infra: CI/CD, dockerfile 리팩토링

kimeunkyoungg · web-flow · commit 74e0264b7ee0 · 2026-01-24T00:04:25.000+09:00
* refactor: ci 수정

* refactor: cd 환경변수 위쪽으로 재배치

* refactor: doppler 설정 리팩토링

* refactor: doppler 설정 리ã팩토링
diff --git a/.github/workflows/backend-ci.yml b/.github/workflows/backend-ci.yml
@@ -446,35 +446,35 @@ jobs:
             echo "skipped=0" >> $GITHUB_OUTPUT
           fi
 
-  docker-build-and-push:
-    runs-on: ubuntu-latest
-    needs: backend-test   # 테스트/커버리지 성공 후에만 실행
-    if: github.event_name == 'push' && github.ref == 'refs/heads/main'
-
-    defaults:
-      run:
-        working-directory: backend   # Dockerfile 있는 곳
-
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Log in to Docker Hub
-        uses: docker/login-action@v3
-        with:
-          username: ${{ secrets.DOCKERHUB_USERNAME }}
-          password: ${{ secrets.DOCKERHUB_TOKEN }}
-
-      - name: Build and Push Docker Image
-        run: |
-          IMAGE_NAME="min7712/waitfair-backend"
-
-          TIMESTAMP=$(date +%Y%m%d-%H%M%S)
-          SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7)
-
-          # backend/ 가 컨텍스트, 그 안의 Dockerfile 사용
-          docker build -t $IMAGE_NAME:latest \
-                       -t $IMAGE_NAME:${TIMESTAMP}-${SHORT_SHA} .
-
-          docker push $IMAGE_NAME:latest
-          docker push $IMAGE_NAME:${TIMESTAMP}-${SHORT_SHA}
+  # docker-build-and-push:
+  #   runs-on: ubuntu-latest
+  #   needs: backend-test   # 테스트/커버리지 성공 후에만 실행
+  #   if: github.event_name == 'push' && github.ref == 'refs/heads/main'
+
+  #   defaults:
+  #     run:
+  #       working-directory: backend   # Dockerfile 있는 곳
+
+  #   steps:
+  #     - name: Checkout
+  #       uses: actions/checkout@v4
+
+  #     - name: Log in to Docker Hub
+  #       uses: docker/login-action@v3
+  #       with:
+  #         username: ${{ secrets.DOCKERHUB_USERNAME }}
+  #         password: ${{ secrets.DOCKERHUB_TOKEN }}
+
+  #     - name: Build and Push Docker Image
+  #       run: |
+  #         IMAGE_NAME="min7712/waitfair-backend"
+
+  #         TIMESTAMP=$(date +%Y%m%d-%H%M%S)
+  #         SHORT_SHA=$(echo ${{ github.sha }} | cut -c1-7)
+
+  #         # backend/ 가 컨텍스트, 그 안의 Dockerfile 사용
+  #         docker build -t $IMAGE_NAME:latest \
+  #                      -t $IMAGE_NAME:${TIMESTAMP}-${SHORT_SHA} .
+
+  #         docker push $IMAGE_NAME:latest
+  #         docker push $IMAGE_NAME:${TIMESTAMP}-${SHORT_SHA}
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -1,6 +1,12 @@
 name: deploy
 env:
   IMAGE_NAME: waitfair
+  REGISTRY: ghcr.io
+  AWS_REGION: ${{ secrets.AWS_REGION }}
+  AWS_ACCESS_KEY_ID: ${{ secrets.AWS_ACCESS_KEY_ID }}
+  AWS_SECRET_ACCESS_KEY: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+  PERSONAL_ACCESS_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+  DOPPLER_TOKEN: ${{ secrets.DOPPLER_TOKEN }}
 
 on:
   push:
@@ -28,12 +34,12 @@ jobs:
         id: create_tag
         uses: mathieudutour/github-tag-action@v6.2
         with:
-          github_token: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+          github_token: ${{ env.PERSONAL_ACCESS_TOKEN }}
       - name: Create Release
         id: create_release
         uses: actions/create-release@v1
         env:
-          GITHUB_TOKEN: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+          GITHUB_TOKEN: ${{ env.PERSONAL_ACCESS_TOKEN }}
         with:
           tag_name: ${{ steps.create_tag.outputs.new_tag }}
           release_name: Release ${{ steps.create_tag.outputs.new_tag }}
@@ -60,9 +66,9 @@ jobs:
       - name: 레지스트리 로그인
         uses: docker/login-action@v2
         with:
-          registry: ghcr.io
+          registry: ${{ env.REGISTRY }}
           username: ${{ github.actor }}
-          password: ${{ secrets.PERSONAL_ACCESS_TOKEN }}
+          password: ${{ env.PERSONAL_ACCESS_TOKEN }}
 
       - name: set lower case owner name
         id: export_owner
@@ -79,8 +85,6 @@ jobs:
         with:
           context: ./backend
           push: true
-          build-args: |
-            DOPPLER_TOKEN=${{ secrets.DOPPLER_TOKEN }}
           cache-from: type=registry,ref=ghcr.io/${{ steps.export_owner.outputs.owner_lc }}/${{ steps.export_image.outputs.image_name }}:cache
           cache-to: type=registry,ref=ghcr.io/${{ steps.export_owner.outputs.owner_lc }}/${{ steps.export_image.outputs.image_name }}:cache,mode=max
           tags: |
@@ -94,9 +98,9 @@ jobs:
     steps:
       - uses: aws-actions/configure-aws-credentials@v4
         with:
-          aws-region: ${{ secrets.AWS_REGION }}
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ env.AWS_REGION }}
+          aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
 
       - name: 인스턴스 ID 가져오기
         id: get_instance_id
@@ -109,9 +113,9 @@ jobs:
         uses: peterkimzz/aws-ssm-send-command@master
         id: ssm
         with:
-          aws-region: ${{ secrets.AWS_REGION }}
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
+          aws-region: ${{ env.AWS_REGION }}
+          aws-access-key-id: ${{ env.AWS_ACCESS_KEY_ID }}
+          aws-secret-access-key: ${{ env.AWS_SECRET_ACCESS_KEY }}
           instance-ids: ${{ env.INSTANCE_ID }}
           working-directory: /
           comment: Deploy
@@ -135,7 +139,7 @@ jobs:
             docker run -d \
               --name $STANDBY \
               --network common \
-              -e DOPPLER_TOKEN=${{ secrets.DOPPLER_TOKEN }} \
+              -e DOPPLER_TOKEN=${{ env.DOPPLER_TOKEN }} \
               $IMAGE
             
             # Health Check
diff --git a/backend/Dockerfile b/backend/Dockerfile
@@ -21,16 +21,17 @@ RUN ./gradlew bootJar --no-daemon -x test
 FROM eclipse-temurin:21-jre
 WORKDIR /app
 
-# Doppler CLI 설치
-RUN apt-get update && apt-get install -y apt-transport-https ca-certificates curl gnupg && \
+# Doppler CLI 설치 & 캐시 정리
+RUN apt-get update && \
+    apt-get install -y apt-transport-https ca-certificates curl gnupg && \
     curl -sLf --retry 3 --tlsv1.2 --proto "=https" 'https://packages.doppler.com/public/cli/gpg.DE2A7741A397C129.key' | gpg --dearmor -o /usr/share/keyrings/doppler-archive-keyring.gpg && \
     echo "deb [signed-by=/usr/share/keyrings/doppler-archive-keyring.gpg] https://packages.doppler.com/public/cli/deb/debian any-version main" | tee /etc/apt/sources.list.d/doppler-cli.list && \
     apt-get update && \
-    apt-get -y install doppler
+    apt-get -y install doppler && \
+    apt-get clean && \
+    rm -rf /var/lib/apt/lists/*
 
-# Build argument로 Doppler 토큰 받기
-ARG DOPPLER_TOKEN
-ENV DOPPLER_TOKEN=$DOPPLER_TOKEN
+# Build argument로 프로젝트 환경 설정
 ENV DOPPLER_PROJECT=waitfair
 ENV DOPPLER_CONFIG=prd
 
@@ -39,4 +40,4 @@ COPY --from=builder /app/build/libs/*.jar app.jar
 
 EXPOSE 8080
 
-ENTRYPOINT ["/bin/sh", "-c", "doppler secrets download --project waitfair --config prd --format env --no-file > /tmp/.env && set -a && . /tmp/.env && exec java -Duser.timezone=Asia/Seoul -jar -Dspring.profiles.active=prod app.jar"]
+ENTRYPOINT ["doppler", "run", "--", "java", "-Duser.timezone=Asia/Seoul", "-jar", "app.jar", "--spring.profiles.active=prod"]
