도플러 주입 방식 변경 (#535)

Author: Chehyeon-Kim23

.github/workflows/deploy.yml

@@ -7,13 +7,18 @@ on:
     paths:
       - ".github/workflows/**"
       - "src/**"
+      - "build.gradle"
+      - "settings.gradle"
       - "build.gradle.kts"
+      - "settings.gradle.kts"
+      - "gradle/**"
+      - "gradlew"
+      - "gradlew.bat"
       - "Dockerfile"
       - "docker/**"
     branches:
       - develop
 
-# 권한 최소화/명시화
 permissions:
   contents: write
   packages: write
@@ -65,8 +70,7 @@ jobs:
       - name: set lower case owner name
         id: export_owner
         run: |
-         # OWNER_LC="${GITHUB_REPOSITORY_OWNER,,}"
-          OWNER_LC="chehyeon-kim23" # 본인 아이디를 소문자로 직접 입력
+          OWNER_LC="chehyeon-kim23"
           echo "owner_lc=$OWNER_LC" >> $GITHUB_OUTPUT
 
       - name: export image name
@@ -82,8 +86,7 @@ jobs:
           cache-to: type=registry,ref=ghcr.io/${{ steps.export_owner.outputs.owner_lc }}/${{ steps.export_image.outputs.image_name }}:cache,mode=max
           tags: |
             ghcr.io/${{ steps.export_owner.outputs.owner_lc }}/${{ steps.export_image.outputs.image_name }}:${{ needs.makeTagAndRelease.outputs.tag_name }},
-            ghcr.io/${{ steps.export_owner.outputs.owner_lc }}/${{ steps.export_image.outputs.image_name }}:latest          
-  
+            ghcr.io/${{ steps.export_owner.outputs.owner_lc }}/${{ steps.export_image.outputs.image_name }}:latest
 
   deploy:
     runs-on: ubuntu-latest
@@ -103,37 +106,43 @@ jobs:
 
       - name: AWS SSM Send-Command (Official CLI)
         run: |
-            aws ssm send-command \
-            --instance-ids "${{ env.INSTANCE_ID }}" \
-            --document-name "AWS-RunShellScript" \
-            --comment "Deploy Spring Boot with Prod Profile" \
-            --parameters '{
-              "commands": [
-                "#!/bin/bash",
-                
-                "export HOME=/root",
-                "export PATH=$PATH:/usr/local/bin",
-          
-                
-                "git config --global --add safe.directory /dockerProjects/tt-src/WEB7_9_B2ST_BE",
-                
-                "cd /dockerProjects/tt-src/WEB7_9_B2ST_BE/ || exit 1",
-                "git fetch --all",
-                "git reset --hard origin/develop",
-          
-                
-                "cd docker/",
-                "export DOPPLER_TOKEN=\"${{ secrets.DOPPLER_TOKEN }}\"",
-                "export DOPPLER_PROJECT=tt",
-                "export DOPPLER_CONFIG=prd",
-                "echo \"${{ secrets.PERSONAL_ACCESS_TOKEN }}\" | docker login ghcr.io -u ${{ github.actor }} --password-stdin 2>/dev/null",
-          
-                "doppler run --project \"$DOPPLER_PROJECT\" --config \"$DOPPLER_CONFIG\" -- docker compose pull",
-                "doppler run --project \"$DOPPLER_PROJECT\" --config \"$DOPPLER_CONFIG\" -- docker compose up -d --force-recreate",
-          
-                "docker image prune -f",
-          
-                "docker logout ghcr.io 2>/dev/null"
-              ]
-            }' \
-            --region ${{ secrets.AWS_REGION }}
+          aws ssm send-command \
+          --instance-ids "${{ env.INSTANCE_ID }}" \
+          --document-name "AWS-RunShellScript" \
+          --comment "Deploy Spring Boot (Doppler env_file injection)" \
+          --parameters '{
+            "commands": [
+              "#!/bin/bash",
+              "set -euo pipefail",
+
+              "export HOME=/root",
+              "export PATH=$PATH:/usr/local/bin",
+
+              "git config --global --add safe.directory /dockerProjects/tt-src/WEB7_9_B2ST_BE",
+
+              "cd /dockerProjects/tt-src/WEB7_9_B2ST_BE/ || exit 1",
+              "git fetch --all",
+              "git reset --hard origin/develop",
+
+              "cd docker/",
+
+              "export DOPPLER_TOKEN=\"${{ secrets.DOPPLER_TOKEN }}\"",
+              "export DOPPLER_PROJECT=tt",
+              "export DOPPLER_CONFIG=prd",
+
+              "echo \"${{ secrets.PERSONAL_ACCESS_TOKEN }}\" | docker login ghcr.io -u ${{ github.actor }} --password-stdin 2>/dev/null",
+
+              "umask 077",
+              "doppler secrets download --project \"$DOPPLER_PROJECT\" --config \"$DOPPLER_CONFIG\" --format env --no-file > doppler.env",
+              "chmod 600 doppler.env",
+
+              "docker compose --env-file doppler.env pull",
+              "docker compose --env-file doppler.env up -d --force-recreate",
+
+              "rm -f doppler.env",
+
+              "docker image prune -f",
+              "docker logout ghcr.io 2>/dev/null"
+            ]
+          }' \
+          --region ${{ secrets.AWS_REGION }}

Dockerfile

@@ -1,34 +1 @@
-# 1단계: Gradle로 Spring Boot JAR 빌드
-FROM gradle:8.10.0-jdk21 AS builder
-
-WORKDIR /app
-
-# Gradle 설정 파일 먼저 복사
-COPY build.gradle settings.gradle ./
-COPY gradle gradle
-COPY gradlew .
-RUN chmod +x gradlew
-
-# 종속성 설치 (캐시 활용)
-RUN ./gradlew dependencies --no-daemon
-
-# 소스 코드 복사
-COPY src src
-
-# 애플리케이션 빌드(테스트 제외)
-RUN ./gradlew bootJar --no-daemon -x test
-
-
-# 2단계: 실행용 이미지
-FROM eclipse-temurin:21-jre
-
-WORKDIR /app
-
-# 빌드 결과물 복사
-COPY --from=builder /app/build/libs/*.jar app.jar
-
-EXPOSE 8080
-
-# 컨테이너는 env로 주입된 값을 그대로 사용해서 실행
-# (SPRING_PROFILES_ACTIVE=prod 는 docker-compose.yml에서 이미 설정 중)
-CMD ["java", "-jar", "app.jar"]
+Doppler env 전체가 app 컨테이너에 들어가서

docker/docker-compose.yml

@@ -2,7 +2,6 @@ services:
   # ==================== PostgreSQL ====================
   postgres:
     image: postgres:16-alpine
-    # container_name: tt_postgres  # 운영에서는 제거 권장 (blue/green, preview 배포 시 충돌 방지)
     restart: always
     environment:
       POSTGRES_USER: ${POSTGRES_USER}
@@ -22,11 +21,7 @@ services:
       retries: 5
 
   # ==================== Redis Cluster ====================
-  # Redis Cluster Node 1 (Master)
-  # container_name 제거 권장: 운영 환경에서는 동일 서버의 여러 인스턴스나 blue/green 배포 시 충돌 방지
-  # 단, 로컬 개발에서는 편의를 위해 유지 가능
   redis-node-1:
-    # container_name: redis-node-1  # 운영에서는 제거 권장
     image: redis:7-alpine
     command:
       - redis-server
@@ -69,9 +64,7 @@ services:
       timeout: 5s
       retries: 5
 
-  # Redis Cluster Node 2 (Master)
   redis-node-2:
-    # container_name: redis-node-2  # 운영에서는 제거 권장
     image: redis:7-alpine
     command:
       - redis-server
@@ -114,9 +107,7 @@ services:
       timeout: 5s
       retries: 5
 
-  # Redis Cluster Node 3 (Master)
   redis-node-3:
-    # container_name: redis-node-3  # 운영에서는 제거 권장
     image: redis:7-alpine
     command:
       - redis-server
@@ -159,9 +150,7 @@ services:
       timeout: 5s
       retries: 5
 
-  # Redis Cluster Node 4 (Slave)
   redis-node-4:
-    # container_name: redis-node-4  # 운영에서는 제거 권장
     image: redis:7-alpine
     command:
       - redis-server
@@ -204,9 +193,7 @@ services:
       timeout: 5s
       retries: 5
 
-  # Redis Cluster Node 5 (Slave)
   redis-node-5:
-    # container_name: redis-node-5  # 운영에서는 제거 권장
     image: redis:7-alpine
     command:
       - redis-server
@@ -249,9 +236,7 @@ services:
       timeout: 5s
       retries: 5
 
-  # Redis Cluster Node 6 (Slave)
   redis-node-6:
-    # container_name: redis-node-6  # 운영에서는 제거 권장
     image: redis:7-alpine
     command:
       - redis-server
@@ -295,8 +280,6 @@ services:
       retries: 5
 
   # ==================== Redis Cluster 초기화 ====================
-  # Redis Cluster를 자동으로 초기화합니다 (이미 초기화되어 있으면 스킵)
-  # container_name 제거: 임시 컨테이너이므로 blue/green 배포 등에서 충돌 방지
   redis-cluster-init:
     image: redis:7-alpine
     depends_on:
@@ -319,66 +302,42 @@ services:
     command: sh /init-cluster.sh
     networks:
       - common
-    restart: "no"  # 한 번만 실행 (종료 후 재시작 안 함)
+    restart: "no"
 
   # ==================== Spring Boot Application ====================
   app:
     image: ghcr.io/chehyeon-kim23/tt_backend:latest
-    # container_name: tt_app  # 운영에서는 제거 권장 (blue/green, preview 배포 시 충돌 방지)
     restart: always
     depends_on:
       postgres:
         condition: service_healthy
       redis-cluster-init:
-        condition: service_completed_successfully  # 초기화 완료 대기
+        condition: service_completed_successfully
     ports:
       - "8080:8080"
+    networks:
+      - common
+
+    # (A) Doppler env를 컨테이너에 "통째로" 주입
+    env_file:
+      - ./doppler.env
+
+    # (B) Doppler에 안 넣었거나, compose에서 강제하고 싶은 값만 여기서 오버라이드
     environment:
       - SPRING_PROFILES_ACTIVE=prod
-      - JAVA_TOOL_OPTIONS=-Duser.timezone=Asia/Seoul
-      - APP_FRONTEND_MY_PAGE_URL=${APP_FRONTEND_MY_PAGE_URL:-https://doncrytt.vercel.app/my-page}
-      - AWS_S3_BUCKET=${AWS_S3_BUCKET}
-      - AWS_REGION=${AWS_REGION:-ap-northeast-2}
-      - POSTGRES_USER=${POSTGRES_USER}
-      - POSTGRES_PASSWORD=${POSTGRES_PASSWORD}
-      - POSTGRES_DB=${POSTGRES_DB}
       - POSTGRES_HOST=postgres
       - POSTGRES_PORT=${POSTGRES_PORT:-5432}
-      # Redis Cluster 설정 (로컬호스트 대신 컨테이너 이름 사용 가능)
-      - REDIS_PASSWORD=${REDIS_PASSWORD}
       - REDIS_MODE=cluster
       - REDIS_CLUSTER_NODES=redis-node-1:7000,redis-node-2:7001,redis-node-3:7002,redis-node-4:7003,redis-node-5:7004,redis-node-6:7005
-      # 또는 호스트 머신에서 접근하는 경우:
-      # - REDIS_CLUSTER_NODES=${REDIS_CLUSTER_NODES:-localhost:7000,localhost:7001,localhost:7002,localhost:7003,localhost:7004,localhost:7005}
-      - MAIL_HOST=${MAIL_HOST}
-      - MAIL_PORT=${MAIL_PORT}
-      - MAIL_USERNAME=${MAIL_USERNAME}
-      - MAIL_PASSWORD=${MAIL_PASSWORD}
-      - MAIL_FROM_ADDRESS=${MAIL_FROM_ADDRESS}
-      - MAIL_FROM_NAME=${MAIL_FROM_NAME}
-      - JWT_SECRET=${JWT_SECRET}
-      - JWT_ACCESS_EXPIRATION=${JWT_ACCESS_EXPIRATION}
-      - JWT_REFRESH_EXPIRATION=${JWT_REFRESH_EXPIRATION}
-      - KAKAO_CLIENT_ID=${KAKAO_CLIENT_ID}
-      - KAKAO_CLIENT_SECRET=${KAKAO_CLIENT_SECRET}
-      - KAKAO_REDIRECT_URI=${KAKAO_REDIRECT_URI}
-      - KAKAO_TOKEN_URI=${KAKAO_TOKEN_URI}
-      - KAKAO_USER_INFO_URI=${KAKAO_USER_INFO_URI}
-      - KAKAO_ISSUER=${KAKAO_ISSUER}
-      - DDL_AUTO=${DDL_AUTO}
-      - SLACK_WEBHOOK_URL=${SLACK_WEBHOOK_URL}
-    command: java -jar app.jar
-    networks:
-      - common
+
     healthcheck:
       test: [ "CMD-SHELL", "wget --quiet --tries=1 --spider http://localhost:8080/actuator/health || exit 1" ]
       interval: 30s
       timeout: 10s
       retries: 3
       start_period: 60s
-  # ==================== Monitoring Stack ====================
 
-  # Prometheus - 메트릭 수집
+  # ==================== Monitoring Stack ====================
   prometheus:
     image: prom/prometheus:v3.8.1
     restart: unless-stopped
@@ -403,7 +362,7 @@ services:
       interval: 30s
       timeout: 10s
       retries: 3
-  # Grafana - 대시보드 시각화
+
   grafana:
     image: grafana/grafana:12.3.0
     restart: unless-stopped
@@ -427,7 +386,7 @@ services:
       interval: 30s
       timeout: 10s
       retries: 3
-  # Alertmanager - 알림 관리
+
   alertmanager:
     image: prom/alertmanager:v0.30.0
     restart: unless-stopped
@@ -450,7 +409,7 @@ services:
       interval: 30s
       timeout: 10s
       retries: 3
-  # Redis Exporter - Redis 메트릭 수집
+
   redis-exporter:
     image: oliver006/redis_exporter:v1.80.1
     restart: unless-stopped
@@ -469,7 +428,7 @@ services:
       interval: 30s
       timeout: 10s
       retries: 3
-  # Postgres Exporter - PostgreSQL 메트릭 수집
+
   postgres-exporter:
     image: prometheuscommunity/postgres-exporter:v0.15.0
     restart: unless-stopped
@@ -487,6 +446,7 @@ services:
       interval: 30s
       timeout: 10s
       retries: 3
+
 networks:
   common:
     driver: bridge