wafflestudio · asp345 · Mar 14, 2026 · Feb 12, 2026 · Feb 28, 2026 · Mar 1, 2026
@@ -0,0 +1,52 @@
+name: deploy-native-template
+
+on:
+  workflow_call:
+    inputs:
+      ocir_repository:
+        required: true
+        type: string
+      dockerfile:
+        required: true
+        type: string
+        description: 'Dockerfile path (e.g., api/Dockerfile-native)'
+    secrets:
+      OCI_AUTH_TOKEN:
+        required: true
+      DEPLOYER_APP_ID:
+        required: true
+      DEPLOYER_APP_PRIVATE_KEY:
+        required: true
+
+jobs:
+  deploy:
+    name: Deploy Native
+    runs-on: ubuntu-24.04-arm
+
+    env:
+      IMAGE_TAG: ${{ github.run_number }}
+      BUILD_NUMBER: ${{ github.run_number }}
+      OCIR_REGISTRY: yny.ocir.io
+      OCIR_NAMESPACE: ax1dvc8vmenm
+      OCIR_REPOSITORY: ${{ inputs.ocir_repository }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Login to OCIR
+        run: echo "${{ secrets.OCI_AUTH_TOKEN }}" | docker login $OCIR_REGISTRY -u ax1dvc8vmenm/members/snutt-deployer --password-stdin
+
+      - name: Docker build, tag, and push image to OCIR
+        id: build-push-image
+        run: |
+          echo "${{ github.token }}" > .github_token
+          docker build \
+            --secret id=github_token,src=./.github_token \
+            -f ${{ inputs.dockerfile }} \
+            -t $OCIR_REGISTRY/$OCIR_NAMESPACE/$OCIR_REPOSITORY:$IMAGE_TAG \
+            . \
+            --platform linux/arm64
+          rm -f .github_token
+          docker push $OCIR_REGISTRY/$OCIR_NAMESPACE/$OCIR_REPOSITORY:$IMAGE_TAG
+          echo "image=$OCIR_REGISTRY/$OCIR_NAMESPACE/$OCIR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
@@ -0,0 +1,52 @@
+name: deploy-template
+
+on:
+  workflow_call:
+    inputs:
+      ocir_repository:
+        required: true
+        type: string
+      dockerfile:
+        required: true
+        type: string
+        description: 'Dockerfile path (e.g., api/Dockerfile)'
+    secrets:
+      OCI_AUTH_TOKEN:
+        required: true
+      DEPLOYER_APP_ID:
+        required: true
+      DEPLOYER_APP_PRIVATE_KEY:
+        required: true
+
+jobs:
+  deploy:
+    name: Deploy
+    runs-on: ubuntu-24.04-arm
+
+    env:
+      IMAGE_TAG: ${{ github.run_number }}
+      BUILD_NUMBER: ${{ github.run_number }}
+      OCIR_REGISTRY: yny.ocir.io
+      OCIR_NAMESPACE: ax1dvc8vmenm
+      OCIR_REPOSITORY: ${{ inputs.ocir_repository }}
+
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Login to OCIR
+        run: echo "${{ secrets.OCI_AUTH_TOKEN }}" | docker login $OCIR_REGISTRY -u ax1dvc8vmenm/members/snutt-deployer --password-stdin
+
+      - name: Docker build, tag, and push image to OCIR
+        id: build-push-image
+        run: |
+          echo "${{ github.token }}" > .github_token
+          docker build \
+            --secret id=github_token,src=./.github_token \
+            -f ${{ inputs.dockerfile }} \
+            -t $OCIR_REGISTRY/$OCIR_NAMESPACE/$OCIR_REPOSITORY:$IMAGE_TAG \
+            . \
+            --platform linux/arm64
+          rm -f .github_token
+          docker push $OCIR_REGISTRY/$OCIR_NAMESPACE/$OCIR_REPOSITORY:$IMAGE_TAG
+          echo "image=$OCIR_REGISTRY/$OCIR_NAMESPACE/$OCIR_REPOSITORY:$IMAGE_TAG" >> $GITHUB_OUTPUT
@@ -0,0 +1,26 @@
+name: Deploy-dev-native
+
+on:
+  push:
+    branches: [ develop ]
+
+jobs:
+  deploy-api:
+    uses: ./.github/workflows/_deploy-native.yml
+    with:
+      ocir_repository: snutt-dev/snutt-ev
+      dockerfile: api/Dockerfile-native
+    secrets:
+      OCI_AUTH_TOKEN: ${{ secrets.OCI_AUTH_TOKEN }}
+      DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
+      DEPLOYER_APP_PRIVATE_KEY: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }}
+
+  deploy-batch:
+    uses: ./.github/workflows/_deploy-native.yml
+    with:
+      ocir_repository: snutt-dev/snutt-ev-batch
+      dockerfile: batch/Dockerfile-native
+    secrets:
+      OCI_AUTH_TOKEN: ${{ secrets.OCI_AUTH_TOKEN }}
+      DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
+      DEPLOYER_APP_PRIVATE_KEY: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }}
@@ -5,41 +5,22 @@ on:
     branches: [ develop ]
 
 jobs:
-  deploy:
-    name: Deploy
-    runs-on: ubuntu-24.04-arm
-    env:
-      IMAGE_TAG: ${{ github.run_number }}
-      BUILD_NUMBER: ${{ github.run_number }}
-      ECR_REGISTRY: 405906814034.dkr.ecr.ap-northeast-2.amazonaws.com
-      ECR_REPOSITORY: snutt-dev/snutt-ev
-      ECR_BATCH_REPOSITORY: snutt-dev/snutt-ev-batch
+  deploy-api:
+    uses: ./.github/workflows/_deploy.yml
+    with:
+      ocir_repository: snutt-dev/snutt-ev
+      dockerfile: api/Dockerfile
+    secrets:
+      OCI_AUTH_TOKEN: ${{ secrets.OCI_AUTH_TOKEN }}
+      DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
+      DEPLOYER_APP_PRIVATE_KEY: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }}
 
-    steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: ap-northeast-2
-
-      - name: Login to ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v2
-
-      - name: Get and save Auth Token for CodeArtifact
-        id: get-save-codeartifact-auth-token
-        run: |
-          aws codeartifact get-authorization-token --domain wafflestudio --domain-owner 405906814034 --query authorizationToken --region ap-northeast-1 --output text > .codeartifact-auth-token
-
-      - name: Docker build, tag, and push image to ECR
-        id: build-image
-        run: |
-          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . --build-arg CODEARTIFACT_AUTH_TOKEN=$(cat .codeartifact-auth-token)
-          docker build -f Dockerfile-batch -t $ECR_REGISTRY/$ECR_BATCH_REPOSITORY:$IMAGE_TAG . --build-arg CODEARTIFACT_AUTH_TOKEN=$(cat .codeartifact-auth-token)
-          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-          docker push $ECR_REGISTRY/$ECR_BATCH_REPOSITORY:$IMAGE_TAG
-          echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
+  deploy-batch:
+    uses: ./.github/workflows/_deploy.yml
+    with:
+      ocir_repository: snutt-dev/snutt-ev-batch
+      dockerfile: batch/Dockerfile
+    secrets:
+      OCI_AUTH_TOKEN: ${{ secrets.OCI_AUTH_TOKEN }}
+      DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
+      DEPLOYER_APP_PRIVATE_KEY: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }}
@@ -0,0 +1,24 @@
+name: Deploy Manual
+
+on:
+  workflow_dispatch:
+    inputs:
+      ocir_repository:
+        description: 'OCIR 리포지토리 (예: snutt-dev/snutt-ev)'
+        required: true
+        type: string
+      dockerfile:
+        description: 'Dockerfile 경로 (예: api/Dockerfile, batch/Dockerfile)'
+        required: true
+        type: string
+
+jobs:
+  deploy:
+    uses: ./.github/workflows/_deploy.yml
+    with:
+      ocir_repository: ${{ inputs.ocir_repository }}
+      dockerfile: ${{ inputs.dockerfile }}
+    secrets:
+      OCI_AUTH_TOKEN: ${{ secrets.OCI_AUTH_TOKEN }}
+      DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
+      DEPLOYER_APP_PRIVATE_KEY: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }}
@@ -0,0 +1,41 @@
+name: Deploy-prod-native
+
+on:
+  push:
+    branches: [ main ]
+
+jobs:
+  deploy-api:
+    uses: ./.github/workflows/_deploy-native.yml
+    with:
+      ocir_repository: snutt-prod/snutt-ev
+      dockerfile: api/Dockerfile-native
+    secrets:
+      OCI_AUTH_TOKEN: ${{ secrets.OCI_AUTH_TOKEN }}
+      DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
+      DEPLOYER_APP_PRIVATE_KEY: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }}
+
+  deploy-batch:
+    uses: ./.github/workflows/_deploy-native.yml
+    with:
+      ocir_repository: snutt-prod/snutt-ev-batch
+      dockerfile: batch/Dockerfile-native
+    secrets:
+      OCI_AUTH_TOKEN: ${{ secrets.OCI_AUTH_TOKEN }}
+      DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
+      DEPLOYER_APP_PRIVATE_KEY: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }}
+
+  notify:
+    needs: [deploy-api, deploy-batch]
+    runs-on: ubuntu-latest
+    steps:
+      - name: Slack Notify
+        uses: rtCamp/action-slack-notify@v2.3.3
+        env:
+          SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }}
+          SLACK_CHANNEL: team-snutt-deploy
+          SLACK_TITLE: NEW RELEASE
+          SLACK_USERNAME: snutt-ev
+          SLACK_ICON: https://user-images.githubusercontent.com/35535636/103177470-2237cb00-48be-11eb-9211-3ffa567c8ac3.png
+          SLACK_MESSAGE: Check <https://argocd.wafflestudio.com|Argo CD> for updated environment
+          SLACK_FOOTER: https://snutt-ev-api.wafflestudio.com/swagger-ui/index.html
@@ -5,45 +5,30 @@ on:
     branches: [ main ]
 
 jobs:
-  deploy:
-    name: Deploy
-    runs-on: ubuntu-24.04-arm
-    env:
-      IMAGE_TAG: ${{ github.run_number }}
-      BUILD_NUMBER: ${{ github.run_number }}
-      ECR_REGISTRY: 405906814034.dkr.ecr.ap-northeast-2.amazonaws.com
-      ECR_REPOSITORY: snutt-prod/snutt-ev
-      ECR_BATCH_REPOSITORY: snutt-prod/snutt-ev-batch
-
+  deploy-api:
+    uses: ./.github/workflows/_deploy.yml
+    with:
+      ocir_repository: snutt-prod/snutt-ev
+      dockerfile: api/Dockerfile
+    secrets:
+      OCI_AUTH_TOKEN: ${{ secrets.OCI_AUTH_TOKEN }}
+      DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
+      DEPLOYER_APP_PRIVATE_KEY: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }}
+
+  deploy-batch:
+    uses: ./.github/workflows/_deploy.yml
+    with:
+      ocir_repository: snutt-prod/snutt-ev-batch
+      dockerfile: batch/Dockerfile
+    secrets:
+      OCI_AUTH_TOKEN: ${{ secrets.OCI_AUTH_TOKEN }}
+      DEPLOYER_APP_ID: ${{ secrets.DEPLOYER_APP_ID }}
+      DEPLOYER_APP_PRIVATE_KEY: ${{ secrets.DEPLOYER_APP_PRIVATE_KEY }}
+
+  notify:
+    needs: [deploy-api, deploy-batch]
+    runs-on: ubuntu-latest
     steps:
-      - name: Checkout
-        uses: actions/checkout@v4
-
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: ap-northeast-2
-
-      - name: Login to ECR
-        id: login-ecr
-        uses: aws-actions/amazon-ecr-login@v2
-
-      - name: Get and save Auth Token for CodeArtifact
-        id: get-save-codeartifact-auth-token
-        run: |
-          aws codeartifact get-authorization-token --domain wafflestudio --domain-owner 405906814034 --query authorizationToken --region ap-northeast-1 --output text > .codeartifact-auth-token
-
-      - name: Docker build, tag, and push image to ECR
-        id: build-image
-        run: |
-          docker build -t $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG . --build-arg CODEARTIFACT_AUTH_TOKEN=$(cat .codeartifact-auth-token)
-          docker build -f Dockerfile-batch -t $ECR_REGISTRY/$ECR_BATCH_REPOSITORY:$IMAGE_TAG . --build-arg CODEARTIFACT_AUTH_TOKEN=$(cat .codeartifact-auth-token)
-          docker push $ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG
-          docker push $ECR_REGISTRY/$ECR_BATCH_REPOSITORY:$IMAGE_TAG
-          echo "::set-output name=image::$ECR_REGISTRY/$ECR_REPOSITORY:$IMAGE_TAG"
-
       - name: Slack Notify
         uses: rtCamp/action-slack-notify@v2.3.3
         env:

@@ -14,12 +14,13 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Set up JDK 21
+      - name: Set up JDK 25
         uses: actions/setup-java@v4
         with:
-          java-version: '21'
+          java-version: '25'
           distribution: 'temurin'
 
       - name: Run Lint
         run: |
-          ./gradlew clean ktlintCheck
+          ./gradlew clean ktlintCheck -x compileKotlin -x compileTestKotlin \
+            -x compileJava -x processAot -x processTestAot
@@ -14,17 +14,10 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v4
 
-      - name: Configure AWS credentials
-        uses: aws-actions/configure-aws-credentials@v4
-        with:
-          aws-access-key-id: ${{ secrets.AWS_ACCESS_KEY_ID }}
-          aws-secret-access-key: ${{ secrets.AWS_SECRET_ACCESS_KEY }}
-          aws-region: ap-northeast-2
-
-      - name: Set up JDK 21
+      - name: Set up JDK 25
         uses: actions/setup-java@v4
         with:
-          java-version: '21'
+          java-version: '25'
           distribution: 'temurin'
 
       - name: Set up redis
@@ -33,5 +26,7 @@ jobs:
           redis-version: 6
 
       - name: Run Tests
+        env:
+          GITHUB_TOKEN: ${{ github.token }}
         run: |
-          ./gradlew clean test
+          ./gradlew clean test -x processAot -x processTestAot
@@ -0,0 +1,7 @@
+FROM container-registry.oracle.com/graalvm/jdk:25
+WORKDIR /app
+COPY . /app
+RUN microdnf install -y findutils --nodocs
+RUN --mount=type=secret,id=github_token GITHUB_TOKEN=$(cat /run/secrets/github_token) ./gradlew :api:bootJar
+EXPOSE 8080
+ENTRYPOINT java $JAVA_OPTS -jar api/build/libs/snuttev-api.jar