gradle
+
 on:
   push:
-    branches:
-      - main
+    branches: [ "main" ]
+  pull_request:
+    branches: [ "main" ]
+
 permissions:
   contents: read
-  packages: write
+  id-token: write
 
 jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@v4
+    
+    - name: Set up JDK 17
+      uses: actions/setup-java@v4
+      with:
+        java-version: '17'
+        distribution: 'temurin'
+
+    # Gradle 권한 설정 추가
+    - name: Grant execute permission for gradlew
+      run: chmod +x gradlew
+
+    - name: Build with Gradle
+      working-directory: ./Location-based-target-authentication
+      run: |
+        chmod +x ./gradlew
+        ./gradlew bootJar --info --stacktrace
+
+    - name: Upload JAR
+      uses: actions/upload-artifact@v4
+      with:
+        name: app
+        path: ./Location-based-target-authentication/build/libs/*.jar
+        if-no-files-found: error
+
   deploy:
+    needs: build
     runs-on: ubuntu-latest
-    permissions:
-      contents: read
-      packages: write
+    
     steps:
-      - name: Checkout
-        uses: actions/checkout@v2
-      - name: Connect deploy key
-        uses: cloudtype-github-actions/connect@v1
-        with:
-          token: ${{ secrets.CLOUDTYPE_TOKEN }}
-          repo: be
-      - name: Deploy
-        uses: cloudtype-github-actions/deploy@v1
-        with:
-          token: ${{ secrets.CLOUDTYPE_TOKEN }}
-          project: be
-          stage: main
-          yaml: |
-            name: willgo
-            app: dockerfile
-              env:
-                - name: GOOGLE_CLIENT_ID
-                  value: ${{ secrets.GOOGLE_CLIENT_ID }}
-                - name: GOOGLE_CLIENT_SECRET
-                  value: ${{ secrets.GOOGLE_CLIENT_SECRET }}
-                - name: JWT_SECRET_KEY
-                  value: ${{ secrets.JWT_SECRET_KEY }}
-                - name: KAKAO_API_KEY
-                  value: ${{ secrets.KAKAO_API_KEY }}
-                - name: KAKAO_CLIENT_ID
-                  value: ${{ secrets.KAKAO_CLIENT_ID }}
-                - name: KAKAO_CLIENT_SECRET
-                  value: ${{ secrets.KAKAO_CLIENT_SECRET }}
-                - name: MAIL_HOST
-                  value: ${{ secrets.MAIL_HOST }}
-                - name: MAIL_PASSWORD
-                  value: ${{ secrets.MAIL_PASSWORD }}
-                - name: MAIL_PORT
-                  value: ${{ secrets.MAIL_PORT }}
-                - name: MAIL_USERNAME
-                  value: ${{ secrets.MAIL_USERNAME }}
-                - name: SERVER_IP
-                  value: ${{ secrets.SERVER_IP }}
-                - name: SERVER_USER
-                  value: ${{ secrets.SERVER_USER }}
-                - name: SSH_PRIVATE_KEY
-                  value: ${{ secrets.SSH_PRIVATE_KEY }}
-              buildenv: []
-            context:
-              git:
-                url: git@github.com:Location-based-target-authentication/BE.git
-                ref: main
-              preset: java-springboot
+    - uses: actions/download-artifact@v4
+      with:
+        name: app
+
+    # SSH 키 설정
+    - name: Setup SSH
+      run: |
+        mkdir -p ~/.ssh
+        echo "${{ secrets.SSH_PRIVATE_KEY }}" > ~/.ssh/deploy_key
+        chmod 700 ~/.ssh
+        chmod 600 ~/.ssh/deploy_key
+        eval $(ssh-agent -s)
+        ssh-add ~/.ssh/deploy_key
+        ssh-keyscan -H ${{ secrets.SERVER_IP }} >> ~/.ssh/known_hosts
+
+    # SSH 연결 테스트
+    - name: Test SSH connection
+      run: |
+        ssh -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_IP }} 'echo "Connection test successful"'
+
+    # JAR 파일 전송
+    - name: Copy JAR to Server
+      run: |
+        ls -la
+        scp -i ~/.ssh/deploy_key -o StrictHostKeyChecking=no *.jar ${{ secrets.SERVER_USER }}@${{ secrets.SERVER_IP }}:/home/${{ secrets.SERVER_USER }}/
+
+    # 서버에서 JAR 실행
+    - name: Execute JAR
+      uses: appleboy/ssh-action@v1.0.0
+      with:
+        host: ${{ secrets.SERVER_IP }}
+        username: ${{ secrets.SERVER_USER }}
+        key: ${{ secrets.SSH_PRIVATE_KEY }}
+        script: |
+          cd /home/${{ secrets.SERVER_USER }}
+          sudo tee /etc/systemd/system/willgo.service << EOF
+          [Unit]
+          Description=Willgo Backend Application
+          After=network.target
+
+          [Service]
+          Type=simple
+          User=root
+          WorkingDirectory=/home/${{ secrets.SERVER_USER }}
+          
+          # JWT 설정
+          Environment=JWT_SECRET_KEY=${{ secrets.JWT_SECRET_KEY }}
+          Environment=JWT_ACCESS_TOKEN_EXPIRATION=600000
+          Environment=JWT_REFRESH_TOKEN_EXPIRATION=604800000
+          
+          # 카카오 설정
+          Environment=KAKAO_API_KEY=${{ secrets.KAKAO_API_KEY }}
+          Environment=KAKAO_CLIENT_ID=${{ secrets.KAKAO_CLIENT_ID }}
+          Environment=KAKAO_CLIENT_SECRET=${{ secrets.KAKAO_CLIENT_SECRET }}
+          Environment=KAKAO_REDIRECT_URI=https://175.45.203.57:8443/api/v1/auth/kakao/callback
+          
+          # 구글 설정
+          Environment=GOOGLE_CLIENT_ID=${{ secrets.GOOGLE_CLIENT_ID }}
+          Environment=GOOGLE_CLIENT_SECRET=${{ secrets.GOOGLE_CLIENT_SECRET }}
+          Environment=GOOGLE_REDIRECT_URI=https://175.45.203.57:8443/api/v1/auth/google/callback
+          
+          # 메일 설정
+          Environment=MAIL_HOST=${{ secrets.MAIL_HOST }}
+          Environment=MAIL_PORT=${{ secrets.MAIL_PORT }}
+          Environment=MAIL_USERNAME=${{ secrets.MAIL_USERNAME }}
+          Environment=MAIL_PASSWORD=${{ secrets.MAIL_PASSWORD }}
+          
+          # Tomcat 설정
+          Environment=TOMCAT_CONNECTOR_PROTOCOL=org.apache.coyote.http11.Http11NioProtocol
+          Environment=TOMCAT_CONNECTOR_MAX_CONNECTIONS=10000
+          Environment=TOMCAT_CONNECTOR_ACCEPT_COUNT=100
+          Environment=TOMCAT_CONNECTOR_CONNECTION_TIMEOUT=20000
+          Environment=TOMCAT_CONNECTOR_MAX_KEEP_ALIVE_REQUESTS=1
+          Environment=TOMCAT_CONNECTOR_KEEP_ALIVE_TIMEOUT=1
+
+          ExecStart=/usr/bin/java -jar Location-based-target-authentication-0.0.1-SNAPSHOT.jar \
+            --spring.profiles.active=secret \
+            --logging.level.com.swyp.global.security=DEBUG \
+            --logging.level.org.springframework.web=DEBUG \
+            --logging.level.org.springframework.web.cors=TRACE \
+            --spring.config.location=classpath:/application.properties \
+            --server.tomcat.remoteip.remote-ip-header=x-forwarded-for \
+            --server.tomcat.remoteip.protocol-header=x-forwarded-proto \
+            --server.tomcat.redirect-context-root=false \
+            --server.tomcat.use-relative-redirects=true \
+            --server.forward-headers-strategy=native \
+            --server.tomcat.max-http-form-post-size=10MB \
+            --server.tomcat.max-swallow-size=20MB \
+            -Dspring.security.oauth2.client.registration.google.client-id=${GOOGLE_CLIENT_ID} \
+            -Dspring.security.oauth2.client.registration.google.client-secret=${GOOGLE_CLIENT_SECRET} \
+            -Dspring.security.oauth2.client.registration.google.redirect-uri=${GOOGLE_REDIRECT_URI} \
+            -Dgoogle.redirect.url=${GOOGLE_REDIRECT_URI} \
+            -Dgoogle.client.id=${GOOGLE_CLIENT_ID} \
+            -Dgoogle.client.secret=${GOOGLE_CLIENT_SECRET} \
+            -Dkakao.client.id=${KAKAO_CLIENT_ID} \
+            -Dkakao.client.secret=${KAKAO_CLIENT_SECRET} \
+            -Dkakao.redirect.url=${KAKAO_REDIRECT_URI} \
+            -Dspring.security.oauth2.client.registration.google.scope=profile,email \
+            -Dspring.security.oauth2.client.registration.google.client-name=Google \
+            -Dspring.security.oauth2.client.registration.google.authorization-grant-type=authorization_code \
+            -Dspring.security.oauth2.client.provider.google.authorization-uri=https://accounts.google.com/o/oauth2/v2/auth \
+            -Dspring.security.oauth2.client.provider.google.token-uri=https://oauth2.googleapis.com/token \
+            -Dspring.security.oauth2.client.provider.google.user-info-uri=https://www.googleapis.com/oauth2/v3/userinfo \
+            -Dspring.security.oauth2.client.provider.google.user-name-attribute=sub \
+            -Dspring.security.oauth2.client.registration.kakao.client-id=${KAKAO_CLIENT_ID} \
+            -Dspring.security.oauth2.client.registration.kakao.client-secret=${KAKAO_CLIENT_SECRET} \
+            -Dspring.security.oauth2.client.registration.kakao.redirect-uri=${KAKAO_REDIRECT_URI} \
+            -Dspring.security.oauth2.client.registration.kakao.client-name=Kakao \
+            -Dspring.security.oauth2.client.registration.kakao.authorization-grant-type=authorization_code \
+            -Dspring.security.oauth2.client.registration.kakao.client-authentication-method=client_secret_post \
+            -Dspring.security.oauth2.client.registration.kakao.scope=profile_nickname,profile_image,account_email \
+            -Dspring.security.oauth2.client.provider.kakao.authorization-uri=https://kauth.kakao.com/oauth/authorize \
+            -Dspring.security.oauth2.client.provider.kakao.token-uri=https://kauth.kakao.com/oauth/token \
+            -Dspring.security.oauth2.client.provider.kakao.user-info-uri=https://kapi.kakao.com/v2/user/me \
+            -Dspring.security.oauth2.client.provider.kakao.user-name-attribute=id \
+            -DMAIL_HOST=${MAIL_HOST} \
+            -DMAIL_PORT=${MAIL_PORT} \
+            -DMAIL_USERNAME=${MAIL_USERNAME} \
+            -DMAIL_PASSWORD=${MAIL_PASSWORD} \
+            -Dmail.transport.protocol=smtp \
+            -Dmail.smtp.auth=true \
+            -Dmail.smtp.starttls.enable=true \
+            -Dmail.smtp.timeout=5000 \
+            -Dmail.smtp.connectiontimeout=5000 \
+            -Dmail.smtp.writetimeout=5000 \
+            -Dmail.smtp.ssl.trust=smtp.gmail.com \
+            -Dmail.smtp.ssl.protocols=TLSv1.2 \
+            -Dmail.smtp.socketFactory.class=javax.net.ssl.SSLSocketFactory \
+            -Dmail.smtp.socketFactory.fallback=false \
+            -Dmail.smtp.socketFactory.port=587 \
+            -Dmail.debug=true \
+            -Dcors.allowed-origins=https://locationcheckgo.netlify.app,https://localhost:8443,https://175.45.203.57:8443 \
+            -Dserver.tomcat.additional-tld-skip-patterns=*.jar \
+            -Dserver.tomcat.relaxed-query-chars=|,{,},[,],^,`,<,> \
+            -Dserver.tomcat.relaxed-path-chars=|,{,},[,],^,`,<,> \
+            -Dserver.tomcat.connector.protocol=${TOMCAT_CONNECTOR_PROTOCOL} \
+            -Dserver.tomcat.max-connections=${TOMCAT_CONNECTOR_MAX_CONNECTIONS} \
+            -Dserver.tomcat.accept-count=${TOMCAT_CONNECTOR_ACCEPT_COUNT} \
+            -Dserver.tomcat.connection-timeout=${TOMCAT_CONNECTOR_CONNECTION_TIMEOUT} \
+            -Dserver.tomcat.max-keep-alive-requests=${TOMCAT_CONNECTOR_MAX_KEEP_ALIVE_REQUESTS} \
+            -Dserver.tomcat.keep-alive-timeout=${TOMCAT_CONNECTOR_KEEP_ALIVE_TIMEOUT} \
+            -Dserver.tomcat.reject-illegal-header-values=false \
+            -Dserver.tomcat.uri-encoding=UTF-8
+          
+          Restart=always
+
+          [Install]
+          WantedBy=multi-user.target
+          EOF
+
+          # 서비스 시작
+          sudo systemctl daemon-reload
+          sudo systemctl restart willgo
+          sudo systemctl status willgo