pfplay · JeekLee · Mar 20, 2026 · Mar 21, 2026 · Mar 21, 2026 · Mar 21, 2026
diff --git a/.github/workflows/build-and-deploy.yml b/.github/workflows/build-and-deploy.yml
@@ -0,0 +1,126 @@
+name: Release - Code Deploy with Github Actions (WIF & IAP Version)
+
+on:
+#  push:
+#    tags:
+#      - 'v*'
+  push:
+    branches: [ main ]  # 버전 관리 적용 전 임의로 0.0.0 버전으로 생성 및 적용
+
+env:
+  PROJECT_ID: ${{ secrets.GCP_PROJECT_ID }}
+  IMAGE_NAME: pfplay-api
+  GCE_INSTANCE: pfplay-api
+  GCE_ZONE: asia-northeast3-a
+
+jobs:
+  deploy:
+    name: Build, Dockerize & Deploy
+    runs-on: ubuntu-latest
+    permissions:
+      contents: write   # GitHub Release 생성
+      packages: write   # GHCR 이미지 push
+      id-token: write   # WIF 인증
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Extract release version from tag
+        run: echo "RELEASE_VERSION=0.0.0" >> $GITHUB_ENV
+#        run: echo "RELEASE_VERSION=${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV
+
+      # --- [빌드] ---
+      - name: Set up JDK
+        uses: actions/setup-java@v4
+        with:
+          java-version: '17'
+          distribution: 'temurin'
+          cache: 'gradle'
+
+      - name: Build with Gradle
+        run: chmod +x ./gradlew && ./gradlew :app:build -x test
+
+      # --- [릴리스 생성] ---
+#      - name: Create GitHub Release
+#        uses: softprops/action-gh-release@v2
+#        with:
+#          tag_name: ${{ env.RELEASE_VERSION }}
+#          name: Release ${{ env.RELEASE_VERSION }}
+#          generate_release_notes: true
+
+      # --- [도커화 및 GHCR 업로드] ---
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v3
+
+      - name: Login to GitHub Container Registry
+        uses: docker/login-action@v3
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Build and Push image
+        uses: docker/build-push-action@v5
+        with:
+          context: .
+          file: ./app/Dockerfile
+          push: true
+          tags: |
+            ghcr.io/pfplay/${{ env.IMAGE_NAME }}:latest
+            ghcr.io/pfplay/${{ env.IMAGE_NAME }}:${{ env.RELEASE_VERSION }}
+          cache-from: type=gha
+          cache-to: type=gha,mode=max
+
+      # --- [GCP 인증] ---
+      - name: Authenticate to Google Cloud
+        id: auth
+        uses: google-github-actions/auth@v2
+        with:
+          workload_identity_provider: ${{ secrets.WIF_PROVIDER }}
+          service_account: ${{ secrets.WIF_SERVICE_ACCOUNT }}
+
+      - name: Set up Cloud SDK
+        uses: google-github-actions/setup-gcloud@v2
+
+      # --- [환경변수 파일 생성 및 전송] ---
+      - name: Generate .env file
+        run: echo "${{ secrets.DOT_ENV }}" > pfplay.env
+
+      - name: Copy .env to VM
+        run: |
+          gcloud compute scp pfplay.env ${{ env.GCE_INSTANCE }}:/tmp/pfplay.env \
+            --zone=${{ env.GCE_ZONE }} \
+            --tunnel-through-iap \
+            --project=${{ env.PROJECT_ID }}
+
+      # --- [IAP 배포] ---
+      - name: Check SSH username
+        run: |
+          gcloud compute ssh ${{ env.GCE_INSTANCE }} \
+            --zone=${{ env.GCE_ZONE }} \
+            --tunnel-through-iap \
+            --project=${{ env.PROJECT_ID }} \
+            --command="whoami"
+
+      - name: Deploy to VM via IAP Tunnel
+        run: |
+          gcloud compute ssh ${{ env.GCE_INSTANCE }} \
+            --zone=${{ env.GCE_ZONE }} \
+            --tunnel-through-iap \
+            --project=${{ env.PROJECT_ID }} \
+            --command="
+              echo '${{ secrets.PACKAGE_ACCESS_TOKEN }}' | docker login ghcr.io -u JeekLee --password-stdin &&
+              docker pull ghcr.io/pfplay/${{ env.IMAGE_NAME }}:latest &&
+              docker stop pfplay-api 2>/dev/null || true &&
+              docker rm pfplay-api 2>/dev/null || true &&
+              mv /tmp/pfplay.env ~/pfplay.env && chmod 600 ~/pfplay.env &&
+              docker run -d \
+                --name pfplay-api \
+                --network api_backend \
+                --env-file ~/pfplay.env \
+                -p 8080:8080 \
+                --restart unless-stopped \
+                ghcr.io/pfplay/${{ env.IMAGE_NAME }}:latest &&
+              docker image prune -f
+            "
diff --git a/.github/workflows/config/release-draft-config.yml b/.github/workflows/config/release-draft-config.yml
diff --git a/.github/workflows/release-code-deploy.yml b/.github/workflows/release-code-deploy.yml
diff --git a/.github/workflows/release-draft.yml b/.github/workflows/release-draft.yml
diff --git a/app/.gitignore b/app/.gitignore
@@ -36,7 +36,4 @@ out/
 ### VS Code ###
 .vscode/
 
-/src/test/resources/key/**
-api/src/main/resources/**
-
 *.env
diff --git a/app/Dockerfile b/app/Dockerfile
@@ -1,26 +1,4 @@
-#FROM eclipse-temurin:17-jdk-alpine as build
-##FROM --platform=linux/amd64 eclipse-temurin:17-jdk-alpine as build
-#WORKDIR /opt/pfplay
-#COPY . /opt/pfplay
-#RUN --mount=type=cache,target=/root/.gradle ./gradlew clean build -x test --no-daemon
-##RUN ./gradlew clean build -x test --refresh-dependencies
-#RUN mkdir -p build/dependency && (cd build/dependency; jar -xf ../libs/*-SNAPSHOT.jar)
-#
-#FROM eclipse-temurin:17-jre-alpine
-#WORKDIR /opt/api
-#ARG JAR_FILE=/opt/pfplay/build/libs/*.jar
-#ENV JAR_NAME=pfplay-api-v1.jar
-#COPY --from=build ${JAR_FILE} ${JAR_NAME}
-#ENTRYPOINT ["sh", "-c", "java -jar ${JAR_NAME}"]
-FROM eclipse-temurin:17-jdk-alpine as build
-
-ARG SPRING_PROFILES_ACTIVE
-ENV SPRING_PROFILES_ACTIVE=${SPRING_PROFILES_ACTIVE}
-RUN echo ${SPRING_PROFILES_ACTIVE}
-
-WORKDIR /opt/pfplay
-COPY . .
-RUN ./gradlew clean build -x test --refresh-dependencies
-#ENTRYPOINT ["sh", "-c", "java -jar ./build/libs/*-SNAPSHOT.jar"]
-ENTRYPOINT ["sh", "-c", "java -jar -Dspring.profiles.active=$SPRING_PROFILES_ACTIVE ./build/libs/*-SNAPSHOT.jar"]
-
+FROM eclipse-temurin:17-jre-alpine
+WORKDIR /opt/api
+COPY app/build/libs/*.jar app.jar
+ENTRYPOINT ["java", "-jar", "app.jar"]
diff --git a/app/Dockerfile-deploy b/app/Dockerfile-deploy
diff --git a/app/src/main/resources/application.yml b/app/src/main/resources/application.yml
@@ -36,8 +36,8 @@ spring:
 
   data:
     redis:
-      host: localhost
-      port: 6379
+      host: ${REDIS_HOST:localhost}
+      port: ${REDIS_PORT:6379}
       repositories:
         enabled: false
 

diff --git a/app/src/main/resources/key/private_key.pem b/app/src/main/resources/key/private_key.pem
diff --git a/app/src/main/resources/key/public_key.pem b/app/src/main/resources/key/public_key.pem